chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r13750] Fixed many problems with user headings - reported in FS#2068

Browse Source
skala
Yannick Warnier 18 years ago
parent 75106d3e1c
commit 91fda5cc88
2 changed files with 130 additions and 137 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 62
      main/user/userInfo.php
  2. 205
      main/user/userInfoLib.php

62
main/user/userInfo.php
Unescape View File

@ -42,7 +42,7 @@
==============================================================================
*/
$editMainUserInfo = $_REQUEST['editMainUserInfo'];
$uInfo = intval($_REQUEST['uInfo']);
$uInfo = strval(intval($_REQUEST['uInfo']));
// name of the language file that needs to be included
$language_file = array ('registration', 'userInfo');
@ -54,6 +54,7 @@ $this_section = SECTION_COURSES;
$nameTools = get_lang("Users");
api_protect_course_script();
//prepare variables used in userInfoLib.php functions
$TBL_USERINFO_DEF = Database :: get_course_table(TABLE_USER_INFO);
$TBL_USERINFO_CONTENT = Database :: get_course_table(TABLE_USER_INFO_CONTENT);
@ -104,12 +105,6 @@ $is_allowedToTrack = api_is_allowed_to_edit() && $_configuration['tracking_enabl
// Library connection
include ("userInfoLib.php");
// clean field submitted by the user
foreach ($_POST as $key => $value)
{
$$key = replace_dangerous_char($value);
}
/*
==============================================================================
FUNCTIONS
@ -126,54 +121,54 @@ $displayMode = "viewContentList";
if ($allowedToEditDef)
{
if ($submitDef)
if (!empty($_POST['submitDef']))
{
if ($id)
if (!empty($_POST['id']))
{
edit_cat_def($id, $title, $comment, $nbline);
edit_cat_def($_POST['id'], $_POST['title'], $_POST['comment'], $_POST['nbline']);
}
else
{
create_cat_def($title, $comment, $nbline);
create_cat_def($_POST['title'], $_POST['comment'], $_POST['nbline']);
}
$displayMode = "viewDefList";
}
elseif ($removeDef)
elseif (!empty($_GET['removeDef']))
{
remove_cat_def($removeDef, true);
remove_cat_def($_GET['removeDef'], true);
$displayMode = "viewDefList";
}
elseif ($editDef)
elseif (!empty($_GET['editDef']))
{
$displayMode = "viewDefEdit";
}
elseif (isset ($addDef))
elseif (!empty ($_POST['addDef']))
{
$displayMode = "viewDefEdit";
}
elseif ($moveUpDef)
elseif (!empty($_GET['moveUpDef']))
{
move_cat_rank($moveUpDef, "up");
move_cat_rank($_GET['moveUpDef'], "up");
$displayMode = "viewDefList";
}
elseif ($moveDownDef)
elseif (!empty($_GET['moveDownDef']))
{
move_cat_rank($moveDownDef, "down");
move_cat_rank($_GET['moveDownDef'], "down");
$displayMode = "viewDefList";
}
elseif ($viewDefList)
elseif (!empty($_POST['viewDefList']))
{
$displayMode = "viewDefList";
}
elseif ($editMainUserInfo)
elseif (!empty($_GET['editMainUserInfo']))
{
$userIdViewed = $editMainUserInfo;
$userIdViewed = strval(intval($_GET['editMainUserInfo']));
$displayMode = "viewMainInfoEdit";
}
elseif ($submitMainUserInfo)
elseif (!empty($_GET['submitMainUserInfo']))
{
$userIdViewed = $submitMainUserInfo;
$userIdViewed = strval(intval($_GET['submitMainUserInfo']));
$promoteCourseAdmin ? $userProperties['status'] = 1 : $userProperties['status'] = 5;
$promoteTutor ? $userProperties['tutor'] = 1 : $userProperties['tutor'] = 0;
@ -190,24 +185,24 @@ if ($allowedToEditDef)
if ($allowedToEditContent)
{
if ($submitContent)
if (isset($_POST['submitContent']))
{
if ($cntId) // submit a content change
if ($_POST['cntId']) // submit a content change
{
edit_cat_content($catId, $userIdViewer, $content, $REMOTE_ADDR);
edit_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']);
}
else // submit a totally new content
{
fill_new_cat_content($catId, $userIdViewer, $content, $REMOTE_ADDR);
{
fill_new_cat_content($_POST['catId'], $userIdViewed, $_POST['content'], $_SERVER['REMOTE_ADDR']);
}
$displayMode = "viewContentList";
}
elseif ($editContent)
elseif (!empty($_GET['editContent']))
{
$displayMode = "viewContentEdit";
$userIdViewed = $userIdViewer;
$userIdViewed = $userIdViewed;
}
}
@ -223,7 +218,7 @@ if ($displayMode == "viewDefEdit")
{
/*>>>>>>>>>>>> CATEGORIES DEFINITIONS : EDIT <<<<<<<<<<<<*/
$catToEdit = get_cat_def($editDef);
$catToEdit = get_cat_def($_GET['editDef']);
$edit_heading_form = new FormValidator('edit_heading_form');
$edit_heading_form->addElement('hidden', 'id');
$edit_heading_form->add_textfield('title', get_lang('Title'));
@ -281,8 +276,7 @@ elseif ($displayMode == "viewContentEdit")
{
/*>>>>>>>>>>>> CATEGORIES CONTENTS : EDIT <<<<<<<<<<<<*/
$catToEdit = get_cat_content($userIdViewed, $editContent);
$catToEdit = get_cat_content($userIdViewed, $_GET['editContent']);
$content_heading_form = new FormValidator('content_heading_form');
$content_heading_form->addElement('hidden', 'cntId');
$content_heading_form->addElement('hidden', 'catId');

205
main/user/userInfoLib.php
Unescape View File

@ -34,7 +34,7 @@
* create a new category definition for the user information
*
* @author - Hugues peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesch<EFBFBD> <gesche@ipm.ucl.ac.be>
* @param - string $title - category title
* @param - string $comment - title comment
* @param - int$nbline - lines number for the field the user will fill.
@ -43,29 +43,30 @@
function create_cat_def($title="", $comment="", $nbline="5")
{
global $TBL_USERINFO_DEF;
global $TBL_USERINFO_DEF; //taken from userInfo.php
$title = Database::escape_string(trim($title));
$comment = Database::escape_string(trim($comment));
$nbline = strval(intval($nbline));
if ( 0 == (int) $nbline || empty($title))
{
return false;
}
$sql = "SELECT MAX(`rank`) maxRank FROM ".$TBL_USERINFO_DEF."";
$sql = "SELECT MAX(rank) as maxRank FROM ".$TBL_USERINFO_DEF;
$result = api_sql_query($sql,__FILE__,__LINE__);
if ($result) $maxRank = mysql_fetch_array($result);
if ($result) $maxRank = Database::fetch_array($result);
$maxRank = $maxRank['maxRank'];
$thisRank = $maxRank + 1;
$title = trim($title);
$comment = trim($comment);
$sql = "INSERT INTO ".$TBL_USERINFO_DEF." SET
`title` = '$title',
`comment` = '$comment',
`line_count` = '$nbline',
`rank` = '$thisRank'";
$sql = "INSERT INTO $TBL_USERINFO_DEF SET
title = '$title',
comment = '$comment',
line_count = '$nbline',
rank = '$thisRank'";
api_sql_query($sql,__FILE__,__LINE__);
@ -76,7 +77,7 @@ function create_cat_def($title="", $comment="", $nbline="5")
* modify the definition of a user information category
*
* @author - Hugues peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesch<EFBFBD> <gesche@ipm.ucl.ac.be>
* @param - int $id - id of the category
* @param - string $title - category title
* @param - string $comment - title comment
@ -88,19 +89,20 @@ function edit_cat_def($id, $title, $comment, $nbline)
{
global $TBL_USERINFO_DEF;
if ( 0 == (int) $nbline || 0 == (int) $id )
if ( 0 == $nbline || 0 == $id )
{
return false;
}
$title = trim($title);
$comment = trim($comment);
$id = strval(intval($id)); //make sure id is integer
$title = Database::escape_string(trim($title));
$comment = Database::escape_string(trim($comment));
$nbline = strval(intval($nbline));
$sql = "UPDATE ".$TBL_USERINFO_DEF." SET
`title` = '$title',
`comment` = '$comment',
`line_count` = '$nbline'
title = '$title',
comment = '$comment',
line_count = '$nbline'
WHERE id = '$id'";
api_sql_query($sql,__FILE__,__LINE__);
return true;
@ -110,7 +112,7 @@ function edit_cat_def($id, $title, $comment, $nbline)
* remove a category from the category list
*
* @author - Hugues peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
*
* @param - int $id - id of the category
* or "ALL" for all category
@ -124,31 +126,24 @@ function edit_cat_def($id, $title, $comment, $nbline)
function remove_cat_def($id, $force = false)
{
global $TBL_USERINFO_CONTENT, $TBL_USERINFO_DEF;
$id = strval(intval($id));
if ( (0 == (int) $id || $id == "ALL") || ! is_bool($force))
{
return false;
}
if ( $id != "ALL")
{
$sqlCondition = " WHERE id = '$id'";
} else {
$sqlCondition = "";
}
$sqlCondition = " WHERE id = '$id'";
if ($force == false)
{
$sql = "SELECT * FROM ".$TBL_USERINFO_CONTENT." ".$sqlCondition;
$sql = "SELECT * FROM $TBL_USERINFO_CONTENT $sqlCondition";
$result = api_sql_query($sql,__FILE__,__LINE__);
if ( mysql_num_rows($result) > 0)
if ( Database::num_rows($result) > 0)
{
return false;
}
}
$sql = "DELETE FROM ".$TBL_USERINFO_DEF." ".$sqlCondition;
$sql = "DELETE FROM $TBL_USERINFO_DEF $sqlCondition";
api_sql_query($sql,__FILE__,__LINE__);
}
@ -156,7 +151,7 @@ function remove_cat_def($id, $force = false)
* move a category in the category list
*
* @author - Hugues peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesch<EFBFBD> <gesche@ipm.ucl.ac.be>
*
* @param - int $id - id of the category
* @param - direction "up" or "down" :
@ -169,22 +164,23 @@ function remove_cat_def($id, $force = false)
function move_cat_rank($id, $direction) // up & down.
{
global $TBL_USERINFO_DEF;
$id = strval(intval($id));
if ( 0 == (int) $id || ! ($direction == "up" || $direction == "down") )
{
return false;
}
$sql = "SELECT rank FROM ".$TBL_USERINFO_DEF." WHERE id = '$id'";
$sql = "SELECT rank FROM $TBL_USERINFO_DEF WHERE id = '$id'";
$result = api_sql_query($sql,__FILE__,__LINE__);
if (mysql_num_rows($result) < 1)
if (Database::num_rows($result) < 1)
{
return false;
}
$cat = mysql_fetch_array($result);
$rank = (int) $cat["rank"];
$cat = Database::fetch_array($result);
$rank = (int) $cat['rank'];
return move_cat_rank_by_rank($rank, $direction);
}
@ -192,7 +188,7 @@ function move_cat_rank($id, $direction) // up & down.
* move a category in the category list
*
* @author - Hugues peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
*
* @param - int $rank - actual rank of the category
* @param - direction "up" or "down" :
@ -228,13 +224,13 @@ function move_cat_rank_by_rank($rank, $direction) // up & down.
$result = api_sql_query($sql,__FILE__,__LINE__);
if (mysql_num_rows($result) < 2)
if (Database::num_rows($result) < 2)
{
return false;
}
$thisCat = mysql_fetch_array($result);
$nextCat = mysql_fetch_array($result);
$thisCat = Database::fetch_array($result);
$nextCat = Database::fetch_array($result);
$sql1 = "UPDATE ".$TBL_USERINFO_DEF." SET rank ='".$nextCat['rank'].
"' WHERE id = '".$thisCat['id']."'";
@ -259,15 +255,19 @@ function move_cat_rank_by_rank($rank, $direction) // up & down.
function update_user_course_properties($user_id, $course_code, $properties)
{
global $tbl_coursUser,$_user;
$sqlChangeStatus = "";
if ($user_id != $_user['user_id'])
$sqlChangeStatus = "`status` = '".$properties['status']."',";
$sqlChangeStatus = "";
$user_id = strval(intval($user_id));//filter integer
$course_code = Database::escape_string($course_code);
if ($user_id != $_user['user_id'])
{
$sqlChangeStatus = "status = '".$properties['status']."',";
}
$result = api_sql_query("UPDATE $tbl_coursUser
SET `role` = '".$properties['role']."',
SET role = '".$properties['role']."',
".$sqlChangeStatus."
`tutor_id` = '".$properties['tutor']."'
WHERE `user_id` = '".$user_id."'
AND `course_code` = '".$course_code."'",__FILE__,__LINE__);
tutor_id = '".$properties['tutor']."'
WHERE user_id = '".$user_id."'
AND course_code = '".$course_code."'",__FILE__,__LINE__);
if (mysql_affected_rows() > 0)
{
@ -295,7 +295,7 @@ function update_user_course_properties($user_id, $course_code, $properties)
* fill a bloc for information category
*
* @author - Hugues peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
* @param - $definition_id,
* @param - $user_id,
* @param - $user_ip,
@ -309,14 +309,14 @@ function fill_new_cat_content($definition_id, $user_id, $content="", $user_ip=""
if (empty($user_ip))
{
global $REMOTE_ADDR;
$user_ip = $REMOTE_ADDR;
$user_ip = $_SERVER['REMOTE_ADDR'];
}
$definition_id = strval(intval($definition_id));
$user_id = strval(intval($user_id));
$content = Database::escape_string(trim($content));
$user_ip = Database::escape_string(trim($user_ip));
$content = trim($content);
if ( 0 == (int) $definition_id || 0 == (int) $user_id || $content == "")
if ( 0 == $definition_id || 0 == $user_id || $content == "")
{
// Here we should introduce an error handling system...
@ -326,68 +326,65 @@ function fill_new_cat_content($definition_id, $user_id, $content="", $user_ip=""
// Do not create if already exist
$sql = "SELECT id FROM ".$TBL_USERINFO_CONTENT."
WHERE `definition_id` = '$definition_id'
AND `user_id` = '$user_id'";
WHERE definition_id = '$definition_id'
AND user_id = '$user_id'";
$result = api_sql_query($sql,__FILE__,__LINE__);
if (mysql_num_rows($result) > 0)
if (Database::num_rows($result) > 0)
{
return false;
}
$sql = "INSERT INTO ".$TBL_USERINFO_CONTENT." SET
`content` = '$content',
`definition_id` = '$definition_id',
`user_id` = '$user_id',
`editor_ip` = '$user_ip',
`edition_time` = now()";
content = '$content',
definition_id = '$definition_id',
user_id = '$user_id',
editor_ip = '$user_ip',
edition_time = now()";
api_sql_query($sql,__FILE__,__LINE__);
return true;
}
/**
* edit a bloc for information category
* Edit a bloc for information category
*
* @author - Hugues peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
* @param - $definition_id,
* @param - $user_id,
* @param - $user_ip, DEFAULT $REMOTE_ADDR
* @param - $content ; if empty call delete the bloc
* @return - boolean true if succeed, else bolean false
*/
function edit_cat_content($definition_id, $user_id, $content ="", $user_ip="")
{
global $TBL_USERINFO_CONTENT;
$definition_id = strval(intval($definition_id));
$user_id = strval(intval($user_id));
$content = Database::escape_string(trim($content));
if (empty($user_ip))
{
global $REMOTE_ADDR;
$user_ip = $REMOTE_ADDR;
$user_ip = $_SERVER['REMOTE_ADDR'];
}
$user_ip = Database::escape_string($user_ip);
if (0 == (int) $user_id || 0 == (int) $definition_id)
if (0 == $user_id || 0 == $definition_id)
{
return false;
}
$content = trim($content);
if ( trim($content) == "")
if ( $content == "")
{
return cleanout_cat_content($user_id, $definition_id);
}
$sql= "UPDATE ".$TBL_USERINFO_CONTENT." SET
`content` = '$content',
`editor_ip` = '$user_ip',
`edition_time` = now()
content = '$content',
editor_ip = '$user_ip',
edition_time = now()
WHERE definition_id = '$definition_id' AND user_id = '$user_id'";
api_sql_query($sql,__FILE__,__LINE__);
@ -399,7 +396,7 @@ function edit_cat_content($definition_id, $user_id, $content ="", $user_ip="")
* clean the content of a bloc for information category
*
* @author - Hugues peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
* @param - $definition_id,
* @param - $user_id
* @return - boolean true if succeed, else bolean false
@ -408,8 +405,10 @@ function edit_cat_content($definition_id, $user_id, $content ="", $user_ip="")
function cleanout_cat_content($user_id, $definition_id)
{
global $TBL_USERINFO_CONTENT;
$user_id = strval(intval($user_id));
$definition_id = strval(intval($definition_id));
if (0 == (int) $user_id || 0 == (int) $definition_id)
if (0 == $user_id || 0 == $definition_id)
{
return false;
}
@ -431,7 +430,7 @@ function cleanout_cat_content($user_id, $definition_id)
/**
* get the user info from the user id
* @author - Hugues Peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
* @param - int $user_id user id as stored in the Dokeos main db
* @return - array containg user info sort by categories rank
* each rank contains 'title', 'comment', 'content', 'cat_id'
@ -450,9 +449,9 @@ function get_course_user_info($user_id)
$result = api_sql_query($sql,__FILE__,__LINE__);
if (mysql_num_rows($result) > 0)
if (Database::num_rows($result) > 0)
{
while ($userInfo = mysql_fetch_array($result, MYSQL_ASSOC))
while ($userInfo = Database::fetch_array($result, 'ASSOC'))
{
$userInfos[]=$userInfo;
}
@ -468,7 +467,7 @@ function get_course_user_info($user_id)
/**
* get the main user information
* @author - Hugues Peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
* @param - int $user_id user id as stored in the Dokeos main db
* @return - array containing user info as 'lastName', 'firstName'
* 'email', 'role'
@ -476,7 +475,9 @@ function get_course_user_info($user_id)
function get_main_user_info($user_id, $courseCode)
{
if (0 == (int) $user_id)
$user_id = strval(intval($user_id));
$courseCode = Database::escape_string($courseCode);
if (0 == $user_id)
{
return false;
}
@ -486,7 +487,7 @@ function get_main_user_info($user_id, $courseCode)
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT u.*, u.lastname lastName, u.firstname firstName,
u.email, u.picture_uri picture, cu.role,
cu.`status` `status`, cu.tutor_id
cu.status status, cu.tutor_id
FROM $table_user u, $table_course_user cu
WHERE u.user_id = cu.user_id
AND u.user_id = '$user_id'
@ -494,9 +495,9 @@ function get_main_user_info($user_id, $courseCode)
$result = api_sql_query($sql,__FILE__,__LINE__);
if (mysql_num_rows($result) > 0)
if (Database::num_rows($result) > 0)
{
$userInfo = mysql_fetch_array($result, MYSQL_ASSOC);
$userInfo = Database::fetch_array($result, 'ASSOC');
$userInfo['password']='';
return $userInfo;
}
@ -510,7 +511,7 @@ function get_main_user_info($user_id, $courseCode)
/**
* get the user content of a categories plus the categories definition
* @author - Hugues Peeters <peeters@ipm.ucl.ac.be>
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
* @param - int $userId - id of the user
* @param - int $catId - id of the categories
* @return - array containing 'catId', 'title', 'comment',
@ -521,6 +522,8 @@ function get_cat_content($userId, $catId)
{
global $TBL_USERINFO_CONTENT, $TBL_USERINFO_DEF;
$userId = strval(intval($userId));
$catId = strval(intval($catId));
$sql = "SELECT cat.id catId, cat.title,
cat.comment , cat.line_count,
content.id contentId, content.content
@ -528,12 +531,11 @@ function get_cat_content($userId, $catId)
ON cat.id = content.definition_id
AND content.user_id = '$userId'
WHERE cat.id = '$catId' ";
$result = api_sql_query($sql,__FILE__,__LINE__);
if (mysql_num_rows($result) > 0)
if (Database::num_rows($result) > 0)
{
$catContent = mysql_fetch_array($result, MYSQL_ASSOC);
$catContent = Database::fetch_array($result, 'ASSOC');
$catContent['nbline'] = $catContent['line_count'];
return $catContent;
}
@ -545,24 +547,23 @@ function get_cat_content($userId, $catId)
/**
* get the definition of a category
*
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
* @author - Hugues Peeters <peeters@ipm.ucl.ac.be>
* @param - int $catId - id of the categories
* @return - array containing 'id', 'title', 'comment', and 'nbline',
*/
function get_cat_def($catId)
{
global $TBL_USERINFO_DEF;
$catId = strval(intval($catId));
$sql = "SELECT id, title, comment, line_count, rank FROM ".$TBL_USERINFO_DEF." WHERE id = '$catId'";
$result = api_sql_query($sql,__FILE__,__LINE__);
if (mysql_num_rows($result) > 0)
if (Database::num_rows($result) > 0)
{
$catDef = mysql_fetch_array($result, MYSQL_ASSOC);
$catDef = Database::fetch_array($result, 'ASSOC');
$catDef['nbline'] = $catDef['line_count'];
return $catDef;
}
@ -574,14 +575,12 @@ function get_cat_def($catId)
/**
* get list of all this course categories
*
* @author - Christophe Gesché <gesche@ipm.ucl.ac.be>
* @author - Christophe Gesche <gesche@ipm.ucl.ac.be>
* @author - Hugues Peeters <peeters@ipm.ucl.ac.be>
* @return - array containing a list of arrays.
* And each of these arrays contains
* 'catId', 'title', 'comment', and 'nbline',
*/
function get_cat_def_list()
{
global $TBL_USERINFO_DEF;
@ -592,9 +591,9 @@ function get_cat_def_list()
$result = api_sql_query($sql,__FILE__,__LINE__);
if (mysql_num_rows($result) > 0)
if (Database::num_rows($result) > 0)
{
while ($cat_def = mysql_fetch_array($result, MYSQL_ASSOC))
while ($cat_def = Database::fetch_array($result, 'ASSOC'))
{
$cat_def_list[]=$cat_def;
}

Write Preview
Loading…
Cancel
Save