diff --git a/main/forum/forumfunction.inc.php b/main/forum/forumfunction.inc.php index a58f780848..591a5ef7ab 100644 --- a/main/forum/forumfunction.inc.php +++ b/main/forum/forumfunction.inc.php @@ -3800,8 +3800,12 @@ function get_thread_user_post($course_db, $thread_id, $user_id ) $threads = get_threads($forum['forum_id']); if (is_array($threads)) { echo '
'; - echo Display::return_icon('forum.gif'); - echo $forum['forum_title']; + /*echo Display::return_icon('forum.gif'); + echo $forum['forum_title'];*/ + $my_course_db=explode('_',$course_db); + $my_course_code=$my_course_db[1]; + echo '

'; + echo '
'.Display::return_icon('forum.gif').'    '.$forum['forum_title'].'        
'.get_lang('SeeForum').'
'; echo '
'; echo '
'; $i=0; foreach($threads as $thread) { diff --git a/main/inc/lib/blog.lib.php b/main/inc/lib/blog.lib.php index e758741d9b..3bc791ba12 100644 --- a/main/inc/lib/blog.lib.php +++ b/main/inc/lib/blog.lib.php @@ -2863,9 +2863,13 @@ function get_blog_post_from_user($course_db_name, $user_id) { ORDER BY post.date_creation DESC "; $result = api_sql_query($sql, __FILE__, __LINE__); $return_data = ''; + $my_course_info=explode('_',$course_db_name); if (Database::num_rows($result)!=0) { while ($row=Database::fetch_array($result)) { - $return_data.= ''.$row['title'].''; echo '
'; + $return_data.= '

'; + $return_data.= '
'.$row['title'].'        
'.get_lang('SeeBlog').'
'; + $return_data.= '
'; + //$return_data.= ''.$row['title'].''; echo '
'; $return_data.= $row['full_text']; $return_data.= '

'; } @@ -2889,9 +2893,13 @@ function get_blog_comment_from_user($course_db_name, $user_id) { ORDER BY blog_name"; $result = api_sql_query($sql, __FILE__, __LINE__); $return_data = ''; + $my_course_info=explode('_',$course_db_name); if (Database::num_rows($result)!=0) { - while ($row=Database::fetch_array($result)) { - $return_data.= ''.$row['title'].''; echo '
'; + while ($row=Database::fetch_array($result)) { + $return_data.= '

'; + $return_data.= '
'.$row['title'].'        
'.get_lang('SeeBlog').'
'; + $return_data.= '
'; + //$return_data.= ''.$row['title'].''; echo '
';*/ $return_data.= $row['comment']; $return_data.= '
'; } diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php index f34582c0fe..5dd413e775 100644 --- a/main/inc/lib/main_api.lib.php +++ b/main/inc/lib/main_api.lib.php @@ -14,6 +14,7 @@ Copyright (c) Olivier Brouckaert Copyright (c) Toon Van Hoecke Copyright (c) Denes Nagy + Copyright (c) Isaac Flores For a full list of contributors, see "credits.txt". The full license can be read in "license.txt". @@ -3186,6 +3187,9 @@ if ( !function_exists('sys_get_temp_dir') ) } } } +/** + * This function allow know when request sent is XMLHttpRequest + */ function api_is_xml_http_request() { if ($_SERVER['HTTP_X_REQUESTED_WITH']=='XMLHttpRequest') { return true; @@ -3230,3 +3234,19 @@ function api_is_valid_secret_key($original_key_secret,$segurity_key) { return false; } } + +/** + * Check if a user is into course + * @param string $course_id - the course id + * @param string $user_id - the user id + */ +function api_is_user_of_course ($course_id,$user_id) { + $tbl_course_rel_user=Database :: get_main_table(TABLE_MAIN_COURSE_USER); + $sql='SELECT user_id FROM '.$tbl_course_rel_user.' WHERE course_code="'.Database::escape_string($course_id).'" AND user_id="'.Database::escape_string($user_id).'"'; + $result=api_sql_query($sql,__FILE__,__LINE__); + if (Database::num_rows($result)==1) { + return true; + } else { + return false; + } +} \ No newline at end of file diff --git a/main/messages/send_message_to_userfriend.inc.php b/main/messages/send_message_to_userfriend.inc.php index 3105a6011e..65b3f982d6 100755 --- a/main/messages/send_message_to_userfriend.inc.php +++ b/main/messages/send_message_to_userfriend.inc.php @@ -39,7 +39,8 @@ if (api_get_setting('allow_message_tool')<>'true' && api_get_setting('allow_soci if ( isset($_REQUEST['user_friend']) ) { $info_user_friend=array(); $info_path_friend=array(); - $userfriend_id=$_REQUEST['user_friend']; + $userfriend_id=Security::remove_XSS($_REQUEST['user_friend']); + $panel=Security::remove_XSS($_REQUEST['view_panel']); $info_user_friend=api_get_user_info($userfriend_id); $info_path_friend=UserManager::get_user_picture_path_by_id($userfriend_id,'web',false,true); } @@ -81,8 +82,24 @@ if (api_get_setting('allow_message_tool')<>'true' && api_get_setting('allow_soci ?> -
+  :     +
:
+
:
+     + + + +
+ + diff --git a/main/social/data_personal.inc.php b/main/social/data_personal.inc.php index 26e462ee2e..46cae13b3f 100755 --- a/main/social/data_personal.inc.php +++ b/main/social/data_personal.inc.php @@ -40,41 +40,53 @@ if (isset($_POST['load_ajax'])) { $course_db = $_POST['course_code']; // @todo goto the course link //echo ''.get_lang('GotoCourse').''; - - //------Forum messages - api_display_tool_title(get_lang('Forum')); - //print_r($course); - $table_forums = Database :: get_course_table(TABLE_FORUM,$course_db); - $table_threads = Database :: get_course_table(TABLE_FORUM_THREAD,$course_db); - $table_posts = Database :: get_course_table(TABLE_FORUM_POST,$course_db); - $table_item_property = Database :: get_course_table(TABLE_ITEM_PROPERTY,$course_db); - $table_users = Database :: get_main_table(TABLE_MAIN_USER); - - //------Forum messages - echo '
'; - get_all_post_from_user($user_id, $course_db); - echo '
'; - echo '
'; - - //------Blog posts - - $result = get_blog_post_from_user($course_db, $user_id); - if (!empty($result)) { - api_display_tool_title(get_lang('BlogPosts')); - echo '
'; - echo $result; - echo '
'; - echo '
'; - } - - //------Blog comments - $result = get_blog_comment_from_user($course_db, $user_id); - if (!empty($result)) { - api_display_tool_title(get_lang('BlogComments')); - echo '
'; - echo $result; - echo '
'; - echo '
'; + $my_course_info_db=explode('_',$course_db); + $course_id=$my_course_info_db[1]; + if (api_is_user_of_course($course_id,api_get_user_id())) { + //------Forum messages + api_display_tool_title(get_lang('Forum')); + //print_r($course); + $table_forums = Database :: get_course_table(TABLE_FORUM,$course_db); + $table_threads = Database :: get_course_table(TABLE_FORUM_THREAD,$course_db); + $table_posts = Database :: get_course_table(TABLE_FORUM_POST,$course_db); + $table_item_property = Database :: get_course_table(TABLE_ITEM_PROPERTY,$course_db); + $table_users = Database :: get_main_table(TABLE_MAIN_USER); + + //------Forum messages + echo '
'; + get_all_post_from_user($user_id, $course_db); + echo '
'; + echo '
'; + + //------Blog posts + + $result = get_blog_post_from_user($course_db, $user_id); + if (!empty($result)) { + echo '

'; + api_display_tool_title(get_lang('BlogPosts')); + echo '
'; + echo $result; + echo '
'; + echo '
'; + } + + //------Blog comments + $result = get_blog_comment_from_user($course_db, $user_id); + if (!empty($result)) { + api_display_tool_title(get_lang('BlogComments')); + echo '
'; + echo $result; + echo '
'; + echo '
'; + } + } else { + echo '

'; + api_display_tool_title(get_lang('Details')); + echo '
'; + echo get_lang('UserNonRegisteredAtTheCourse'); + echo '

'; + echo '
'; + echo '

'; } break; case 'unload_course' : diff --git a/main/social/profile.php b/main/social/profile.php index 55fc0fd3d2..6318fde934 100644 --- a/main/social/profile.php +++ b/main/social/profile.php @@ -99,19 +99,21 @@ function toogle_function (element_html, course_code){ id_button="#btn_"+id_elem[1]; elem_src=$(id_button).attr("src"); image_show=elem_src.split("/"); - my_image=image_show[2]; + my_image=image_show[2]; + var content = \'social_content\' + id_elem[1]; if (my_image=="nolines_plus.gif") { - $(ident).hide("slow"); - $(id_button).attr("src","../img/nolines_minus.gif"); var action = "load_course"; + $(id_button).attr("src","../img/nolines_minus.gif"); var action = "load_course"; + $("div#"+content).show("slow"); } else { - $(ident).show("slow"); + $("div#"+content).hide("slow"); $(id_button).attr("src","../img/nolines_plus.gif"); var action = "unload"; + return false; } - var content = \'social_content\' + id_elem[1]; + $.ajax({ contentType: "application/x-www-form-urlencoded", beforeSend: function(objeto) { - $("#id_response").html("'.get_lang('Loading').'"); }, + $("div#"+content).html(""); }, type: "POST", url: "../social/data_personal.inc.php", data: "load_ajax="+id_elem+"&action="+action+"&course_code="+course_code, @@ -134,7 +136,7 @@ function change_panel (mypanel_id,myuser_id) { $.ajax({ contentType: "application/x-www-form-urlencoded", beforeSend: function(objeto) { - $("#id_content_panel").html("'.get_lang('Loading').'"); }, + $("#id_content_panel").html(""); }, type: "POST", url: "../messages/send_message.php", data: "panel_id="+mypanel_id+"&user_id="+myuser_id, @@ -160,7 +162,7 @@ function action_database_panel (option_id,myuser_id) { $.ajax({ contentType: "application/x-www-form-urlencoded", beforeSend: function(objeto) { - $("#display_response_id").html("'.get_lang('Loading').'"); }, + $("#display_response_id").html(""); }, type: "POST", url: "../messages/send_message.php", data: "panel_id="+option_id+"&user_id="+myuser_id+"&txt_subject="+my_txt_subject+"&txt_content="+my_txt_content, @@ -193,7 +195,7 @@ function register_friend(element_input) { $.ajax({ contentType: "application/x-www-form-urlencoded", beforeSend: function(objeto) { - $("#id_response").html("'.get_lang('Loading').'"); }, + $("div#dpending_"+user_friend_id).html(""); }, type: "POST", url: "../social/register_friend.php", data: "friend_id="+user_friend_id+"&is_my_friend="+"friend", @@ -258,6 +260,7 @@ function get_logged_user_course_html($my_course, $count) { $course_teacher = $my_course['t']; $course_teacher_email = isset($my_course['email'])?$my_course['email']:''; $course_info = Database :: get_course_info($course_system_code); + //error_log(print_r($course_info,true)); $course_access_settings = CourseManager :: get_access_settings($course_system_code); $course_visibility = $course_access_settings['visibility']; @@ -284,7 +287,6 @@ function get_logged_user_course_html($my_course, $count) { $course_display_title = $course_title; $course_display_code = $course_visual_code; } - $s_course_status=$my_course['s']; $s_htlm_status_icon=""; @@ -306,7 +308,7 @@ function get_logged_user_course_html($my_course, $count) { //show a hyperlink to the course, unless the course is closed and user is not course admin if ($course_visibility != COURSE_VISIBILITY_CLOSED || $user_in_course_status == COURSEMANAGER) { - $result .= ' '.$course_title.''; + $result .= ' '.$course_title.''; /* if(api_get_setting('use_session_mode')=='true' && !$nosession) { if(empty($my_course['id_session'])) { @@ -345,7 +347,6 @@ function get_logged_user_course_html($my_course, $count) { $current_course_settings = CourseManager :: get_access_settings($my_course['k']); // display the what's new icons // $result .= show_notification($my_course); - if ((CONFVAL_showExtractInfo == SCRIPTVAL_InCourseList || CONFVAL_showExtractInfo == SCRIPTVAL_Both) && $nbDigestEntries > 0) { reset($digest); $result .= '