diff --git a/main/announcements/announcements.php b/main/announcements/announcements.php index 4c5523a13e..e0bf6aac79 100644 --- a/main/announcements/announcements.php +++ b/main/announcements/announcements.php @@ -268,7 +268,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed $id = intval($_GET['id']); if (!api_is_course_coach() || api_is_element_in_the_session(TOOL_ANNOUNCEMENT, $id)) { - $sql="SELECT * FROM $tbl_announcement WHERE id = '$id'"; + $sql="SELECT * FROM $tbl_announcement WHERE c_id = $course_id AND id = '$id'"; $rs = Database::query($sql); $myrow = Database::fetch_array($rs); $last_id = $id; @@ -332,8 +332,8 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed if ($thisAnnouncementOrderFound) { $nextAnnouncementId = $announcementId; $nextAnnouncementOrder = $announcementOrder; - Database::query("UPDATE $tbl_announcement SET display_order = '$nextAnnouncementOrder' WHERE id = '$thisAnnouncementId'"); - Database::query("UPDATE $tbl_announcement SET display_order = '$thisAnnouncementOrder' WHERE id = '$nextAnnouncementId.'"); + Database::query("UPDATE $tbl_announcement SET display_order = '$nextAnnouncementOrder' WHERE c_id = $course_id AND id = '$thisAnnouncementId'"); + Database::query("UPDATE $tbl_announcement SET display_order = '$thisAnnouncementOrder' WHERE c_id = $course_id AND id = '$nextAnnouncementId.'"); break; } // STEP 1 : FIND THE ORDER OF THE ANNOUNCEMENT @@ -383,7 +383,8 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed if ($ctok == $_POST['sec_token']) { //if (!$surveyid) { - $result = Database::query("SELECT MAX(display_order) FROM $tbl_announcement WHERE session_id=".api_get_session_id()." OR session_id=0"); + $sql = "SELECT MAX(display_order) FROM $tbl_announcement WHERE c_id = $course_id AND (session_id=".api_get_session_id()." OR session_id=0)"; + $result = Database::query($sql); list($orderMax) = Database::fetch_row($result); $order = $orderMax + 1; $file = $_FILES['user_upload']; @@ -472,7 +473,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed // send attachment file $data_file = array(); - $sql = 'SELECT path, filename FROM '.$tbl_announcement_attachment.' WHERE announcement_id = "'.$insert_id.'"'; + $sql = 'SELECT path, filename FROM '.$tbl_announcement_attachment.' WHERE c_id = '.$course_id.' AND announcement_id = "'.$insert_id.'"'; $rs_attach = Database::query($sql); if (Database::num_rows($rs_attach) > 0) { $row_attach = Database::fetch_array($rs_attach); diff --git a/main/course_description/index.php b/main/course_description/index.php index 19f8f6f11f..29a5755218 100644 --- a/main/course_description/index.php +++ b/main/course_description/index.php @@ -62,27 +62,26 @@ $course_description_controller = new CourseDescriptionController(); // distpacher actions to controller switch ($action) { case 'listing': - $course_description_controller->listing(); - break; + $course_description_controller->listing(); + break; case 'history': - $course_description_controller->listing(true); - break; + $course_description_controller->listing(true); + break; case 'add' : - if (api_is_allowed_to_edit(null,true)) { - $course_description_controller->add(); - } - break; + if (api_is_allowed_to_edit(null,true)) { + $course_description_controller->add(); + } + break; case 'edit' : - if (api_is_allowed_to_edit(null,true)) { - $course_description_controller->edit($description_type); - } - break; + if (api_is_allowed_to_edit(null,true)) { + $course_description_controller->edit($description_type); + } + break; case 'delete' : - if (api_is_allowed_to_edit(null,true)) { - $course_description_controller->destroy($description_type); - } - break; + if (api_is_allowed_to_edit(null,true)) { + $course_description_controller->destroy($description_type); + } + break; default : - $course_description_controller->listing(); -} -?> \ No newline at end of file + $course_description_controller->listing(); +} \ No newline at end of file diff --git a/main/exercice/question_create.php b/main/exercice/question_create.php index 4659d6ee4e..e3cdfc6e51 100644 --- a/main/exercice/question_create.php +++ b/main/exercice/question_create.php @@ -14,7 +14,6 @@ $language_file='exercice'; require_once '../inc/global.inc.php'; // including additional libraries -require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php'; require_once 'question.class.php'; require_once 'exercise.class.php'; @@ -56,7 +55,7 @@ while ($row = Database :: fetch_array($result)) { $form->addElement('select', 'exercice', get_lang('Exercice'), $exercises); // generate default content -$form->addElement('checkbox', 'is_content', get_lang('DefaultContent'), null, array('checked' => true)); +$form->addElement('checkbox', 'is_content', null, get_lang('DefaultContent'), array('checked' => true)); // the submit button $form->addElement('style_submit_button', 'SubmitCreateQuestion', get_lang('CreateQuestion'), 'class="add"'); diff --git a/main/inc/ajax/course_home.ajax.php b/main/inc/ajax/course_home.ajax.php old mode 100755 new mode 100644 index 54c37d1a84..1de57c6389 --- a/main/inc/ajax/course_home.ajax.php +++ b/main/inc/ajax/course_home.ajax.php @@ -7,13 +7,14 @@ $action = $_GET['a']; $now = time(); + switch ($action) { case 'set_visibility': require_once '../global.inc.php'; + $course_id = api_get_course_int_id(); if (api_is_allowed_to_edit(null,true)) { - $tool_table = Database::get_course_table(TABLE_TOOL_LIST); - $tool_id = Security::remove_XSS($_GET["id"]); - $tool_info = api_get_tool_information($tool_id); + $tool_table = Database::get_course_table(TABLE_TOOL_LIST); + $tool_info = api_get_tool_information($_GET["id"]); $tool_visibility = $tool_info['visibility']; $tool_image = $tool_info['image']; if (api_get_setting('homepage_view') != 'activity_big') { @@ -54,7 +55,7 @@ switch ($action) { } else $sql="UPDATE $tool_table SET visibility=$requested_visible WHERE id='".$_GET["id"]."'"; */ - $sql="UPDATE $tool_table SET visibility=$requested_visible WHERE id='".intval($_GET['id'])."'"; + $sql="UPDATE $tool_table SET visibility=$requested_visible WHERE c_id = $course_id AND id='".intval($_GET['id'])."'"; Database::query($sql); } $response_data = array( diff --git a/main/inc/lib/course_description.lib.php b/main/inc/lib/course_description.lib.php index 3ca3df544a..2ff661866f 100644 --- a/main/inc/lib/course_description.lib.php +++ b/main/inc/lib/course_description.lib.php @@ -10,9 +10,6 @@ /** * Code */ -require_once(dirname(__FILE__).'/course.lib.php'); -require_once(dirname(__FILE__).'/database.lib.php'); - /** * CourseDescription can be used to instanciate objects or as a library to manage course descriptions * @package chamilo.course_description @@ -39,12 +36,14 @@ class CourseDescription */ public static function get_descriptions($course_id) { // Get course code - $course_id = (int)$course_id; - $course_code = CourseManager::get_course_code_from_course_id($course_id); - // Get course info - $course_info = CourseManager::get_course_information($course_code); - $t_course_desc = Database::get_course_table(TABLE_COURSE_DESCRIPTION, $course_info['db_name']); - $sql = "SELECT * FROM $t_course_desc WHERE session_id = '0';"; + $course_info = api_get_course_info_by_id($course_id); + if (!empty($course_info)) { + $course_id = $course_info['real_id']; + } else { + return array(); + } + $t_course_desc = Database::get_course_table(TABLE_COURSE_DESCRIPTION); + $sql = "SELECT * FROM $t_course_desc WHERE c_id = $course_id AND session_id = '0';"; $sql_result = Database::query($sql); $results = array(); while($row = Database::fetch_array($sql_result)) { @@ -68,8 +67,9 @@ class CourseDescription */ public function get_description_data() { $tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION); - $condition_session = api_get_session_condition($this->session_id, false, true); - $sql = "SELECT * FROM $tbl_course_description $condition_session ORDER BY id "; + $condition_session = api_get_session_condition($this->session_id, true, true); + $course_id = api_get_course_int_id(); + $sql = "SELECT * FROM $tbl_course_description WHERE c_id = $course_id $condition_session ORDER BY id "; $rs = Database::query($sql); $data = array(); while ($description = Database::fetch_array($rs)) { @@ -120,8 +120,8 @@ class CourseDescription * @return array */ public function get_data_by_description_type($description_type, $course_code = '', $session_id = null) { - $tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION); + $course_id = api_get_course_int_id(); if (!isset($session_id)) { $session_id = $this->session_id; @@ -132,7 +132,7 @@ class CourseDescription $tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION, $course_info['dbName']); } - $sql = "SELECT * FROM $tbl_course_description WHERE description_type='$description_type' $condition_session "; + $sql = "SELECT * FROM $tbl_course_description WHERE c_id = $course_id AND description_type='$description_type' $condition_session "; $rs = Database::query($sql); $data = array(); if ($description = Database::fetch_array($rs)) { @@ -149,7 +149,9 @@ class CourseDescription */ public function get_max_description_type() { $tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION); - $sql = "SELECT MAX(description_type) as MAX FROM $tbl_course_description WHERE session_id='".$this->session_id."'"; + $course_id = api_get_course_int_id(); + + $sql = "SELECT MAX(description_type) as MAX FROM $tbl_course_description WHERE c_id = $course_id AND session_id='".$this->session_id."'"; $rs = Database::query($sql); $max = Database::fetch_array($rs); $description_type = $max['MAX']+1; @@ -244,7 +246,9 @@ class CourseDescription public function delete($course_db = null) { $tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION); $description_id = $this->get_id_by_description_type($this->description_type); - $sql = "DELETE FROM $tbl_course_description WHERE description_type = '".intval($this->description_type)."' AND session_id = '".intval($this->session_id)."'"; + + $course_id = api_get_course_int_id(); + $sql = "DELETE FROM $tbl_course_description WHERE c_id = $course_id AND description_type = '".intval($this->description_type)."' AND session_id = '".intval($this->session_id)."'"; Database::query($sql); $affected_rows = Database::affected_rows(); if ($description_id > 0) { @@ -261,7 +265,9 @@ class CourseDescription */ public function get_id_by_description_type($description_type) { $tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION); - $sql = "SELECT id FROM $tbl_course_description WHERE description_type = '".intval($description_type)."'"; + $course_id = api_get_course_int_id(); + + $sql = "SELECT id FROM $tbl_course_description WHERE c_id = $course_id AND description_type = '".intval($description_type)."'"; $rs = Database::query($sql); $row = Database::fetch_array($rs); $description_id = $row['id']; @@ -278,7 +284,9 @@ class CourseDescription public function get_progress_porcent($with_icon = false, $description_type = THEMATIC_ADVANCE) { $tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION); $session_id = intval($session_id); - $sql = "SELECT progress FROM $tbl_course_description WHERE description_type = '".intval($description_type)."' AND session_id = '".intval($this->session_id)."' "; + $course_id = api_get_course_int_id(); + + $sql = "SELECT progress FROM $tbl_course_description WHERE c_id = $course_id AND description_type = '".intval($description_type)."' AND session_id = '".intval($this->session_id)."' "; $rs = Database::query($sql); $progress = ''; $img = ''; @@ -478,5 +486,4 @@ class CourseDescription public function get_progress() { return $this->progress; } - -} +} \ No newline at end of file diff --git a/main/inc/lib/course_home.lib.php b/main/inc/lib/course_home.lib.php index 7cd03a3db3..0a70837374 100644 --- a/main/inc/lib/course_home.lib.php +++ b/main/inc/lib/course_home.lib.php @@ -18,11 +18,15 @@ class CourseHome { $numcols = 3; $table = new HTML_Table('width="100%"'); $all_tools = array(); + + $course_id = api_get_course_int_id(); + + switch ($cat) { case 'Basic' : - $condition_display_tools = ' WHERE a.link=t.link AND t.position="basic" '; + $condition_display_tools = ' WHERE t.c_id = '.$course_id.' AND a.link=t.link AND t.position="basic" '; if ((api_is_coach() || api_is_course_tutor()) && $_SESSION['studentview'] != 'studentview') { - $condition_display_tools = ' WHERE a.link=t.link AND (t.position="basic" OR a.name = "'.TOOL_TRACKING.'") '; + $condition_display_tools = ' WHERE t.c_id = '.$course_id.' AND a.link=t.link AND (t.position="basic" OR a.name = "'.TOOL_TRACKING.'") '; } $sql = "SELECT a.*, t.image img, t.row, t.column FROM $TBL_ACCUEIL a, $TABLE_TOOLS t @@ -31,23 +35,23 @@ class CourseHome { case 'External' : if (api_is_allowed_to_edit()) { $sql = "SELECT a.*, t.image img FROM $TBL_ACCUEIL a, $TABLE_TOOLS t - WHERE (a.link=t.link AND t.position='external') - OR (a.visibility <= 1 AND (a.image = 'external.gif' OR a.image = 'scormbuilder.gif' OR t.image = 'blog.gif') AND a.image=t.image) + WHERE t.c_id = '.$course_id.' AND ((a.link=t.link AND t.position='external') + OR (a.visibility <= 1 AND (a.image = 'external.gif' OR a.image = 'scormbuilder.gif' OR t.image = 'blog.gif') AND a.image=t.image)) ORDER BY a.id"; } else { $sql = "SELECT a.*, t.image img FROM $TBL_ACCUEIL a, $TABLE_TOOLS t - WHERE a.visibility = 1 AND ((a.link=t.link AND t.position='external') - OR ((a.image = 'external.gif' OR a.image = 'scormbuilder.gif' OR t.image = 'blog.gif') AND a.image=t.image)) + WHERE t.c_id = '.$course_id.' AND (a.visibility = 1 AND ((a.link=t.link AND t.position='external') + OR ((a.image = 'external.gif' OR a.image = 'scormbuilder.gif' OR t.image = 'blog.gif') AND a.image=t.image))) ORDER BY a.id"; } break; case 'courseAdmin' : $sql = "SELECT a.*, t.image img, t.row, t.column FROM $TBL_ACCUEIL a, $TABLE_TOOLS t - WHERE admin=1 AND a.link=t.link ORDER BY t.row, t.column"; + WHERE t.c_id = '.$course_id.' AND admin=1 AND a.link=t.link ORDER BY t.row, t.column"; break; case 'platformAdmin' : - $sql = "SELECT *, image img FROM $TBL_ACCUEIL WHERE visibility = 2 ORDER BY id"; + $sql = "SELECT *, image img FROM $TBL_ACCUEIL WHERE t.c_id = '.$course_id.' AND visibility = 2 ORDER BY id"; } $result = Database::query($sql); @@ -428,11 +432,12 @@ class CourseHome { $web_code_path = api_get_path(WEB_CODE_PATH); $course_tool_table = Database::get_course_table(TABLE_TOOL_LIST); $is_allowed_to_edit = api_is_allowed_to_edit(null, true); - $is_platform_admin = api_is_platform_admin(); + $is_platform_admin = api_is_platform_admin(); $all_tools_list = array(); // Condition for the session $session_id = api_get_session_id(); + $course_id = api_get_course_int_id(); $condition_session = api_get_session_condition($session_id, true, true); $course_id_condition = api_get_course_table_condition(); @@ -442,34 +447,34 @@ class CourseHome { if ((api_is_coach() || api_is_course_tutor()) && $_SESSION['studentview'] != 'studentview') { $condition_display_tools = ' WHERE (visibility = 1 AND (category = "authoring" OR category = "interaction" OR category = "plugin") OR (name = "'.TOOL_TRACKING.'") ) '; } - $sql = "SELECT * FROM $course_tool_table $condition_display_tools $condition_session ORDER BY id"; + $sql = "SELECT * FROM $course_tool_table $condition_display_tools AND c_id = $course_id $condition_session ORDER BY id"; $result = Database::query($sql); $col_link ="##003399"; break; case TOOL_AUTHORING: - $sql = "SELECT * FROM $course_tool_table WHERE category = 'authoring' $condition_session ORDER BY id"; + $sql = "SELECT * FROM $course_tool_table WHERE category = 'authoring' AND c_id = $course_id $condition_session ORDER BY id"; $result = Database::query($sql); $col_link ="##003399"; break; case TOOL_INTERACTION: - $sql = "SELECT * FROM $course_tool_table WHERE category = 'interaction' $condition_session ORDER BY id"; + $sql = "SELECT * FROM $course_tool_table WHERE category = 'interaction' AND c_id = $course_id $condition_session ORDER BY id"; $result = Database::query($sql); $col_link ="##003399"; break; case TOOL_ADMIN_VISIBLE: - $sql = "SELECT * FROM $course_tool_table WHERE category = 'admin' AND visibility ='1' $condition_session ORDER BY id"; + $sql = "SELECT * FROM $course_tool_table WHERE category = 'admin' AND visibility ='1' AND c_id = $course_id $condition_session ORDER BY id"; $result = Database::query($sql); $col_link ="##003399"; break; case TOOL_ADMIN_PLATFORM: - $sql = "SELECT * FROM $course_tool_table WHERE category = 'admin' $condition_session ORDER BY id"; + $sql = "SELECT * FROM $course_tool_table WHERE category = 'admin' AND c_id = $course_id $condition_session ORDER BY id"; $result = Database::query($sql); $col_link ="##003399"; break; case TOOL_COURSE_PLUGIN: //Other queries recover id, name, link, image, visibility, admin, address, added_tool, target, category and session_id // but plugins are not present in the tool table, only globally and inside the course_settings table once configured - $sql = "SELECT * FROM $course_tool_table WHERE category = 'plugin' $condition_session ORDER BY id"; + $sql = "SELECT * FROM $course_tool_table WHERE category = 'plugin' AND c_id = $course_id $condition_session ORDER BY id"; $result = Database::query($sql); break; } diff --git a/main/inc/lib/glossary.lib.php b/main/inc/lib/glossary.lib.php index 67eb2b46de..224821f70f 100644 --- a/main/inc/lib/glossary.lib.php +++ b/main/inc/lib/glossary.lib.php @@ -22,7 +22,9 @@ class GlossaryManager { $glossary_table = Database::get_course_table(TABLE_GLOSSARY); $session_id = intval($session_id); $sql_filter = api_get_session_condition($session_id); - $sql = 'SELECT glossary_id as id, name, description FROM '.$glossary_table.' WHERE 1=1 '.$sql_filter; + $course_id = api_get_course_int_id(); + + $sql = "SELECT glossary_id as id, name, description FROM $glossary_table WHERE c_id = $course_id $sql_filter"; $rs = Database::query($sql); while ($row = Database::fetch_array($rs)) { $glossary_data[] = $row; @@ -38,7 +40,8 @@ class GlossaryManager { public static function get_glossary_term_by_glossary_id ($glossary_id) { global $course; $glossary_table = Database::get_course_table(TABLE_GLOSSARY); - $sql='SELECT description FROM '.$glossary_table.' WHERE glossary_id="'.Database::escape_string($glossary_id).'"'; + $course_id = api_get_course_int_id(); + $sql = "SELECT description FROM $glossary_table WHERE c_id = $course_id AND glossary_id =".Database::escape_string($glossary_id); $rs=Database::query($sql); if (Database::num_rows($rs) > 0) { $row = Database::fetch_array($rs); @@ -58,8 +61,9 @@ class GlossaryManager { global $course; $glossary_table = Database::get_course_table(TABLE_GLOSSARY); $session_id = intval($session_id); + $course_id = api_get_course_int_id(); $sql_filter = api_get_session_condition($session_id); - $sql = 'SELECT description FROM '.$glossary_table.' WHERE name LIKE trim("'.Database::escape_string($glossary_name).'")'.$sql_filter; + $sql = 'SELECT description FROM '.$glossary_table.' WHERE c_id = '.$course_id.' AND name LIKE trim("'.Database::escape_string($glossary_name).'")'.$sql_filter; $rs = Database::query($sql); if (Database::num_rows($rs) > 0) { $row = Database::fetch_array($rs); @@ -187,8 +191,9 @@ class GlossaryManager { function glossary_exists($term,$not_id='') { // Database table definition $t_glossary = Database :: get_course_table(TABLE_GLOSSARY); + $course_id = api_get_course_int_id(); - $sql = "SELECT name FROM $t_glossary WHERE name = '".Database::escape_string($term)."'"; + $sql = "SELECT name FROM $t_glossary WHERE c_id = $course_id AND name = '".Database::escape_string($term)."'"; if ($not_id<>'') { $sql .= " AND glossary_id <> '".Database::escape_string($not_id)."'"; } @@ -315,8 +320,7 @@ class GlossaryManager { */ function display_glossary_list() { $glossary_data = self::get_glossary_data(0,1000,0,'ASC'); - foreach($glossary_data as $key=>$glossary_item) { - + foreach($glossary_data as $key=>$glossary_item) { echo '
'.$glossary_item[0].'
'; echo '
'.$glossary_item[1].'
'; if (api_is_allowed_to_edit(null,true)) { @@ -341,7 +345,7 @@ class GlossaryManager { $session_id = intval($session_id); $sql_filter = api_get_session_condition($session_id, true, true); - $sql = "SELECT count(glossary_id) as total FROM $t_glossary WHERE 1=1 AND c_id = $course_id $sql_filter"; + $sql = "SELECT count(glossary_id) as total FROM $t_glossary WHERE c_id = $course_id $sql_filter"; $res = Database::query($sql); if ($res === false) { return 0; } $obj = Database::fetch_object($res); @@ -496,14 +500,14 @@ class GlossaryManager { function reorder_glossary() { // Database table definition $t_glossary = Database :: get_course_table(TABLE_GLOSSARY); - - $sql = "SELECT * FROM $t_glossary ORDER by display_order ASC"; + $course_id = api_get_course_int_id(); + $sql = "SELECT * FROM $t_glossary WHERE c_id = $course_id ORDER by display_order ASC"; $res = Database::query($sql); $i = 1; while ($data = Database::fetch_array($res)) { $sql_reorder = "UPDATE $t_glossary SET display_order = $i - WHERE glossary_id = '".Database::escape_string($data['glossary_id'])."'"; + WHERE c_id = $course_id AND glossary_id = '".Database::escape_string($data['glossary_id'])."'"; Database::query($sql_reorder); $i++; } @@ -528,8 +532,9 @@ class GlossaryManager { } else { $sortorder = 'ASC'; } + $course_id = api_get_course_int_id(); - $sql = "SELECT * FROM $t_glossary ORDER BY display_order $sortorder"; + $sql = "SELECT * FROM $t_glossary WHERE c_id = $course_id ORDER BY display_order $sortorder"; $res = Database::query($sql); $found = false; while ($row = Database::fetch_array($res)) { @@ -544,8 +549,8 @@ class GlossaryManager { $found = true; } } - $sql1 = "UPDATE $t_glossary SET display_order = '".Database::escape_string($next_display_order)."' WHERE glossary_id = '".Database::escape_string($current_id)."'"; - $sql2 = "UPDATE $t_glossary SET display_order = '".Database::escape_string($current_display_order)."' WHERE glossary_id = '".Database::escape_string($next_id)."'"; + $sql1 = "UPDATE $t_glossary SET display_order = '".Database::escape_string($next_display_order)."' WHERE c_id = $course_id AND glossary_id = '".Database::escape_string($current_id)."'"; + $sql2 = "UPDATE $t_glossary SET display_order = '".Database::escape_string($current_display_order)."' WHERE c_id = $course_id AND glossary_id = '".Database::escape_string($next_id)."'"; $res = Database::query($sql1); $res = Database::query($sql2); diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php index 6e18a6aeef..7c40e9cf14 100644 --- a/main/inc/lib/main_api.lib.php +++ b/main/inc/lib/main_api.lib.php @@ -4918,7 +4918,7 @@ function api_check_term_condition($user_id) { function api_get_tool_information($tool_id) { $t_tool = Database::get_course_table(TABLE_TOOL_LIST); $course_id = api_get_course_int_id(); - $sql = "SELECT * FROM $t_tool WHERE c_id = $course_id AND id = ".Database::escape_string($tool_id); + $sql = "SELECT * FROM $t_tool WHERE c_id = $course_id AND id = ".intval($tool_id); $rs = Database::query($sql); return Database::fetch_array($rs); } diff --git a/main/inc/lib/thematic.lib.php b/main/inc/lib/thematic.lib.php index 796cca99b3..d1af7bad6e 100644 --- a/main/inc/lib/thematic.lib.php +++ b/main/inc/lib/thematic.lib.php @@ -44,7 +44,8 @@ class Thematic if (!api_get_session_id()) { $condition_session = api_get_session_condition(0); } - $sql = "SELECT COUNT(id) AS total_number_of_items FROM $tbl_thematic WHERE active = 1 $condition_session "; + $course_id = api_get_course_int_id(); + $sql = "SELECT COUNT(id) AS total_number_of_items FROM $tbl_thematic WHERE c_id = $course_id AND active = 1 $condition_session "; $res = Database::query($sql); $res = Database::query($sql); $obj = Database::fetch_object($res); @@ -73,9 +74,11 @@ class Thematic if (!in_array($direction, array('ASC','DESC'))) { $direction = 'ASC'; } + + $course_id = api_get_course_int_id(); $sql = "SELECT id AS col0, title AS col1, display_order AS col2, session_id FROM $tbl_thematic - WHERE active = 1 $condition_session + WHERE c_id = $course_id AND active = 1 $condition_session ORDER BY col2 LIMIT $from,$number_of_items "; $res = Database::query($sql); @@ -125,9 +128,7 @@ class Thematic $actions .= Display::return_icon('down_na.png',' ','',22); } $actions .= ''.Display::return_icon('edit.png',get_lang('Edit'),'',22).''; - $actions .= ''.Display::return_icon('delete.png',get_lang('Delete'),'',22).''; - - + $actions .= ''.Display::return_icon('delete.png',get_lang('Delete'),'',22).''; } $thematics[] = array($thematic[0], $thematic[1], $actions); } @@ -148,7 +149,8 @@ class Thematic } else { $condition_session = ''; } - $sql = "SELECT MAX(display_order) FROM $tbl_thematic WHERE active = 1 $condition_session"; + $course_id = api_get_course_int_id(); + $sql = "SELECT MAX(display_order) FROM $tbl_thematic WHERE c_id = $course_id AND active = 1 $condition_session"; $rs = Database::query($sql); $row = Database::fetch_array($rs); return $row[0]; @@ -170,11 +172,12 @@ class Thematic } else { $sortorder = 'ASC'; } + $course_id = api_get_course_int_id(); $session_id = api_get_session_id(); $condition_session = api_get_session_condition($session_id); - $sql = "SELECT id, display_order FROM $tbl_thematic WHERE active = 1 $condition_session ORDER BY display_order $sortorder"; + $sql = "SELECT id, display_order FROM $tbl_thematic WHERE c_id = $course_id AND active = 1 $condition_session ORDER BY display_order $sortorder"; $res = Database::query($sql); $found = false; @@ -199,17 +202,16 @@ class Thematic $last_done_thematic_advance = $this->get_last_done_thematic_advance(); if (!empty($next_display_order) && !empty($current_id)) { - $sql = "UPDATE $tbl_thematic SET display_order = $next_display_order WHERE id = $current_id "; + $sql = "UPDATE $tbl_thematic SET display_order = $next_display_order WHERE c_id = $course_id AND id = $current_id "; Database::query($sql); } if (!empty($current_display_order) && !empty($next_id)) { - $sql = "UPDATE $tbl_thematic SET display_order = $current_display_order WHERE id = $next_id "; + $sql = "UPDATE $tbl_thematic SET display_order = $current_display_order WHERE c_id = $course_id AND id = $next_id "; Database::query($sql); } // update done advances with de current thematic list $update_done_advances = $this->update_done_thematic_advances($last_done_thematic_advance); - } /** @@ -220,13 +222,10 @@ class Thematic public function get_thematic_list($thematic_id = null, $course_code = null, $session_id = null) { // set current course and session - if (isset($course_code)) { - $course_info = api_get_course_info($course_code); - $tbl_thematic = Database :: get_course_table(TABLE_THEMATIC, $course_info['dbName']); - } else { - $tbl_thematic = Database :: get_course_table(TABLE_THEMATIC); - } - + $tbl_thematic = Database :: get_course_table(TABLE_THEMATIC); + $course_info = api_get_course_info($course_code); + $course_id = $course_info['real_id']; + if (isset($session_id)) { $session_id = intval($session_id); } else { @@ -245,7 +244,7 @@ class Thematic } $condition = " WHERE active = 1 $condition_session "; } - $sql = "SELECT * FROM $tbl_thematic $condition ORDER BY display_order "; + $sql = "SELECT * FROM $tbl_thematic $condition AND c_id = $course_id ORDER BY display_order "; $res = Database::query($sql); if (Database::num_rows($res) > 0) { @@ -313,27 +312,29 @@ class Thematic $tbl_thematic = Database::get_course_table(TABLE_THEMATIC); $affected_rows = 0; $user_id = api_get_user_id(); + $course_id = api_get_course_int_id(); + if (is_array($thematic_id)) { foreach ($thematic_id as $id) { $id = intval($id); - $sql = "UPDATE $tbl_thematic SET active = 0 WHERE id = $id"; + $sql = "UPDATE $tbl_thematic SET active = 0 WHERE c_id = $course_id AND id = $id"; Database::query($sql); $affected_rows += Database::affected_rows(); if (!empty($affected_rows)) { // update row item property table - api_item_property_update($_course, 'thematic', $id,"ThematicDeleted", $user_id); + api_item_property_update($_course, 'thematic', $id,"ThematicDeleted", $user_id); //api_item_property_update($_course, TOOL_COURSE_PROGRESS, $id,"delete", $user_id); } } } else { $thematic_id = intval($thematic_id); - $sql = "UPDATE $tbl_thematic SET active = 0 WHERE id = $thematic_id"; + $sql = "UPDATE $tbl_thematic SET active = 0 WHERE c_id = $course_id AND id = $thematic_id"; Database::query($sql); $affected_rows = Database::affected_rows(); if (!empty($affected_rows)) { // update row item property table //api_item_property_update($_course, TOOL_COURSE_PROGRESS, $thematic_id,"delete", $user_id); - api_item_property_update($_course, 'thematic', $thematic_id,"ThematicDeleted", $user_id); + api_item_property_update($_course, 'thematic', $thematic_id,"ThematicDeleted", $user_id); } } return $affected_rows; @@ -371,8 +372,10 @@ class Thematic */ public function get_number_of_thematic_advances() { global $thematic_id; - $tbl_thematic_advance = Database :: get_course_table(TABLE_THEMATIC_ADVANCE); - $sql = "SELECT COUNT(id) AS total_number_of_items FROM $tbl_thematic_advance WHERE thematic_id = $thematic_id "; + $tbl_thematic_advance = Database :: get_course_table(TABLE_THEMATIC_ADVANCE); + $course_id = api_get_course_int_id(); + + $sql = "SELECT COUNT(id) AS total_number_of_items FROM $tbl_thematic_advance WHERE c_id = $course_id AND thematic_id = $thematic_id "; $res = Database::query($sql); $res = Database::query($sql); $obj = Database::fetch_object($res); @@ -400,10 +403,12 @@ class Thematic } $data = array(); + $course_id = api_get_course_int_id(); + if (api_is_allowed_to_edit(null, true)) { $sql = "SELECT id AS col0, start_date AS col1, duration AS col2, content AS col3 FROM $tbl_thematic_advance - WHERE thematic_id = $thematic_id + WHERE c_id = $course_id AND thematic_id = $thematic_id ORDER BY col$column $direction LIMIT $from,$number_of_items "; $list = api_get_item_property_by_tool('thematic_advance', api_get_course_id(), api_get_session_id()); @@ -440,17 +445,14 @@ class Thematic public function get_thematic_advance_by_thematic_id($thematic_id, $course_code = null) { $course_info = api_get_course_info($course_code); + $course_id = $course_info['real_id']; // set current course - if (isset($course_code)) { - $tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE, $course_info['dbName']); - } else { - $tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE); - } - + $tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE); + $thematic_id = intval($thematic_id); $data = array(); - $sql = "SELECT * FROM $tbl_thematic_advance WHERE thematic_id = $thematic_id "; + $sql = "SELECT * FROM $tbl_thematic_advance WHERE c_id = $course_id AND thematic_id = $thematic_id "; $elements = array(); $list = api_get_item_property_by_tool('thematic_advance', $course_info['code'], api_get_session_id()); @@ -554,21 +556,20 @@ class Thematic */ public function get_thematic_advance_list($thematic_advance_id = null, $course_code = null, $force_session_id = false) { // set current course $course_info = api_get_course_info($course_code); - if (isset($course_code)) { - $tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE, $course_info['dbName']); - $tbl_thematic = Database::get_course_table(TABLE_THEMATIC,$course_info['dbName']); - } else { - $tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE); - $tbl_thematic = Database::get_course_table(TABLE_THEMATIC); - } - - $data = array(); + + $tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE); + $tbl_thematic = Database::get_course_table(TABLE_THEMATIC); + + $data = array(); $condition = ''; if (isset($thematic_advance_id)) { $thematic_advance_id = intval($thematic_advance_id); $condition = " AND a.id = $thematic_advance_id "; } + + $course_id = $course_info['real_id']; + /*if ($force_session_id) { $sql = "SELECT a.* FROM $tbl_thematic_advance a INNER JOIN $tbl_thematic t ON t.id = a.thematic_id WHERE 1 $condition AND t.session_id = ".api_get_session_id()." ORDER BY start_date "; @@ -576,7 +577,7 @@ class Thematic $sql = "SELECT * FROM $tbl_thematic_advance a WHERE 1 $condition ORDER BY start_date "; }*/ - $sql = "SELECT * FROM $tbl_thematic_advance a WHERE 1 $condition ORDER BY start_date "; + $sql = "SELECT * FROM $tbl_thematic_advance a WHERE c_id = $course_id $condition ORDER BY start_date "; $elements = array(); if ($force_session_id) { @@ -660,6 +661,7 @@ class Thematic */ public function thematic_advance_destroy($thematic_advance_id) { global $_course; + $course_id = api_get_course_int_id(); // definition database table $tbl_thematic_advance = Database::get_course_table(TABLE_THEMATIC_ADVANCE); @@ -668,7 +670,7 @@ class Thematic $thematic_advance_id = intval($thematic_advance_id); $user_id = api_get_user_id(); - $sql = "DELETE FROM $tbl_thematic_advance WHERE id = $thematic_advance_id "; + $sql = "DELETE FROM $tbl_thematic_advance WHERE c_id = $course_id AND id = $thematic_advance_id "; Database::query($sql); $affected_rows = Database::affected_rows(); if ($affected_rows) { @@ -689,7 +691,9 @@ class Thematic // definition database table $tbl_thematic_plan = Database::get_course_table(TABLE_THEMATIC_PLAN); $tbl_thematic = Database::get_course_table(TABLE_THEMATIC); - + + $course_id = api_get_course_int_id(); + $data = array(); $condition = ''; if (isset($thematic_id)) { @@ -700,7 +704,6 @@ class Thematic $description_type = intval($description_type); $condition .= " AND description_type = $description_type "; } - $items = $elements_to_show = $elements_to_show_values = array(); @@ -732,7 +735,7 @@ class Thematic if (!empty($thematic_plan_id_list)) { $sql = "SELECT tp.id, thematic_id, tp.title, description, description_type, t.session_id FROM $tbl_thematic_plan tp INNER JOIN $tbl_thematic t ON (t.id=tp.thematic_id) - WHERE 1 $condition AND tp.id IN (".implode(', ', $thematic_plan_id_list).") "; + WHERE c_id = $course_id $condition AND tp.id IN (".implode(', ', $thematic_plan_id_list).") "; $rs = Database::query($sql); @@ -776,7 +779,7 @@ class Thematic $description_type = intval($this->thematic_plan_description_type); $user_id = api_get_user_id(); $session_id = api_get_session_id(); - + $course_id = api_get_course_int_id(); $list = api_get_item_property_by_tool('thematic_plan', api_get_course_id(), api_get_session_id()); @@ -789,7 +792,7 @@ class Thematic $condition = "AND id IN (".implode(',', $elements_to_show).") "; } // check thematic plan type already exists - $sql = "SELECT id FROM $tbl_thematic_plan WHERE thematic_id = $thematic_id AND description_type = $description_type "; + $sql = "SELECT id FROM $tbl_thematic_plan WHERE c_id = $course_id AND thematic_id = $thematic_id AND description_type = $description_type "; $rs = Database::query($sql); @@ -810,7 +813,7 @@ class Thematic if ($update) { // update - $upd = "UPDATE $tbl_thematic_plan SET title = '$title', description = '$description' WHERE id = $thematic_plan_id"; + $upd = "UPDATE $tbl_thematic_plan SET title = '$title', description = '$description' WHERE c_id = $course_id AND id = $thematic_plan_id"; Database::query($upd); $affected_rows = Database::affected_rows(); if ($affected_rows) { @@ -855,20 +858,20 @@ class Thematic // protect data $thematic_id = intval($thematic_id); $description_type = intval($description_type); - $user_id = api_get_user_id(); + $user_id = api_get_user_id(); + $course_id = $course_info['real_id']; - // get thematic plan id - $thematic_plan_data = $this->get_thematic_plan_data($thematic_id, $description_type); - $thematic_plan_id = $thematic_plan_data[0]['id']; + // get thematic plan id + $thematic_plan_data = $this->get_thematic_plan_data($thematic_id, $description_type); + $thematic_plan_id = $thematic_plan_data[0]['id']; - // delete - $sql = "DELETE FROM $tbl_thematic_plan WHERE thematic_id = $thematic_id AND description_type = $description_type "; + // delete + $sql = "DELETE FROM $tbl_thematic_plan WHERE c_id = $course_id AND thematic_id = $thematic_id AND description_type = $description_type "; Database::query($sql); $affected_rows = Database::affected_rows(); - if ($affected_rows) { - api_item_property_update($_course, 'thematic_plan', $thematic_plan_id,"ThematicPlanDeleted", $user_id); - } - + if ($affected_rows) { + api_item_property_update($_course, 'thematic_plan', $thematic_plan_id,"ThematicPlanDeleted", $user_id); + } return $affected_rows; } @@ -886,15 +889,17 @@ class Thematic $thematic_id = intval($thematic_id); $description_type = intval($description_type); $next_description_type = 0; - - $sql = "SELECT MAX(description_type) as max FROM $tbl_thematic_plan WHERE thematic_id = $thematic_id AND description_type >= ".ADD_THEMATIC_PLAN." "; + + $course_id = api_get_course_int_id(); + + $sql = "SELECT MAX(description_type) as max FROM $tbl_thematic_plan + WHERE c_id = $course_id AND thematic_id = $thematic_id AND description_type >= ".ADD_THEMATIC_PLAN." "; $rs = Database::query($sql); $row = Database::fetch_array($rs); $last_description_type = $row['max']; if (isset($last_description_type)) { $row = Database::fetch_array($rs); - $next_description_type = $last_description_type + 1; } else { $next_description_type = ADD_THEMATIC_PLAN; @@ -932,6 +937,9 @@ class Thematic } $error = null; $a_thematic_advance_ids = array(); + $course_id = api_get_course_int_id(); + + if (!empty($thematic_data)) { foreach ($thematic_data as $thematic) { $my_affected_rows = 0; @@ -948,7 +956,7 @@ class Thematic $a_thematic_advance_ids[] = $thematic_advance['id']; // update done thematic for previous advances ((done_advance = 1)) - $upd = "UPDATE $tbl_thematic_advance set done_advance = 1 WHERE id = ".$thematic_advance['id']." "; + $upd = "UPDATE $tbl_thematic_advance SET done_advance = 1 WHERE c_id = $course_id AND id = ".$thematic_advance['id']." "; Database::query($upd); $my_affected_rows = Database::affected_rows(); $affected_rows += $my_affected_rows; @@ -969,7 +977,7 @@ class Thematic if (!empty($a_thematic_advance_ids) && count($a_thematic_advance_ids) > 0) { $diff = array_diff($all, $a_thematic_advance_ids); if (!empty($diff)) { - $upd = "UPDATE $tbl_thematic_advance set done_advance = 0 WHERE id IN(".implode(',',$diff).") "; + $upd = "UPDATE $tbl_thematic_advance SET done_advance = 0 WHERE c_id = $course_id AND id IN(".implode(',',$diff).") "; Database::query($upd); } @@ -978,13 +986,14 @@ class Thematic $session_id = api_get_session_id(); // get all thematic advance done - $rs_thematic_done = Database::query("SELECT ref FROM $tbl_item_property WHERE tool='thematic_advance' AND lastedit_type='ThematicAdvanceDone' AND id_session = $session_id "); + $rs_thematic_done = Database::query("SELECT ref FROM $tbl_item_property + WHERE c_id = $course_id AND tool='thematic_advance' AND lastedit_type='ThematicAdvanceDone' AND id_session = $session_id "); if (Database::num_rows($rs_thematic_done) > 0) { while ($row_thematic_done = Database::fetch_array($rs_thematic_done)) { $ref = $row_thematic_done['ref']; if (in_array($ref, $a_thematic_advance_ids)) { continue; } // update items - Database::query("UPDATE $tbl_item_property SET lastedit_date='".api_get_utc_datetime()."', lastedit_type='ThematicAdvanceUpdated', lastedit_user_id = $user_id WHERE tool='thematic_advance' AND ref=$ref AND id_session = $session_id "); + Database::query("UPDATE $tbl_item_property SET lastedit_date='".api_get_utc_datetime()."', lastedit_type='ThematicAdvanceUpdated', lastedit_user_id = $user_id WHERE c_id = $course_id AND tool='thematic_advance' AND ref=$ref AND id_session = $session_id "); } } } @@ -1257,5 +1266,4 @@ class Thematic } return $datetime; } - } \ No newline at end of file