chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #347 - The old tracking tool, Users, Web-services, Wiki, Assignments, and some files on the root level: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent 6472e4e9e9
commit c2c757eed0
25 changed files with 671 additions and 671 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 14
      index.php
  2. 48
      main/tracking/courseLog.php
  3. 8
      main/tracking/courseLogCSV.php
  4. 2
      main/tracking/logins_details.php
  5. 10
      main/tracking/userLog.php
  6. 10
      main/tracking/userlogCSV.php
  7. 2
      main/upload/upload.document.php
  8. 4
      main/user/class.php
  9. 8
      main/user/subscribe_class.php
  10. 206
      main/user/subscribe_user.php
  11. 8
      main/user/user.php
  12. 46
      main/user/userInfoLib.php
  13. 6
      main/user/user_add.php
  14. 250
      main/webservices/registration.soap.php
  15. 66
      main/wiki/index.php
  16. 104
      main/wiki/wiki.inc.php
  17. 2
      main/work/download.php
  18. 8
      main/work/downloadfolder.inc.php
  19. 66
      main/work/work.lib.php
  20. 168
      main/work/work.php
  21. 6
      plugin/search/client/www/indexer_login.php
  22. 254
      user_portal.php
  23. 2
      webchatdeny.php
  24. 38
      whoisonline.php
  25. 6
      whoisonlinesession.php

14
index.php
Unescape View File

@ -144,7 +144,7 @@ if (!empty($_POST['submitAuth'])) {
FROM $track_login_table
WHERE login_user_id = '".$_user['user_id']."'
ORDER BY login_date DESC LIMIT 1";
$result_last_login = Database::query($sql_last_login, __FILE__, __LINE__);
$result_last_login = Database::query($sql_last_login);
if (!$result_last_login) {
if (Database::num_rows($result_last_login) > 0) {
$user_last_login_datetime = Database::fetch_array($result_last_login);
@ -292,7 +292,7 @@ function logout()
// selecting the last login of the user
$uid = intval($_GET['uid']);
$sql_last_connection = "SELECT login_id, login_date FROM $tbl_track_login WHERE login_user_id='$uid' ORDER BY login_date DESC LIMIT 0,1";
$q_last_connection = Database::query($sql_last_connection, __FILE__, __LINE__);
$q_last_connection = Database::query($sql_last_connection);
if (Database::num_rows($q_last_connection) > 0) {
$i_id_last_connection = Database::result($q_last_connection, 0, 'login_id');
}
@ -300,7 +300,7 @@ function logout()
if (!isset($_SESSION['login_as'])) {
$current_date = date('Y-m-d H:i:s', time());
$s_sql_update_logout_date = "UPDATE $tbl_track_login SET logout_date='".$current_date."' WHERE login_id='$i_id_last_connection'";
Database::query($s_sql_update_logout_date, __FILE__, __LINE__);
Database::query($s_sql_update_logout_date);
}
LoginDelete($uid, $_configuration['statistics_database']); //from inc/lib/online.inc.php - removes the "online" status
@ -340,7 +340,7 @@ function category_has_open_courses($category) {
$user_identified = (api_get_user_id() > 0 && !api_is_anonymous());
$main_course_table = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql_query = "SELECT * FROM $main_course_table WHERE category_code='$category'";
$sql_result = Database::query($sql_query, __FILE__, __LINE__);
$sql_result = Database::query($sql_query);
while ($course = Database::fetch_array($sql_result)) {
if (!$setting_show_also_closed_courses) {
if ((api_get_user_id() > 0
@ -621,7 +621,7 @@ function display_anonymous_course_list() {
}
//removed: AND cours.visibility='".COURSE_VISIBILITY_OPEN_WORLD."'
$sql_result_courses = Database::query($sql_get_course_list, __FILE__, __LINE__);
$sql_result_courses = Database::query($sql_get_course_list);
while ($course_result = Database::fetch_array($sql_result_courses)) {
$course_list[] = $course_result;
@ -669,7 +669,7 @@ function display_anonymous_course_list() {
}
}
$resCats = Database::query($sqlGetSubCatList, __FILE__, __LINE__);
$resCats = Database::query($sqlGetSubCatList);
$thereIsSubCat = false;
if (Database::num_rows($resCats) > 0) {
$htmlListCat = "<h4 style=\"margin-top: 0px;\">".get_lang("CatList")."</h4>"."<ul>";
@ -856,7 +856,7 @@ function get_courses_of_user($user_id) {
WHERE course.code = course_rel_user.course_code
AND course_rel_user.user_id = '".$user_id."'
ORDER BY course_rel_user.sort ASC";
$result = Database::query($sql_select_courses, __FILE__, __LINE__);
$result = Database::query($sql_select_courses);
while ($row = Database::fetch_array($result)) {
// we only need the database name of the course
$courses[$row['k']] = array('db' => $row['db'], 'code' => $row['k'], 'visual_code' => $row['vc'], 'title' => $row['i'], 'directory' => $row['dir'], 'status' => $row['status'], 'tutor' => $row['t'], 'subscribe' => $row['subscr'], 'unsubscribe' => $row['unsubscr'], 'sort' => $row['sort'], 'user_course_category' => $row['user_course_cat']);

48
main/tracking/courseLog.php
Unescape View File

@ -72,7 +72,7 @@ if (!empty($_GET['scormcontopen'])) {
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
}
@ -105,7 +105,7 @@ $tbl_learnpath_item = Database::get_course_table(TABLE_LP_ITEM);
$tbl_learnpath_view = Database::get_course_table(TABLE_LP_VIEW);
$tbl_learnpath_item_view = Database::get_course_table(TABLE_LP_ITEM_VIEW);
// breadcrumbs
// breadcrumbs
if (isset($_GET['origin']) && $_GET['origin'] == 'resume_session') {
$interbreadcrumb[] = array('url' => '../admin/index.php','name' => get_lang('PlatformAdmin'));
$interbreadcrumb[] = array('url' => '../admin/session_list.php','name' => get_lang('SessionList'));
@ -122,9 +122,9 @@ Display::display_header($nameTools, 'Tracking');
// getting all the students of the course
$a_students = CourseManager :: get_student_list_from_course_code($_course['id'], true, (empty($_SESSION['id_session']) ? null : $_SESSION['id_session']));
$nbStudents = count($a_students);
// gettting all the additional information of an additional profile field
if (isset($_GET['additional_profile_field']) && is_numeric($_GET['additional_profile_field'])) {
if (isset($_GET['additional_profile_field']) && is_numeric($_GET['additional_profile_field'])) {
//$additional_user_profile_info = get_addtional_profile_information_of_field($_GET['additional_profile_field']);
$user_array = array();
foreach ($a_students as $key=>$item) {
@ -138,7 +138,7 @@ if (isset($_GET['additional_profile_field']) && is_numeric($_GET['additional_pro
/*
@ -229,7 +229,7 @@ if ($_GET['studentlist'] == 'false') {
$sql = "SELECT id, title
FROM $TABLEQUIZ WHERE active <> -1";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if ($export_csv) {
$temp = array(get_lang('AverageProgressInLearnpath'), '');
@ -241,7 +241,7 @@ if ($_GET['studentlist'] == 'false') {
// gets course actual administrators
$sql = "SELECT user.user_id FROM $table_user user, $TABLECOURSUSER course_user
WHERE course_user.user_id=user.user_id AND course_user.course_code='".api_get_course_id()."' AND course_user.status <> '1' ";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$student_ids = array();
@ -262,7 +262,7 @@ if ($_GET['studentlist'] == 'false') {
AND orig_lp_id = 0
AND orig_lp_item_id = 0
ORDER BY exe_date DESC';
$rsAttempt = Database::query($sql, __FILE__, __LINE__);
$rsAttempt = Database::query($sql);
$nb_attempts = 0;
$avg_student_score = 0;
while ($attempt = Database::fetch_array($rsAttempt)) {
@ -343,7 +343,7 @@ if ($_GET['studentlist'] == 'false') {
GROUP BY access_tool
ORDER BY count_access_tool DESC
LIMIT 0, 3";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if ($export_csv) {
$temp = array(get_lang('ToolsMostUsed'), '');
@ -383,7 +383,7 @@ if ($_GET['studentlist'] == 'false') {
GROUP BY down_doc_path
ORDER BY count_down DESC
LIMIT 0, $num";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if ($export_csv) {
$temp = array(get_lang('DocumentsMostDownloaded', ''), '');
@ -425,7 +425,7 @@ if ($_GET['studentlist'] == 'false') {
GROUP BY cl.title, cl.url
ORDER BY count_visits DESC
LIMIT 0, 3";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if ($export_csv) {
$temp = array(get_lang('LinksMostClicked'),'');
@ -479,7 +479,7 @@ if ($_GET['studentlist'] == 'false') {
15 => '15 '.get_lang('Days'),
30 => '30 '.get_lang('Days'),
'never' => get_lang('Never')
);
$el = $form -> addElement('select', 'since', '<img width="22" align="middle" src="'.api_get_path(WEB_IMG_PATH).'messagebox_warning.gif" border="0" />'.get_lang('RemindInactivesLearnersSince'), $options);
@ -502,23 +502,23 @@ if ($_GET['studentlist'] == 'false') {
$tracking_direction = isset($_GET['tracking_direction']) ? $_GET['tracking_direction'] : 'DESC';
if (count($a_students) > 0) {
if ($export_csv) {
$csv_content[] = array ();
}
$all_datas = array();
$course_code = $_course['id'];
$user_ids = array_keys($a_students);
$table = new SortableTable('users_tracking', array('TrackingCourseLog','get_number_of_users'), array('TrackingCourseLog','get_user_data'), (api_is_western_name_order() xor api_sort_by_first_name()) ? 3 : 2);
$parameters['cidReq'] = Security::remove_XSS($_GET['cidReq']);
$parameters['studentlist'] = Security::remove_XSS($_GET['studentlist']);
$parameters['from'] = Security::remove_XSS($_GET['myspace']);
$table->set_additional_parameters($parameters);
$table -> set_header(0, get_lang('OfficialCode'), false, 'align="center"');
if ($is_western_name_order) {
$table -> set_header(1, get_lang('FirstName'), false, 'align="center"');
@ -529,26 +529,26 @@ if ($_GET['studentlist'] == 'false') {
}
$table -> set_header(3, get_lang('TrainingTime'),false);
$table -> set_header(4, get_lang('CourseProgress'),false);
$table -> set_header(5, get_lang('Score'),false);
$table -> set_header(5, get_lang('Score'),false);
$table -> set_header(6, get_lang('Student_publication'),false);
$table -> set_header(7, get_lang('Messages'),false);
$table -> set_header(8, get_lang('FirstLogin'), false, 'align="center"');
$table -> set_header(9, get_lang('LatestLogin'), false, 'align="center"');
$table -> set_header(9, get_lang('LatestLogin'), false, 'align="center"');
//if (isset($_GET['additional_profile_field']) AND is_numeric($_GET['additional_profile_field'])) {
$table -> set_header(10, get_lang('AdditionalProfileField'),false);
$table -> set_header(10, get_lang('AdditionalProfileField'),false);
/*} else {
$table -> set_header(10, ,false);
}*/
$table -> set_header(11, get_lang('Details'),false);
$table->display();
} else {
echo get_lang('NoUsersInCourseTracking');
}
// send the csv file if asked
if ($export_csv) {
if ($export_csv) {
if ($is_western_name_order) {
$csv_headers = array (
get_lang('OfficialCode', ''),
@ -576,7 +576,7 @@ if ($_GET['studentlist'] == 'false') {
get_lang('LatestLogin', '')
);
}
if (isset($_GET['additional_profile_field']) AND is_numeric($_GET['additional_profile_field'])) {
$csv_headers[]=get_lang('AdditionalProfileField');
}

8
main/tracking/courseLogCSV.php
Unescape View File

@ -58,7 +58,7 @@ if ($_GET['scormcontopen'])
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
//header('Content-Type: text/html; charset='. $row['default_encoding']);
@ -427,7 +427,7 @@ if($is_allowedToTrack && $_configuration['tracking_enabled'])
$sql = "SELECT id, name
FROM $tbl_learnpath_main";
//WHERE dokeosCourse='$_cid'"; we are using a table inside the course now, so no need for course id
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$ar=Database::fetch_array($result);
@ -451,7 +451,7 @@ if($is_allowedToTrack && $_configuration['tracking_enabled'])
"ON u.user_id = sd.user_id " .
"WHERE sd.lp_id=$contentId group by u.user_id";
//error_log($sql2,0);
$result2=Database::query($sql2,__FILE__,__LINE__);
$result2=Database::query($sql2);
if(Database::num_rows($result2)>0){
@ -475,7 +475,7 @@ if($is_allowedToTrack && $_configuration['tracking_enabled'])
"INNER JOIN $tbl_learnpath_item_view iv ON i.id=iv.lp_item_id " .
"INNER JOIN $tbl_learnpath_view v ON iv.lp_view_id=v.id " .
"WHERE (v.user_id=$studentId and v.lp_id=$contentId) ORDER BY v.id, i.id";
$result3=Database::query($sql3,__FILE__,__LINE__);
$result3=Database::query($sql3);
$ar3=Database::fetch_array($result3);
$title_line .= get_lang('ScormTitleColumn').";".get_lang('ScormStatusColumn').";".get_lang('ScormScoreColumn').";".get_lang('ScormTimeColumn');
while ($ar3['status'] != '') {

2
main/tracking/logins_details.php
Unescape View File

@ -116,7 +116,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
AND `gu`.`group_id` = '$_gid'
AND `u`.`user_id` = '$uInfo'";
}
$query = Database::query($sql,__FILE__,__LINE__);
$query = Database::query($sql);
$res = @Database::fetch_array($query);
if(is_array($res))
{

10
main/tracking/userLog.php
Unescape View File

@ -77,7 +77,7 @@ if (isset($_GET['scormcontopen'])) {
if (is_numeric($contopen)) {
$contopen = intval($contopen);
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
}
@ -147,7 +147,7 @@ if(api_get_setting('use_session_mode') == "true") {
OR (date_start='0000-00-00' AND date_end='0000-00-00'))
WHERE id_session='".$_SESSION['id_session']."' AND course_code='$_cid'";
//echo $sql;
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
if(!Database::num_rows($result)){
$disabled = true;
}
@ -302,7 +302,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
WHERE gu.user_id = u.user_id`
AND gu.group_id = '".Database::escape_string($_gid)."'
AND u.user_id = '".Database::escape_string($uInfo)."'";
$query = Database::query($sql,__FILE__,__LINE__);
$query = Database::query($sql);
$tracked_user_info = @Database::fetch_assoc($query);
if(is_array($tracked_user_info)) $tracking_is_accepted = true;
}
@ -366,7 +366,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
</tr>";
$sql = "SELECT id, name FROM $tbl_learnpath_main";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$ar=Database::fetch_array($result);
echo "<tr><td style='padding-left : 40px;padding-right : 40px;'>";
@ -388,7 +388,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
"INNER JOIN $tbl_learnpath_item_view iv ON i.id=iv.lp_item_id " .
"INNER JOIN $tbl_learnpath_view v ON iv.lp_view_id=v.id " .
"WHERE (v.user_id=".Database::escape_string($uInfo)." and v.lp_id=$contentId) ORDER BY v.id, i.id";
$result3=Database::query($sql3,__FILE__,__LINE__);
$result3=Database::query($sql3);
$ar3=Database::fetch_array($result3);
if (is_array($ar3)) {
echo "<tr><td>&nbsp;&nbsp;&nbsp;</td>

10
main/tracking/userlogCSV.php
Unescape View File

@ -79,7 +79,7 @@ if ($_GET['scormcontopen'])
$tbl_lp = Database::get_course_table(TABLE_LP_MAIN);
$contopen = (int) $_GET['scormcontopen'];
$sql = "SELECT default_encoding FROM $tbl_lp WHERE id = ".$contopen;
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$row = Database::fetch_array($res);
$lp_charset = $row['default_encoding'];
//header('Content-Type: text/html; charset='. $row['default_encoding']);
@ -138,7 +138,7 @@ if(api_get_setting('use_session_mode') == "true") {
OR (date_start='0000-00-00' AND date_end='0000-00-00'))
WHERE id_session='".$_SESSION['id_session']."' AND course_code='$_cid'";
//echo $sql;
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
if(!Database::num_rows($result)){
$disabled = true;
}
@ -285,7 +285,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
WHERE `gu`.`user_id` = `u`.`user_id`
AND `gu`.`group_id` = '$_gid'
AND `u`.`user_id` = '$uInfo'";
$query = Database::query($sql,__FILE__,__LINE__);
$query = Database::query($sql);
$tracked_user_info = @Database::fetch_assoc($query);
if(is_array($tracked_user_info)) $tracking_is_accepted = true;
@ -336,7 +336,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
$title[1]=get_lang('ScormContentColumn');
$line ='';
$sql = "SELECT id, name FROM $tbl_learnpath_main";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$ar=Database::fetch_array($result);
if (is_array($ar))
@ -353,7 +353,7 @@ if( ( $is_allowedToTrack || $is_allowedToTrackEverybodyInCourse ) && $_configura
"INNER JOIN $tbl_learnpath_item_view iv ON i.id=iv.lp_item_id " .
"INNER JOIN $tbl_learnpath_view v ON iv.lp_view_id=v.id " .
"WHERE (v.user_id=$uInfo and v.lp_id=$contentId) ORDER BY v.id, i.id";
$result3=Database::query($sql3,__FILE__,__LINE__);
$result3=Database::query($sql3);
$ar3=Database::fetch_array($result3);
if (is_array($ar3)) {
$title_line=get_lang('ScormTitleColumn').";".get_lang('ScormStatusColumn').";".get_lang('ScormScoreColumn').";".get_lang('ScormTimeColumn')."\n";

2
main/upload/upload.document.php
Unescape View File

@ -87,7 +87,7 @@ if(isset($_FILES['user_upload']))
if ($new_comment) $ct .= ", comment='$new_comment'";
if ($new_title) $ct .= ", title='$new_title'";
Database::query("UPDATE $table_document SET" . substr($ct, 1) .
" WHERE id = '$docid'", __FILE__, __LINE__);
" WHERE id = '$docid'");
}
//check for missing images in html files
$missing_files = check_for_missing_files($base_work_dir.$_POST['curdirpath'].$new_path);

4
main/user/class.php
Unescape View File

@ -120,7 +120,7 @@ function get_number_of_classes()
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " AND (c.name LIKE '%".$keyword."%')";
}
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$result = Database::num_rows($res);
return $result;
}
@ -152,7 +152,7 @@ function get_class_data($from, $number_of_items, $column, $direction)
$sql .= " GROUP BY c.id, c.name ";
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$classes = array ();
while ($class = Database::fetch_row($res))
{

8
main/user/subscribe_class.php
Unescape View File

@ -96,7 +96,7 @@ function get_number_of_classes()
$class_table = Database :: get_main_table(TABLE_MAIN_CLASS);
$course_class_table = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$sql = "SELECT * FROM $course_class_table WHERE course_code = '".$_SESSION['_course']['id']."'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$subscribed_classes = array();
while($obj = Database::fetch_object($res))
{
@ -112,7 +112,7 @@ function get_number_of_classes()
{
$sql .= " AND c.id NOT IN ('".implode("','",$subscribed_classes)."')";
}
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$result = Database::num_rows($res);
return $result;
}
@ -125,7 +125,7 @@ function get_class_data($from, $number_of_items, $column, $direction)
$course_class_table = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$class_user_table = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$sql = "SELECT * FROM $course_class_table WHERE course_code = '".$_SESSION['_course']['id']."'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$subscribed_classes = array();
while($obj = Database::fetch_object($res))
{
@ -152,7 +152,7 @@ function get_class_data($from, $number_of_items, $column, $direction)
$sql .= " GROUP BY c.id, c.name ";
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$classes = array ();
while ($class = Database::fetch_row($res))
{

206
main/user/subscribe_user.php
Unescape View File

@ -74,13 +74,13 @@ $list_not_register_user='';
if (isset ($_REQUEST['register'])) {
if (isset($_REQUEST['type']) && $_REQUEST['type']=='teacher') {
if (!empty($current_session_id)) {
$result_simple_sub = SessionManager::set_coach_to_course_session(intval($_REQUEST['user_id']), $current_session_id, $_course['sysCode']);
} else {
$result_simple_sub = CourseManager :: subscribe_user(intval($_REQUEST['user_id']), $_course['sysCode'],COURSEMANAGER);
$result_simple_sub = CourseManager :: subscribe_user(intval($_REQUEST['user_id']), $_course['sysCode'],COURSEMANAGER);
}
} else {
$result_simple_sub=CourseManager :: subscribe_user(intval($_REQUEST['user_id']), $_course['sysCode']);
}
@ -113,9 +113,9 @@ if (isset ($_POST['action'])) {
if(isset($_REQUEST['type']) && $_REQUEST['type']=='teacher') {
if (!empty($current_session_id)) {
$is_suscribe[] = SessionManager::set_coach_to_course_session($user_id, $current_session_id, $_course['sysCode']);
} else {
} else {
$is_suscribe[]=CourseManager :: subscribe_user($user_id, $_course['sysCode'],COURSEMANAGER);
}
}
} else {
$is_suscribe[]=CourseManager :: subscribe_user($user_id, $_course['sysCode']);
}
@ -187,31 +187,31 @@ if (!empty($_SESSION['session_user_name'])) {
* * Get the users to display on the current page.
*/
function get_number_of_users() {
global $_configuration;
// Database table definition
$user_table = Database :: get_main_table(TABLE_MAIN_USER);
$course_user_table = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$tbl_session_rel_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$table_user_field_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
if (isset($_REQUEST['type']) && $_REQUEST['type']=='teacher') {
if (!empty($_SESSION["id_session"])) {
if (!empty($_SESSION["id_session"])) {
$sql = "SELECT
u.user_id
u.user_id
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user and course_code='".$_SESSION['_course']['id']."' AND id_session ='".$_SESSION["id_session"]."'
WHERE cu.id_user IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
if ($_configuration['multiple_access_urls']==true) {
$url_access_id = api_get_current_access_url_id();
if ($url_access_id !=-1) {
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT
u.user_id
u.user_id
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user and course_code='".$_SESSION['_course']['id']."' AND id_session ='".$_SESSION["id_session"]."'
INNER JOIN $tbl_url_rel_user as url_rel_user
@ -219,18 +219,18 @@ function get_number_of_users() {
WHERE cu.user_id IS NULL AND access_url_id= $url_access_id AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
}
}
} else {
$sql = "SELECT u.user_id
FROM $user_table u
LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and course_code='".$_SESSION['_course']['id']."'
WHERE cu.user_id IS NULL";
if ($_configuration['multiple_access_urls']==true) {
$url_access_id = api_get_current_access_url_id();
if ($url_access_id !=-1) {
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT
u.user_id
FROM $user_table u
@ -239,15 +239,15 @@ function get_number_of_users() {
ON (url_rel_user.user_id = u.user_id)
WHERE cu.user_id IS NULL AND access_url_id= $url_access_id ";
}
}
}
}
} else {
// students
if (!empty($_SESSION["id_session"])) {
$sql = "SELECT
u.user_id
u.user_id
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user and course_code='".$_SESSION['_course']['id']."' AND id_session ='".$_SESSION["id_session"]."'
WHERE cu.id_user IS NULL AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
@ -264,32 +264,32 @@ function get_number_of_users() {
WHERE cu.user_id IS NULL AND access_url_id= $url_access_id AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
}
}
} else {
$sql = "SELECT u.user_id
FROM $user_table u
LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and course_code='".$_SESSION['_course']['id']."'";
// we change the SQL when we have a filter
if (isset($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true'){
$field_identification = explode('*',$_GET['subscribe_user_filter_value']);
$sql .= "
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL";
}
}
if ($_configuration['multiple_access_urls']==true) {
$url_access_id = api_get_current_access_url_id();
if ($url_access_id !=-1) {
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql = "SELECT
u.user_id
FROM $user_table u
@ -307,12 +307,12 @@ function get_number_of_users() {
if (isset ($_REQUEST['keyword'])) {
$keyword = Database::escape_string(trim($_REQUEST['keyword']));
$sql .= " AND (firstname LIKE '%".$keyword."%' OR lastname LIKE '%".$keyword."%' OR email LIKE '%".$keyword."%' OR username LIKE '%".$keyword."%' OR official_code LIKE '%".$keyword."%')";
// we also want to search for users who have something in their profile fields that matches the keyword
if (api_get_setting('ProfilingFilterAddingUsers') == 'true') {
$additional_users = search_additional_profile_fields($keyword);
}
// getting all the users of the course (to make sure that we do not display users that are already in the course)
if (!empty($_SESSION["id_session"])) {
$a_course_users = CourseManager :: get_user_list_from_course_code($_SESSION['_course']['id'], true, $_SESSION['id_session']);
@ -322,23 +322,23 @@ function get_number_of_users() {
foreach ($a_course_users as $user_id=>$course_user) {
$users_of_course[] = $course_user['user_id'];
}
}
//executing the SQL statement
$res = api_sql_query($sql, __FILE__, __LINE__);
$res = api_sql_query($sql);
while ($user = Database::fetch_row($res)) {
$users[] = $user[0];
}
}
$result = Database::num_rows($res);
// we add 1 for every additional user (a user where the keyword matches one of the additional profile fields)
// that is not yet in the course and not yet in the search result
if (isset ($_REQUEST['keyword']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true') {
if (isset ($_REQUEST['keyword']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true') {
foreach($additional_users as $additional_user_key=>$additional_user_value){
if (!in_array($additional_user_key,$users) AND !in_array($additional_user_key,$users_of_course)){
$result++;
}
}
}
}
return $result;
}
@ -353,7 +353,7 @@ function get_user_data($from, $number_of_items, $column, $direction) {
$course_user_table = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$tbl_session_rel_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$table_user_field_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
// adding teachers
$is_western_name_order = api_is_western_name_order();
if (isset($_REQUEST['type']) && $_REQUEST['type']=='teacher') {
@ -373,16 +373,16 @@ function get_user_data($from, $number_of_items, $column, $direction) {
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user and course_code='".$_SESSION['_course']['id']."' AND id_session ='".$_SESSION["id_session"]."' ";
// applying the filter of the additional user profile fields
// applying the filter of the additional user profile fields
if (isset($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true'){
$field_identification = explode('*',$_GET['subscribe_user_filter_value']);
$sql .= "
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.id_user IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL)
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
} else {
$sql .= "WHERE cu.id_user IS NULL AND u.status=1 AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
}
} else {
@ -400,22 +400,22 @@ function get_user_data($from, $number_of_items, $column, $direction) {
u.user_id AS col6
FROM $user_table u
LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and course_code='".$_SESSION['_course']['id']."'";
// applying the filter of the additional user profile fields
// applying the filter of the additional user profile fields
if (isset($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true'){
$field_identification = explode('*',$_GET['subscribe_user_filter_value']);
$sql .= "
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL";
}
//showing only the courses of the current Dokeos access_url_id
global $_configuration;
// adding a teacher NOT trough a session on a portal with multiple URLs
if ($_configuration['multiple_access_urls']==true) {
$url_access_id = api_get_current_access_url_id();
@ -435,23 +435,23 @@ function get_user_data($from, $number_of_items, $column, $direction) {
FROM $user_table u
LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and course_code='".$_SESSION['_course']['id']."'
INNER JOIN $tbl_url_rel_user as url_rel_user
ON (url_rel_user.user_id = u.user_id)
WHERE cu.user_id IS NULL AND access_url_id= $url_access_id ";
ON (url_rel_user.user_id = u.user_id)
WHERE cu.user_id IS NULL AND access_url_id= $url_access_id ";
// applying the filter of the additional user profile fields
// applying the filter of the additional user profile fields
if (isset($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true'){
$field_identification = explode('*',$_GET['subscribe_user_filter_value']);
$sql .= "
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL AND access_url_id= $url_access_id ";
}
}
}
}
}
}
} else {
@ -470,15 +470,15 @@ function get_user_data($from, $number_of_items, $column, $direction) {
u.user_id AS col6
FROM $user_table u
LEFT JOIN $tbl_session_rel_course_user cu on u.user_id = cu.id_user and course_code='".$_SESSION['_course']['id']."' AND id_session ='".$_SESSION["id_session"]."' ";
// applying the filter of the additional user profile fields
// applying the filter of the additional user profile fields
if (isset($_GET['subscribe_user_filter_value'])){
$field_identification = explode('*',$_GET['subscribe_user_filter_value']);
$sql .= "
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.id_user IS NULL AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL)
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.id_user IS NULL AND (u.official_code <> 'ADMIN' OR u.official_code IS NULL) ";
@ -497,15 +497,15 @@ function get_user_data($from, $number_of_items, $column, $direction) {
u.user_id AS col6
FROM $user_table u
LEFT JOIN $course_user_table cu on u.user_id = cu.user_id and course_code='".$_SESSION['_course']['id']."'";
// applying the filter of the additional user profile fields
// applying the filter of the additional user profile fields
if (isset($_GET['subscribe_user_filter_value'])){
$field_identification = explode('*',$_GET['subscribe_user_filter_value']);
$sql .= "
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL";
@ -535,18 +535,18 @@ function get_user_data($from, $number_of_items, $column, $direction) {
WHERE cu.user_id IS NULL AND access_url_id= $url_access_id ";
// applying the filter of the additional user profile fields
// applying the filter of the additional user profile fields
if (isset($_GET['subscribe_user_filter_value']) AND api_get_setting('ProfilingFilterAddingUsers') == 'true'){
$field_identification = explode('*',$_GET['subscribe_user_filter_value']);
$sql .= "
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
LEFT JOIN $table_user_field_values field_values
ON field_values.user_id = u.user_id
WHERE cu.user_id IS NULL
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_id = '".Database::escape_string($field_identification[0])."'
AND field_values.field_value = '".Database::escape_string($field_identification[1])."'";
} else {
$sql .= "WHERE cu.user_id IS NULL AND access_url_id= $url_access_id ";
}
}
}
}
@ -557,12 +557,12 @@ function get_user_data($from, $number_of_items, $column, $direction) {
if (isset ($_REQUEST['keyword'])) {
$keyword = Database::escape_string(trim($_REQUEST['keyword']));
$sql .= " AND (firstname LIKE '%".$keyword."%' OR lastname LIKE '%".$keyword."%' OR email LIKE '%".$keyword."%' OR username LIKE '%".$keyword."%' OR official_code LIKE '%".$keyword."%')";
if (api_get_setting('ProfilingFilterAddingUsers') == 'true') {
// we also want to search for users who have something in their profile fields that matches the keyword
$additional_users = search_additional_profile_fields($keyword);
}
// getting all the users of the course (to make sure that we do not display users that are already in the course)
if (!empty($_SESSION["id_session"])) {
$a_course_users = CourseManager :: get_user_list_from_course_code($_SESSION['_course']['id'], true, $_SESSION['id_session']);
@ -573,11 +573,11 @@ function get_user_data($from, $number_of_items, $column, $direction) {
$users_of_course[] = $course_user['user_id'];
}
}
// Sorting and pagination (used by the sortable table)
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$users = array ();
while ($user = Database::fetch_row($res)) {
$users[] = $user;
@ -597,7 +597,7 @@ function get_user_data($from, $number_of_items, $column, $direction) {
}
}
}
}
return $users;
}
@ -714,13 +714,13 @@ $table->display();
Display :: display_footer();
/**
* Search the additional user profile fields defined by the platform administrator in
* platform administration > profiling for a given keyword.
* Search the additional user profile fields defined by the platform administrator in
* platform administration > profiling for a given keyword.
* We not only search in the predefined options but also in the input fields wherer
* the user can enter some text.
*
* For this we get the additional profile field options that match the (search) keyword,
* then we find all the users who have entered the (search)keyword in a input field of the
* the user can enter some text.
*
* For this we get the additional profile field options that match the (search) keyword,
* then we find all the users who have entered the (search)keyword in a input field of the
* additional profile fields or have chosen one of the matching predefined options
*
* @param string $keyword a keyword we are looking for in the additional profile fields
@ -733,58 +733,58 @@ function search_additional_profile_fields($keyword)
$table_user_field_values = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$table_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
$table_session_course_user = Database::get_main_table(TABLE_MAIN_SESSION_COURSE_USER);
// getting the field option text that match this keyword (for radio buttons and checkboxes)
$sql_profiling = "SELECT * FROM $table_user_field_options WHERE option_display_text LIKE '%".$keyword."%'";
$result_profiling = api_sql_query($sql_profiling, __FILE__, __LINE__);
$result_profiling = api_sql_query($sql_profiling);
while ($profiling_field_options = Database::fetch_array($result_profiling)) {
$profiling_field_options_exact_values[] = $profiling_field_options;
}
foreach ($profiling_field_options_exact_values as $profilingkey=>$profilingvalue){
$profiling_field_options_exact_values_sql .= "OR (field_id = '".$profilingvalue['field_id']."' AND field_value='".$profilingvalue['option_value']."') ";
}
// getting all the user ids of the users who have chosen on of the predefined fields that contain the keyword
// or all the users who have entered the keyword in a free-form field
$sql_profiling_values = "SELECT user.user_id as col0, user.official_code as col1, user.lastname as col2, user.firstname as col3, user.email as col4, user.active as col5, user.user_id as col6
FROM $table_user user, $table_user_field_values user_values
WHERE user.user_id = user_values.user_id
AND ( field_value LIKE '%".$keyword."%'
FROM $table_user user, $table_user_field_values user_values
WHERE user.user_id = user_values.user_id
AND ( field_value LIKE '%".$keyword."%'
".$profiling_field_options_exact_values_sql.")";
$result_profiling_values = api_sql_query($sql_profiling_values, __FILE__, __LINE__);
$result_profiling_values = api_sql_query($sql_profiling_values);
while ($profiled_users = Database::fetch_array($result_profiling_values)) {
$additional_users[$profiled_users['col0']] = $profiled_users;
}
return $additional_users;
return $additional_users;
}
/**
* This function displays a dropdown list with all the additional user profile fields defined by the platform administrator in
* platform administration > profiling. Only the fields that have predefined fields are usefull for such a filter.
* This function displays a dropdown list with all the additional user profile fields defined by the platform administrator in
* platform administration > profiling. Only the fields that have predefined fields are usefull for such a filter.
*
*/
function display_extra_profile_fields_filter()
{
// getting all the additional user profile fields
$extra = UserManager::get_extra_fields(0,50,5,'ASC');
$return='<option value="">'.get_lang('SelectFilter').'</option>';
// looping through the additional user profile fields
foreach($extra as $id => $field_details) {
foreach($extra as $id => $field_details) {
// $field_details[2] contains the type of the additional user profile field
switch($field_details[2]) {
// text fields cannot be used as a filter
case USER_FIELD_TYPE_TEXT:
break;
// text area fields cannot be used as a filter
case USER_FIELD_TYPE_TEXTAREA:
case USER_FIELD_TYPE_TEXTAREA:
break;
case USER_FIELD_TYPE_RADIO:
case USER_FIELD_TYPE_SELECT:
case USER_FIELD_TYPE_SELECT_MULTIPLE:
case USER_FIELD_TYPE_SELECT_MULTIPLE:
$return .= '<optgroup label="'.$field_details[3].'">';
foreach($field_details[9] as $option_id => $option_details) {
if ($_GET['subscribe_user_filter_value'] == $field_details[0].'*'.$option_details[1]) {
@ -793,12 +793,12 @@ function display_extra_profile_fields_filter()
$selected = false;
}
$return .= '<option value="'.$field_details[0].'*'.$option_details[1].'" '.$selected.'>'.$option_details[2].'</option>';
}
}
$return .= '</optgroup>';
break;
}
}
}
echo '<form id="subscribe_user_filter" name="subscribe_user_filter" method="get" action="'.api_get_self().'?api_get_cidreq" style="float:left;">';
echo ' <input type="hidden" name="type" id="type" value="'.Security::Remove_XSS($_REQUEST['type']).'" />';
echo '<select name="subscribe_user_filter_value" id="subscribe_user_filter_value">'.$return.'</select>';

8
main/user/user.php
Unescape View File

@ -109,7 +109,7 @@ if (api_is_allowed_to_edit()) {
$sql_query .= ' AND id_session = '.$session_id;
}
$sql_query .= $sort_by_first_name ? ' ORDER BY user.firstname, user.lastname' : ' ORDER BY user.lastname, user.firstname';
$rs = Database::query($sql_query, __FILE__, __LINE__);
$rs = Database::query($sql_query);
while ($user = Database:: fetch_array($rs, 'ASSOC')) {
$data[] = $user;
//$user_infos = Database :: get_user_info_from_id($user['user_id']);
@ -122,7 +122,7 @@ if (api_is_allowed_to_edit()) {
$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$sql_query = "SELECT DISTINCT user.user_id, ".($is_western_name_order ? "user.firstname, user.lastname" : "user.lastname, user.firstname").", user.email, user.official_code
FROM $table_course_user as course_user, $table_users as user WHERE `course_code` = '$currentCourseID' AND course_user.user_id = user.user_id ".($sort_by_first_name ? "ORDER BY user.firstname, user.lastname" : "ORDER BY user.lastname, user.firstname");
$rs = Database::query($sql_query, __FILE__, __LINE__);
$rs = Database::query($sql_query);
while ($user = Database::fetch_array($rs, 'ASSOC')) {
$data[] = $user;
$a_users[$user['user_id']] = $user;
@ -159,7 +159,7 @@ if (api_is_allowed_to_edit()) {
WHERE user.user_id = "'.$user_id.'"
AND rel_course.course_code = "'.$currentCourseID.'"';
$result = Database::query($sql, __FILE__ ,__LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result, 'ASSOC');
if ($row['user_id'] == $user_id || $row['user_id'] == "") {
CourseManager::unsubscribe_user($_GET['user_id'], $_SESSION['_course']['sysCode']);
@ -311,7 +311,7 @@ if ( api_is_allowed_to_edit()) {
// the action links
$actions .= '<a href="user.php?'.api_get_cidreq().'&action=export&amp;type=csv">'.Display::return_icon('csv.gif', get_lang('ExportAsCSV')).'&nbsp;'.get_lang('ExportAsCSV').'</a> ';
$actions .= '<a href="user.php?'.api_get_cidreq().'&action=export&amp;type=xls">'.Display::return_icon('excel.gif', get_lang('ExportAsXLS')).'&nbsp;'.get_lang('ExportAsXLS').'</a> ';
$actions .= '<a href="subscribe_user.php?'.api_get_cidreq().'">'.Display::return_icon('add_user_big.gif',get_lang("SubscribeUserToCourse")).'&nbsp;'.get_lang("SubscribeUserToCourse").'</a> ';
$actions .= "<a href=\"subscribe_user.php?".api_get_cidreq()."&type=teacher\">".Display::return_icon('add_teacher_big.gif', get_lang("SubscribeUserToCourseAsTeacher"))."&nbsp;".get_lang("SubscribeUserToCourseAsTeacher")."</a> ";
$actions .= "<a href=\"../group/group.php?".api_get_cidreq()."\">".Display::return_icon('group.gif', get_lang("GroupUserManagement"))."&nbsp;".get_lang("GroupUserManagement")."</a>";

46
main/user/userInfoLib.php
Unescape View File

@ -35,7 +35,7 @@ function create_cat_def($title="", $comment="", $nbline="5")
}
$sql = "SELECT MAX(rank) as maxRank FROM ".$TBL_USERINFO_DEF;
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if ($result) $maxRank = Database::fetch_array($result);
$maxRank = $maxRank['maxRank'];
@ -48,7 +48,7 @@ function create_cat_def($title="", $comment="", $nbline="5")
line_count = '$nbline',
rank = '$thisRank'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
return true;
}
@ -83,7 +83,7 @@ function edit_cat_def($id, $title, $comment, $nbline)
comment = '$comment',
line_count = '$nbline'
WHERE id = '$id'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
return true;
}
@ -107,7 +107,7 @@ function remove_cat_def($id, $force = false)
{
$TBL_USERINFO_DEF = Database :: get_course_table(TABLE_USER_INFO);
$TBL_USERINFO_CONTENT = Database :: get_course_table(TABLE_USER_INFO_CONTENT);
$id = strval(intval($id));
if ( (0 == (int) $id || $id == "ALL") || ! is_bool($force))
@ -118,7 +118,7 @@ function remove_cat_def($id, $force = false)
if ($force == false)
{
$sql = "SELECT * FROM $TBL_USERINFO_CONTENT $sqlCondition";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if ( Database::num_rows($result) > 0)
{
@ -126,7 +126,7 @@ function remove_cat_def($id, $force = false)
}
}
$sql = "DELETE FROM $TBL_USERINFO_DEF $sqlCondition";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
/**
@ -154,7 +154,7 @@ function move_cat_rank($id, $direction) // up & down.
}
$sql = "SELECT rank FROM $TBL_USERINFO_DEF WHERE id = '$id'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) < 1)
{
@ -204,7 +204,7 @@ function move_cat_rank_by_rank($rank, $direction) // up & down.
$sql = "SELECT id, rank FROM ".$TBL_USERINFO_DEF." WHERE rank $compOp $rank
ORDER BY rank $sort LIMIT 2";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) < 2)
{
@ -219,8 +219,8 @@ function move_cat_rank_by_rank($rank, $direction) // up & down.
$sql2 = "UPDATE ".$TBL_USERINFO_DEF." SET rank ='".$thisCat['rank'].
"' WHERE id = '".$nextCat['id']."'";
Database::query($sql1,__FILE__,__LINE__);
Database::query($sql2,__FILE__,__LINE__);
Database::query($sql1);
Database::query($sql2);
return true;
}
@ -253,7 +253,7 @@ function update_user_course_properties($user_id, $course_code, $properties)
WHERE user_id = '".$user_id."'
AND course_code = '".$course_code."'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if (Database::affected_rows() > 0)
{
@ -315,7 +315,7 @@ function fill_new_cat_content($definition_id, $user_id, $content="", $user_ip=""
WHERE definition_id = '$definition_id'
AND user_id = '$user_id'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 0)
{
@ -329,7 +329,7 @@ function fill_new_cat_content($definition_id, $user_id, $content="", $user_ip=""
editor_ip = '$user_ip',
edition_time = now()";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
return true;
}
@ -373,7 +373,7 @@ function edit_cat_content($definition_id, $user_id, $content ="", $user_ip="")
edition_time = now()
WHERE definition_id = '$definition_id' AND user_id = '$user_id'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
return true;
}
@ -402,7 +402,7 @@ function cleanout_cat_content($user_id, $definition_id)
$sql = "DELETE FROM ".$TBL_USERINFO_CONTENT."
WHERE user_id = '$user_id' AND definition_id = '$definition_id'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
return true;
}
@ -434,7 +434,7 @@ function get_course_user_info($user_id)
ON cat.id = content.definition_id AND content.user_id = '$user_id'
ORDER BY cat.rank, content.id";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 0)
{
@ -480,7 +480,7 @@ function get_main_user_info($user_id, $courseCode)
AND u.user_id = '$user_id'
AND cu.course_code = '$courseCode'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 0)
{
@ -509,7 +509,7 @@ function get_cat_content($userId, $catId)
{
$TBL_USERINFO_DEF = Database :: get_course_table(TABLE_USER_INFO);
$TBL_USERINFO_CONTENT = Database :: get_course_table(TABLE_USER_INFO_CONTENT);
$userId = strval(intval($userId));
$catId = strval(intval($catId));
$sql = "SELECT cat.id catId, cat.title,
@ -519,7 +519,7 @@ function get_cat_content($userId, $catId)
ON cat.id = content.definition_id
AND content.user_id = '$userId'
WHERE cat.id = '$catId' ";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 0)
{
@ -543,11 +543,11 @@ function get_cat_content($userId, $catId)
function get_cat_def($catId)
{
$TBL_USERINFO_DEF = Database :: get_course_table(TABLE_USER_INFO);
$catId = strval(intval($catId));
$sql = "SELECT id, title, comment, line_count, rank FROM ".$TBL_USERINFO_DEF." WHERE id = '$catId'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 0)
{
@ -572,12 +572,12 @@ function get_cat_def($catId)
function get_cat_def_list()
{
$TBL_USERINFO_DEF = Database :: get_course_table(TABLE_USER_INFO);
$sql = "SELECT id catId, title, comment , line_count
FROM ".$TBL_USERINFO_DEF."
ORDER BY rank";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 0)
{

6
main/user/user_add.php
Unescape View File

@ -74,7 +74,7 @@ if($register)
(lastname='$lastname_form' AND firstname='$firstname_form' AND email='$email_form') AS userExists
FROM $tbl_user
WHERE username='$username_form' OR (lastname='$lastname_form' AND firstname='$firstname_form' AND email='$email_form')
ORDER BY userExists DESC, loginExists DESC", __FILE__, __LINE__);
ORDER BY userExists DESC, loginExists DESC");
if(Database::num_rows($result))
{
@ -132,7 +132,7 @@ if($register)
email = '$email_form',
status = '$platformStatus',
official_code = '$official_code_form',
creator_id = '".$_user['user_id']."'", __FILE__, __LINE__);
creator_id = '".$_user['user_id']."'");
$userId = Database::insert_id();
@ -161,7 +161,7 @@ if($register)
SET user_id = '$userId',
course_code = '$currentCourseID',
status = '$admin_form',
tutor_id = '$tutor_form'", __FILE__, __LINE__))
tutor_id = '$tutor_form'"))
{
$courseRegSucceed = true;
}

250
main/webservices/registration.soap.php
Unescape View File

@ -170,13 +170,13 @@ function DokeosWSCreateUsers($params) {
// Check if exits x_user_id into user_field_values table.
$sql = "SELECT field_value,user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$count_row = Database::num_rows($res);
if ($count_row > 0) {
// Check if user is not active.
$sql = "SELECT user_id FROM $table_user WHERE user_id ='".$row[1]."' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
$count_user_id = Database::num_rows($resu);
if ($count_user_id > 0) {
@ -200,7 +200,7 @@ function DokeosWSCreateUsers($params) {
active='1',
hr_dept_id=".intval($hr_dept_id);
$sql .= " WHERE user_id='".$r_check_user[0]."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$results[] = $r_check_user[0];
continue;
//return $r_check_user[0];
@ -249,7 +249,7 @@ function DokeosWSCreateUsers($params) {
expiration_date = '".Database::escape_string($expiration_date)."',
hr_dept_id = '".Database::escape_string($hr_dept_id)."',
active = '".Database::escape_string($active)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if ($result) {
//echo "id returned";
$return = Database::insert_id();
@ -379,13 +379,13 @@ function DokeosWSCreateUser($params) {
// check if exits x_user_id into user_field_values table
$sql = "SELECT field_value,user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$count_row = Database::num_rows($res);
if ($count_row > 0) {
// Check whether user is not active.
$sql = "SELECT user_id FROM $table_user WHERE user_id ='".$row[1]."' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
$count_user_id = Database::num_rows($resu);
if ($count_user_id > 0) {
@ -409,7 +409,7 @@ function DokeosWSCreateUser($params) {
active='1',
hr_dept_id=".intval($hr_dept_id);
$sql .= " WHERE user_id='".$r_check_user[0]."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
return $r_check_user[0];
@ -455,7 +455,7 @@ function DokeosWSCreateUser($params) {
expiration_date = '".Database::escape_string($expiration_date)."',
hr_dept_id = '".Database::escape_string($hr_dept_id)."',
active = '".Database::escape_string($active)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if ($result) {
//echo "id returned";
$return = Database::insert_id();
@ -661,13 +661,13 @@ function DokeosWSCreateUsersPasswordCrypted($params) {
// Check whether x_user_id exists into user_field_values table.
$sql = "SELECT field_value,user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$count_row = Database::num_rows($res);
if ($count_row > 0) {
// Check if user is not active.
$sql = "SELECT user_id FROM $table_user WHERE user_id ='".$row[1]."' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
$count_check_user = Database::num_rows($resu);
if ($count_check_user > 0) {
@ -689,7 +689,7 @@ function DokeosWSCreateUsersPasswordCrypted($params) {
active='1',
hr_dept_id=".intval($hr_dept_id);
$sql .= " WHERE user_id='".$r_check_user[0]."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
@ -743,7 +743,7 @@ function DokeosWSCreateUsersPasswordCrypted($params) {
expiration_date = '".Database::escape_string($expiration_date)."',
hr_dept_id = '".Database::escape_string($hr_dept_id)."',
active = '".Database::escape_string($active)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if ($result) {
//echo "id returned";
$return = Database::insert_id();
@ -893,13 +893,13 @@ function DokeosWSCreateUserPasswordCrypted($params) {
// Check whether x_user_id exists into user_field_values table.
$sql = "SELECT field_value,user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$count_row = Database::num_rows($res);
if ($count_row > 0) {
// Check whether user is not active.
$sql = "SELECT user_id FROM $table_user WHERE user_id ='".$row[1]."' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
$count_check_user = Database::num_rows($resu);
if ($count_check_user > 0) {
@ -921,7 +921,7 @@ function DokeosWSCreateUserPasswordCrypted($params) {
active='1',
hr_dept_id=".intval($hr_dept_id);
$sql .= " WHERE user_id='".$r_check_user[0]."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
@ -972,7 +972,7 @@ function DokeosWSCreateUserPasswordCrypted($params) {
expiration_date = '".Database::escape_string($expiration_date)."',
hr_dept_id = '".Database::escape_string($hr_dept_id)."',
active = '".Database::escape_string($active)."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if ($result) {
//echo "id returned";
$return = Database::insert_id();
@ -1135,7 +1135,7 @@ function DokeosWSEditUsers($params) {
// Get user id from id wiener
$sql = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$user_id = $row[0];
@ -1144,7 +1144,7 @@ function DokeosWSEditUsers($params) {
continue;
} else {
$sql = "SELECT user_id FROM $table_user WHERE user_id ='$user_id' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
$results[] = 0; // user_id is not active.
@ -1154,7 +1154,7 @@ function DokeosWSEditUsers($params) {
// Check whether username already exits.
$sql = "SELECT username FROM $table_user WHERE username = '$username' AND user_id <> '$user_id'";
$res_un = Database::query($sql, __FILE__, __LINE__);
$res_un = Database::query($sql);
$r_username = Database::fetch_row($res_un);
if (!empty($r_username[0])) {
@ -1187,7 +1187,7 @@ function DokeosWSEditUsers($params) {
$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
}
$sql .= " WHERE user_id='$user_id'";
$return = @Database::query($sql, __FILE__, __LINE__);
$return = @Database::query($sql);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
@ -1285,7 +1285,7 @@ function DokeosWSEditUser($params) {
// Get user id from id wiener
$sql = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$user_id = $row[0];
@ -1293,7 +1293,7 @@ function DokeosWSEditUser($params) {
return 0;
} else {
$sql = "SELECT user_id FROM $table_user WHERE user_id ='$user_id' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
return 0;
@ -1302,7 +1302,7 @@ function DokeosWSEditUser($params) {
// Check whether username already exits.
$sql = "SELECT username FROM $table_user WHERE username = '$username' AND user_id <> '$user_id'";
$res_un = Database::query($sql, __FILE__, __LINE__);
$res_un = Database::query($sql);
$r_username = Database::fetch_row($res_un);
if (!empty($r_username[0])) {
@ -1334,7 +1334,7 @@ function DokeosWSEditUser($params) {
$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
}
$sql .= " WHERE user_id='$user_id'";
$return = @Database::query($sql, __FILE__, __LINE__);
$return = @Database::query($sql);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
@ -1503,7 +1503,7 @@ function DokeosWSEditUsersPasswordCrypted($params) {
}
$sql = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$user_id = $row[0];
@ -1512,7 +1512,7 @@ function DokeosWSEditUsersPasswordCrypted($params) {
continue;
} else {
$sql = "SELECT user_id FROM $table_user WHERE user_id ='$user_id' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
$results[] = 0; // user_id is not active
@ -1522,7 +1522,7 @@ function DokeosWSEditUsersPasswordCrypted($params) {
// Check if username already exits.
$sql = "SELECT username FROM $table_user WHERE username ='$username' AND user_id <> '$user_id'";
$res_un = Database::query($sql, __FILE__, __LINE__);
$res_un = Database::query($sql);
$r_username = Database::fetch_row($res_un);
if (!empty($r_username[0])) {
@ -1554,7 +1554,7 @@ function DokeosWSEditUsersPasswordCrypted($params) {
$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
}
$sql .= " WHERE user_id='$user_id'";
$return = @Database::query($sql, __FILE__, __LINE__);
$return = @Database::query($sql);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
@ -1673,7 +1673,7 @@ function DokeosWSEditUserPasswordCrypted($params) {
}
$sql = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$user_id = $row[0];
@ -1681,7 +1681,7 @@ function DokeosWSEditUserPasswordCrypted($params) {
return 0;
} else {
$sql = "SELECT user_id FROM $table_user WHERE user_id ='$user_id' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
return 0;
@ -1690,7 +1690,7 @@ function DokeosWSEditUserPasswordCrypted($params) {
// Check whether username already exits.
$sql = "SELECT username FROM $table_user WHERE username ='$username' AND user_id <> '$user_id'";
$res_un = Database::query($sql, __FILE__, __LINE__);
$res_un = Database::query($sql);
$r_username = Database::fetch_row($res_un);
if (!empty($r_username[0])) {
@ -1721,7 +1721,7 @@ function DokeosWSEditUserPasswordCrypted($params) {
$sql .= ", creator_id='".Database::escape_string($creator_id)."'";
}
$sql .= " WHERE user_id='$user_id'";
$return = @Database::query($sql, __FILE__, __LINE__);
$return = @Database::query($sql);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
@ -1831,7 +1831,7 @@ function DokeosWSDeleteUsers($params) {
$original_user_id_value = $user_param['original_user_id_value'];
$orig_user_id_value[] = $user_param['original_user_id_value'];
$sql = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$user_id = $row[0];
@ -1840,7 +1840,7 @@ function DokeosWSDeleteUsers($params) {
continue;
} else {
$sql = "SELECT user_id FROM $table_user WHERE user_id ='$user_id' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
$results[] = 0;
@ -1850,7 +1850,7 @@ function DokeosWSDeleteUsers($params) {
// Update active to 0
$sql = "UPDATE $table_user SET active='0' WHERE user_id = '$user_id'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$results[] = 1;
continue;
}
@ -1907,7 +1907,7 @@ function DokeosWSDeleteUser($params) {
$original_user_id_name = $params['original_user_id_name'];
$original_user_id_value = $params['original_user_id_value'];
$sql = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value='$original_user_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$user_id = $row[0];
@ -1915,7 +1915,7 @@ function DokeosWSDeleteUser($params) {
return 0;
} else {
$sql = "SELECT user_id FROM $table_user WHERE user_id ='$user_id' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
return 0;
@ -1924,7 +1924,7 @@ function DokeosWSDeleteUser($params) {
// Update active to 0
$sql = "UPDATE $table_user SET active='0' WHERE user_id = '$user_id'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
return 1;
}
@ -2043,13 +2043,13 @@ function DokeosWSCreateCourse($params) {
// Check whether exits $x_course_code into user_field_values table.
$sql = "SELECT field_value,course_code FROM $table_field cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value='$original_course_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
if (!empty($row[0])) {
// Check whether user is not active.
$sql = "SELECT code FROM $table_course WHERE code ='".$row[1]."' AND visibility= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_course = Database::fetch_row($resu);
if (!empty($r_check_course[0])) {
$sql = "UPDATE $table_course SET course_language='".Database::escape_string($course_language)."',
@ -2059,7 +2059,7 @@ function DokeosWSCreateCourse($params) {
visual_code='".Database::escape_string($wanted_code)."',
visibility = '3'
WHERE code='".Database::escape_string($r_check_course[0])."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
$extra_field_name = $extra['field_name'];
@ -2100,7 +2100,7 @@ function DokeosWSCreateCourse($params) {
$keys = define_course_keys($wanted_code, '', $_configuration['db_prefix']);
$sql_check = sprintf('SELECT * FROM '.$table_course.' WHERE visual_code = "%s"',Database :: escape_string($wanted_code));
$result_check = Database::query($sql_check, __FILE__, __LINE__); // I don't know why this api function doesn't work...
$result_check = Database::query($sql_check); // I don't know why this api function doesn't work...
if (Database::num_rows($result_check) < 1) {
if (sizeof($keys)) {
$visual_code = $keys['currentCourseCode'];
@ -2277,13 +2277,13 @@ function DokeosWSCreateCourseByTitle($params) {
// Check if exits $x_course_code into user_field_values table.
$sql = "SELECT field_value,course_code FROM $table_field cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value='$original_course_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
if (!empty($row[0])) {
// Check whether user is not active.
$sql = "SELECT code FROM $table_course WHERE code ='".$row[1]."' AND visibility= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_course = Database::fetch_row($resu);
if (!empty($r_check_course[0])) {
$sql = "UPDATE $table_course SET course_language='".Database::escape_string($course_language)."',
@ -2293,7 +2293,7 @@ function DokeosWSCreateCourseByTitle($params) {
visual_code='".Database::escape_string($wanted_code)."',
visibility = '3'
WHERE code='".Database::escape_string($r_check_course[0])."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$results[] = $r_check_course[0];
continue;
} else {
@ -2314,7 +2314,7 @@ function DokeosWSCreateCourseByTitle($params) {
$keys = define_course_keys($wanted_code, '', $_configuration['db_prefix']);
$sql_check = sprintf('SELECT * FROM '.$table_course.' WHERE visual_code = "%s"', Database :: escape_string($wanted_code));
$result_check = Database::query($sql_check, __FILE__, __LINE__); // I don't know why this api function doesn't work...
$result_check = Database::query($sql_check); // I don't know why this api function doesn't work...
if (Database::num_rows($result_check) < 1) {
if (sizeof($keys)) {
$visual_code = $keys['currentCourseCode'];
@ -2489,7 +2489,7 @@ function DokeosWSEditCourse($params){
// Get course code from id from remote system.
$sql = "SELECT course_code FROM $table_field cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value='$original_course_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$course_code = $row[0];
@ -2501,7 +2501,7 @@ function DokeosWSEditCourse($params){
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT concat(lastname,'',firstname) as tutor_name FROM $table_user WHERE status='1' AND user_id = '$tutor_id' ORDER BY lastname,firstname";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$tutor_name = Database::fetch_row($res);
$dbnamelength = strlen($_configuration['db_prefix']);
@ -2525,7 +2525,7 @@ function DokeosWSEditCourse($params){
subscribe = '".Database::escape_string($subscribe)."',
unsubscribe='".Database::escape_string($unsubscribe)."'
WHERE code='".Database::escape_string($course_code)."'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
if (is_array($extra_list) && count($extra_list) > 0) {
foreach ($extra_list as $extra) {
@ -2636,7 +2636,7 @@ function DokeosWSCourseDescription($params) {
// Get course code from id from remote system.
$sql = "SELECT course_code FROM $table_field cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value='$original_course_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$course_code=$row[0];
@ -2646,7 +2646,7 @@ function DokeosWSCourseDescription($params) {
//continue;
} else {
$sql = "SELECT code FROM $course_table WHERE code ='$course_code' AND visibility = '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_code = Database::fetch_row($resu);
if (Database::num_rows($resu) > 0) {
return 0; // This code is not active.
@ -2659,7 +2659,7 @@ function DokeosWSCourseDescription($params) {
$t_course_desc = Database::get_course_table(TABLE_COURSE_DESCRIPTION, $course_ifo['dbName']);
$sql = "SELECT * FROM $t_course_desc";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
/*$default_titles = array(
get_lang('GeneralDescription'),
@ -2811,7 +2811,7 @@ function DokeosWSEditCourseDescription($params) {
// Get course code from id from the remote system.
$sql = "SELECT course_code FROM $table_field cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value='$original_course_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$course_code = $row[0];
@ -2821,7 +2821,7 @@ function DokeosWSEditCourseDescription($params) {
continue; // Original_course_id_value doesn't exist.
} else {
$sql = "SELECT code FROM $course_table WHERE code ='$course_code' AND visibility = '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_code = Database::fetch_row($resu);
if (Database::num_rows($resu) > 0) {
$results[] = 0;
@ -2845,14 +2845,14 @@ function DokeosWSEditCourseDescription($params) {
// Check whether data already exits into course_description table.
$sql_check_id = "SELECT * FROM $t_course_desc WHERE id ='$course_desc_id'";
$res_check_id = Database::query($sql_check_id, __FILE__, __LINE__);
$res_check_id = Database::query($sql_check_id);
if (Database::num_rows($res_check_id) > 0) {
$sql = "UPDATE $t_course_desc SET title='$course_desc_title', content = '$course_desc_content' WHERE id = '".$course_desc_id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
} else {
$sql = "INSERT IGNORE INTO $t_course_desc SET id = '".$course_desc_id."', title = '$course_desc_title', content = '$course_desc_content'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
$results[] = 1;
@ -2968,7 +2968,7 @@ function DokeosWSDeleteCourse($params) {
$orig_course_id_value[] = $original_course_id_value;
// Get course code from id from the remote system.
$sql_course = "SELECT course_code FROM $table_field cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value='$original_course_id_value'";
$res_course = Database::query($sql_course, __FILE__, __LINE__);
$res_course = Database::query($sql_course);
$row_course = Database::fetch_row($res_course);
$code = $row_course[0];
@ -2978,7 +2978,7 @@ function DokeosWSDeleteCourse($params) {
continue;
} else {
$sql = "SELECT code FROM $table_course WHERE code ='$code' AND visibility = '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_code = Database::fetch_row($resu);
if (!empty($r_check_code[0])) {
$results[] = 0; // This code is not active.
@ -2987,7 +2987,7 @@ function DokeosWSDeleteCourse($params) {
}
$sql = "UPDATE $table_course SET visibility = '0' WHERE code = '$code'";
$return = Database::query($sql, __FILE__, __LINE__);
$return = Database::query($sql);
$results[] = $return;
}
@ -3126,7 +3126,7 @@ function DokeosWSCreateSession($params) {
$extra_list = $session_param['extra'];
// Check if exits remote system's session id into session_field_values table.
$sql = "SELECT field_value FROM $t_sf sf,$t_sfv sfv WHERE sfv.field_id=sf.id AND field_variable='$original_session_id_name' AND field_value='$original_session_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
if (Database::num_rows($res) > 0) {
$results[] = 0;
@ -3154,12 +3154,12 @@ function DokeosWSCreateSession($params) {
$results[] = 0;
continue;
} else {
$rs = Database::query("SELECT 1 FROM $tbl_session WHERE name='".addslashes($name)."'", __FILE__, __LINE__);
$rs = Database::query("SELECT 1 FROM $tbl_session WHERE name='".addslashes($name)."'");
if (Database::num_rows($rs)) {
$results[] = 0;
continue;
} else {
Database::query("INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end) VALUES('".addslashes($name)."','$date_start','$date_end','$id_coach',".intval($_user['user_id']).",".$nb_days_acess_before.", ".$nb_days_acess_after.")", __FILE__, __LINE__);
Database::query("INSERT INTO $tbl_session(name,date_start,date_end,id_coach,session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end) VALUES('".addslashes($name)."','$date_start','$date_end','$id_coach',".intval($_user['user_id']).",".$nb_days_acess_before.", ".$nb_days_acess_after.")");
$id_session = Database::insert_id();
// Save new fieldlabel into course_field table.
@ -3319,7 +3319,7 @@ function DokeosWSEditSession($params) {
$extra_list = $session_param['extra'];
// Get session id from original session id
$sql = "SELECT session_id FROM $t_sf sf,$t_sfv sfv WHERE sfv.field_id=sf.id AND field_variable='$original_session_id_name' AND field_value='$original_session_id_value'";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
$row = Database::fetch_row($res);
$id = intval($row[0]);
@ -3358,7 +3358,7 @@ function DokeosWSEditSession($params) {
"nb_days_access_before_beginning='". $nb_days_acess_before."', " .
"nb_days_access_after_end='". $nb_days_acess_after."'" .
" WHERE id='".$id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$id_session = Database::insert_id();
if (is_array($extra_list) && count($extra_list) > 0) {
@ -3487,7 +3487,7 @@ function DokeosWSDeleteSession($params) {
$orig_session_id_value[] = $original_session_id_name;
// get session id from original session id
$sql = "SELECT session_id FROM $t_sf sf,$t_sfv sfv WHERE sfv.field_id=sf.id AND field_variable='$original_session_id_name' AND field_value='$original_session_id_value'";
$res = @Database::query($sql, __FILE__, __LINE__);
$res = @Database::query($sql);
$row = Database::fetch_row($res);
$idChecked = intval($row[0]);
@ -3499,13 +3499,13 @@ function DokeosWSDeleteSession($params) {
$session_ids[] = $idChecked;
$sql_session = "DELETE FROM $tbl_session WHERE id = '$idChecked'";
@Database::query($sql_session, __FILE__, __LINE__);
@Database::query($sql_session);
$sql_session_rel_course = "DELETE FROM $tbl_session_rel_course WHERE id_session = '$idChecked'";
@Database::query($sql_session_rel_course, __FILE__, __LINE__);
@Database::query($sql_session_rel_course);
$sql_session_rel_course_rel_user = "DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session = '$idChecked'";
@Database::query($sql_session_rel_course_rel_user, __FILE__, __LINE__);
@Database::query($sql_session_rel_course_rel_user);
$sql_session_rel_course = "DELETE FROM $tbl_session_rel_user WHERE id_session = '$idChecked'";
@Database::query($sql_session_rel_course, __FILE__, __LINE__);
@Database::query($sql_session_rel_course);
$results[] = 1;
continue;
}
@ -3514,7 +3514,7 @@ function DokeosWSDeleteSession($params) {
$cad_session_ids = implode(',', $session_ids);
$sql = "SELECT distinct field_id FROM $t_sfv WHERE session_id IN ($cad_session_ids)";
$res_field_ids = @Database::query($sql, __FILE__, __LINE__);
$res_field_ids = @Database::query($sql);
while($row_field_id = Database::fetch_row($res_field_ids)){
$field_ids[] = $row_field_id[0];
@ -3523,11 +3523,11 @@ function DokeosWSDeleteSession($params) {
//delete from table_session_field_value from a given session_id
foreach ($session_ids as $session_id) {
$sql_session_field_value = "DELETE FROM $t_sfv WHERE session_id = '$session_id'";
@Database::query($sql_session_field_value, __FILE__, __LINE__);
@Database::query($sql_session_field_value);
}
$sql = "SELECT distinct field_id FROM $t_sfv";
$res_field_all_ids = @Database::query($sql, __FILE__, __LINE__);
$res_field_all_ids = @Database::query($sql);
while($row_field_all_id = Database::fetch_row($res_field_all_ids)){
$field_all_ids[] = $row_field_all_id[0];
@ -3539,7 +3539,7 @@ function DokeosWSDeleteSession($params) {
continue;
} else {
$sql_session_field = "DELETE FROM $t_sf WHERE id = '$field_id'";
Database::query($sql_session_field, __FILE__, __LINE__);
Database::query($sql_session_field);
}
}
@ -3685,13 +3685,13 @@ function DokeosWSSubscribeUserToCourse($params) {
foreach ($original_user_id_values as $row_original_user_list) {
$sql_user = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value = '$row_original_user_list'";
// return $sql_user;
$res_user = Database::query($sql_user, __FILE__, __LINE__);
$res_user = Database::query($sql_user);
$row_user = Database::fetch_row($res_user);
if (empty($row_user[0])) {
continue; // user_id doesn't exist.
} else {
$sql = "SELECT user_id FROM $user_table WHERE user_id ='".$row_user[0]."' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
continue; // user_id is not active.
@ -3704,7 +3704,7 @@ function DokeosWSSubscribeUserToCourse($params) {
// Get course code from original course id
$sql_course = "SELECT course_code FROM $table_field cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value='$original_course_id_value'";
$res_course = Database::query($sql_course, __FILE__, __LINE__);
$res_course = Database::query($sql_course);
$row_course = Database::fetch_row($res_course);
$course_code = $row_course[0];
@ -3714,7 +3714,7 @@ function DokeosWSSubscribeUserToCourse($params) {
continue;
} else {
$sql = "SELECT code FROM $course_table WHERE code ='$course_code' AND visibility = '0'";
$resc = Database::query($sql, __FILE__, __LINE__);
$resc = Database::query($sql);
$r_check_code = Database::fetch_row($resc);
if (!empty($r_check_code[0])) {
$results[] = 0; // this code is not active
@ -3734,7 +3734,7 @@ function DokeosWSSubscribeUserToCourse($params) {
foreach($usersList as $user_id) {
// previously check if the user are already registered on the platform
$handle = @Database::query("SELECT status FROM ".$user_table."
WHERE user_id = '$user_id' ", __FILE__, __LINE__);
WHERE user_id = '$user_id' ");
if (Database::num_rows($handle) == 0){
//$results[] = 7; // the user isn't registered to the platform
continue;
@ -3742,7 +3742,7 @@ function DokeosWSSubscribeUserToCourse($params) {
//check if user isn't already subscribed to the course
$handle = @Database::query("SELECT * FROM ".$course_user_table."
WHERE user_id = '$user_id'
AND course_code ='$course_code'", __FILE__, __LINE__);
AND course_code ='$course_code'");
if (Database::num_rows($handle) > 0) {
//$results[] = 8; // the user is already subscribed to the course
continue;
@ -3754,7 +3754,7 @@ function DokeosWSSubscribeUserToCourse($params) {
user_id = '$user_id',
status = '".$status."',
sort = '". ($course_sort)."'";
$result = @Database::query($add_course_user_entry_sql, __FILE__, __LINE__);
$result = @Database::query($add_course_user_entry_sql);
}
}
@ -3883,13 +3883,13 @@ function DokeosWSUnsubscribeUserFromCourse($params) {
foreach ($original_user_id_values as $row_original_user_list) {
$sql_user = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value = '$row_original_user_list'";
//return $sql_user;
$res_user = Database::query($sql_user, __FILE__, __LINE__);
$res_user = Database::query($sql_user);
$row_user = Database::fetch_row($res_user);
if (empty($row_user[0])) {
continue; // user_id doesn't exist.
} else {
$sql = "SELECT user_id FROM $user_table WHERE user_id ='".$row_user[0]."' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
continue; // user_id is not active.
@ -3903,7 +3903,7 @@ function DokeosWSUnsubscribeUserFromCourse($params) {
// Get course code from original course id
$sql_course = "SELECT course_code FROM $table_field cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value='$original_course_id_value'";
$res_course = Database::query($sql_course, __FILE__, __LINE__);
$res_course = Database::query($sql_course);
$row_course = Database::fetch_row($res_course);
$course_code = $row_course[0];
@ -3913,7 +3913,7 @@ function DokeosWSUnsubscribeUserFromCourse($params) {
continue;
} else {
$sql = "SELECT code FROM $table_course WHERE code ='$course_code' AND visibility = '0'";
$resul = Database::query($sql, __FILE__, __LINE__);
$resul = Database::query($sql);
$r_check_code = Database::fetch_row($resul);
if (!empty($r_check_code[0])) {
$results[] = 0;
@ -3929,7 +3929,7 @@ function DokeosWSUnsubscribeUserFromCourse($params) {
foreach($usersList as $user_id) {
$course_code = Database::escape_string($course_code);
$sql = "DELETE FROM $table_course_user WHERE user_id = '$user_id' AND course_code = '".$course_code."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$return = Database::affected_rows();
}
$results[] = 1;
@ -4055,7 +4055,7 @@ function DokeosWSSuscribeUsersToSession($params){
$orig_session_id_value[] = $original_session_id_value;
// get session id from original session id
$sql_session = "SELECT session_id FROM $t_sf sf,$t_sfv sfv WHERE sfv.field_id=sf.id AND field_variable='$original_session_id_name' AND field_value='$original_session_id_value'";
$res_session = Database::query($sql_session, __FILE__, __LINE__);
$res_session = Database::query($sql_session);
$row_session = Database::fetch_row($res_session);
$id_session = $row_session[0];
@ -4068,13 +4068,13 @@ function DokeosWSSuscribeUsersToSession($params){
$usersList = array();
foreach ($original_user_id_values as $row_original_user_list) {
$sql_user = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value = '$row_original_user_list'";
$res_user = Database::query($sql_user, __FILE__, __LINE__);
$res_user = Database::query($sql_user);
$row_user = Database::fetch_row($res_user);
if (empty($row_user[0])) {
continue; // user_id doesn't exist.
} else {
$sql = "SELECT user_id FROM $user_table WHERE user_id ='".$row_user[0]."' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
continue; // user_id is not active.
@ -4096,13 +4096,13 @@ function DokeosWSSuscribeUsersToSession($params){
}
$sql = "SELECT id_user FROM $tbl_session_rel_user WHERE id_session='$id_session'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$existingUsers = array();
while($row = Database::fetch_array($result)){
$existingUsers[] = $row['id_user'];
}
$sql = "SELECT course_code FROM $tbl_session_rel_course WHERE id_session='$id_session'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$CourseList = array();
while($row = Database::fetch_array($result)) {
$CourseList[] = $row['course_code'];
@ -4118,7 +4118,7 @@ function DokeosWSSuscribeUsersToSession($params){
if(!in_array($enreg_user, $existingUsers)) {
$enreg_user = Database::escape_string($enreg_user);
$insert_sql = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')";
Database::query($insert_sql, __FILE__, __LINE__);
Database::query($insert_sql);
if (Database::affected_rows()) {
$nbr_users++;
}
@ -4126,11 +4126,11 @@ function DokeosWSSuscribeUsersToSession($params){
}
// count users in this session-course relation
$sql = "SELECT COUNT(id_user) as nbUsers FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='$enreg_course'";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
list($nbr_users) = Database::fetch_array($rs);
// update the session-course relation to add the users total
$update_sql = "UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'";
Database::query($update_sql, __FILE__, __LINE__);
Database::query($update_sql);
}
// insert missing users into session
@ -4139,12 +4139,12 @@ function DokeosWSSuscribeUsersToSession($params){
$enreg_user = Database::escape_string($enreg_user);
$nbr_users++;
$insert_sql = "INSERT IGNORE INTO $tbl_session_rel_user(id_session, id_user) VALUES('$id_session','$enreg_user')";
Database::query($insert_sql, __FILE__, __LINE__);
Database::query($insert_sql);
}
// update number of users in the session
$nbr_users = count($usersList);
$update_sql = "UPDATE $tbl_session SET nbr_users= $nbr_users WHERE id='$id_session' ";
Database::query($update_sql, __FILE__, __LINE__);
Database::query($update_sql);
$return = Database::affected_rows();
$results[] = 1;
continue;
@ -4271,7 +4271,7 @@ function DokeosWSUnsuscribeUsersFromSession($params) {
$orig_session_id_value[] = $original_session_id_value;
// get session id from original session id
$sql_session = "SELECT session_id FROM $t_sf sf,$t_sfv sfv WHERE sfv.field_id=sf.id AND field_variable='$original_session_id_name' AND field_value='$original_session_id_value'";
$res_session = Database::query($sql_session, __FILE__, __LINE__);
$res_session = Database::query($sql_session);
$row_session = Database::fetch_row($res_session);
$id_session = $row_session[0];
@ -4284,13 +4284,13 @@ function DokeosWSUnsuscribeUsersFromSession($params) {
$usersList = array();
foreach ($original_user_id_values as $row_original_user_list) {
$sql_user = "SELECT user_id FROM $t_uf uf,$t_ufv ufv WHERE ufv.field_id=uf.id AND field_variable='$original_user_id_name' AND field_value = '$row_original_user_list'";
$res_user = Database::query($sql_user, __FILE__, __LINE__);
$res_user = Database::query($sql_user);
$row_user = Database::fetch_row($res_user);
if (empty($row_user[0])) {
continue; // user_id doesn't exist.
} else {
$sql = "SELECT user_id FROM $user_table WHERE user_id ='".$row_user[0]."' AND active= '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_user = Database::fetch_row($resu);
if (!empty($r_check_user[0])) {
continue; // user_id is not active.
@ -4312,13 +4312,13 @@ function DokeosWSUnsuscribeUsersFromSession($params) {
}
$sql = "SELECT id_user FROM $tbl_session_rel_user WHERE id_session='$id_session'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$existingUsers = array();
while($row = Database::fetch_array($result)){
$existingUsers[] = $row['id_user'];
}
$sql = "SELECT course_code FROM $tbl_session_rel_course WHERE id_session='$id_session'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$CourseList = array();
while($row = Database::fetch_array($result)) {
$CourseList[] = $row['course_code'];
@ -4332,7 +4332,7 @@ function DokeosWSUnsuscribeUsersFromSession($params) {
foreach ($existingUsers as $existing_user) {
if (!in_array($existing_user, $usersList)) {
$sql = "DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='$enreg_course' AND id_user='$existing_user'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
if (Database::affected_rows()) {
$nbr_users--;
@ -4341,11 +4341,11 @@ function DokeosWSUnsuscribeUsersFromSession($params) {
}
// Count users in this session-course relation.
$sql = "SELECT COUNT(id_user) as nbUsers FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='$enreg_course'";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
list($nbr_users) = Database::fetch_array($rs);
// update the session-course relation to add the users total
$update_sql = "UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'";
Database::query($update_sql, __FILE__, __LINE__);
Database::query($update_sql);
}
// Insert missing users into session.
@ -4353,12 +4353,12 @@ function DokeosWSUnsuscribeUsersFromSession($params) {
foreach ($usersList as $enreg_user) {
$enreg_user = Database::escape_string($enreg_user);
$delete_sql = "DELETE FROM $tbl_session_rel_user WHERE id_session = '$id_session' AND id_user ='$enreg_user'";
Database::query($delete_sql, __FILE__, __LINE__);
Database::query($delete_sql);
$return = Database::affected_rows();
}
$nbr_users = 0;
$sql = "SELECT nbr_users FROM $tbl_session WHERE id = '$id_session'";
$res_nbr_users = Database::query($sql, __FILE__, __LINE__);
$res_nbr_users = Database::query($sql);
$row_nbr_users = Database::fetch_row($res_nbr_users);
if (Database::num_rows($res_nbr_users) > 0) {
@ -4367,7 +4367,7 @@ function DokeosWSUnsuscribeUsersFromSession($params) {
// Update number of users in the session.
$update_sql = "UPDATE $tbl_session SET nbr_users= $nbr_users WHERE id='$id_session' ";
Database::query($update_sql, __FILE__, __LINE__);
Database::query($update_sql);
$return = Database::affected_rows();
$results[] = 1;
continue;
@ -4506,7 +4506,7 @@ function DokeosWSSuscribeCoursesToSession($params) {
$orig_session_id_value[] = $original_session_id_value;
// get session id from original session id
$sql_session = "SELECT session_id FROM $t_sf sf,$t_sfv sfv WHERE sfv.field_id=sf.id AND field_variable='$original_session_id_name' AND field_value='$original_session_id_value'";
$res_session = Database::query($sql_session, __FILE__, __LINE__);
$res_session = Database::query($sql_session);
$row_session = Database::fetch_row($res_session);
$id_session = $row_session[0];
@ -4520,13 +4520,13 @@ function DokeosWSSuscribeCoursesToSession($params) {
$course_list = array();
foreach ($original_course_id_values as $row_original_course_list) {
$sql_course = "SELECT course_code FROM $t_cf cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value = '$row_original_course_list'";
$res_course = Database::query($sql_course, __FILE__, __LINE__);
$res_course = Database::query($sql_course);
$row_course = Database::fetch_row($res_course);
if (empty($row_course[0])) {
continue; // course_code doesn't exist.
} else {
$sql = "SELECT code FROM $tbl_course WHERE code ='".$row_course[0]."' AND visibility = '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_course = Database::fetch_row($resu);
if (!empty($r_check_course[0])) {
continue; // user_id is not active.
@ -4544,14 +4544,14 @@ function DokeosWSSuscribeCoursesToSession($params) {
// Get general coach ID
$sql = "SELECT id_coach FROM $tbl_session WHERE id='$id_session'";
$id_coach = Database::query($sql, __FILE__, __LINE__);
$id_coach = Database::query($sql);
$id_coach = Database::fetch_array($id_coach);
$id_coach = $id_coach[0];
// get list of courses subscribed to this session
$sql = "SELECT course_code FROM $tbl_session_rel_course WHERE id_session='$id_session'";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$existingCourses = Database::store_result($rs);
$nbr_courses=count($existingCourses);
@ -4559,7 +4559,7 @@ function DokeosWSSuscribeCoursesToSession($params) {
$sql="SELECT id_user
FROM $tbl_session_rel_user
WHERE id_session = '$id_session'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$user_list=Database::store_result($result);
$course_directory = array();
@ -4579,7 +4579,7 @@ function DokeosWSSuscribeCoursesToSession($params) {
// if the course isn't subscribed yet
$sql_insert_rel_course= "INSERT INTO $tbl_session_rel_course (id_session,course_code) VALUES ('$id_session','$enreg_course')";
Database::query($sql_insert_rel_course, __FILE__, __LINE__);
Database::query($sql_insert_rel_course);
// We add the current course in the existing courses array, to avoid adding another time the current course
$existingCourses[] = array('course_code' => $enreg_course);
@ -4591,20 +4591,20 @@ function DokeosWSSuscribeCoursesToSession($params) {
foreach ($user_list as $enreg_user) {
$enreg_user_id = Database::escape_string($enreg_user['id_user']);
$sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user (id_session,course_code,id_user) VALUES ('$id_session','$enreg_course','$enreg_user_id')";
Database::query($sql_insert, __FILE__, __LINE__);
Database::query($sql_insert);
if (Database::affected_rows()) {
$nbr_users++;
}
}
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'", __FILE__, __LINE__);
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'");
$sql_directory = "SELECT directory FROM $tbl_course WHERE code = '$enreg_course'";
$res_directory = Database::query($sql_directory, __FILE__, __LINE__);
$res_directory = Database::query($sql_directory);
$row_directory = Database::fetch_row($res_directory);
$course_directory[] = $row_directory[0];
}
}
Database::query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'", __FILE__, __LINE__);
Database::query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'");
$course_directory[] = $id_session;
$cad_course_directory = implode(',', $course_directory);
@ -4734,7 +4734,7 @@ function DokeosWSUnsuscribeCoursesFromSession($params) {
$orig_session_id_value[] = $original_session_id_value;
// Get session id from original session id
$sql_session = "SELECT session_id FROM $t_sf sf,$t_sfv sfv WHERE sfv.field_id=sf.id AND field_variable='$original_session_id_name' AND field_value='$original_session_id_value'";
$res_session = Database::query($sql_session, __FILE__, __LINE__);
$res_session = Database::query($sql_session);
$row_session = Database::fetch_row($res_session);
$id_session = $row_session[0];
@ -4748,13 +4748,13 @@ function DokeosWSUnsuscribeCoursesFromSession($params) {
$course_list = array();
foreach ($original_course_id_values as $row_original_course_list) {
$sql_course = "SELECT course_code FROM $t_cf cf,$t_cfv cfv WHERE cfv.field_id=cf.id AND field_variable='$original_course_id_name' AND field_value = '$row_original_course_list'";
$res_course = Database::query($sql_course, __FILE__, __LINE__);
$res_course = Database::query($sql_course);
$row_course = Database::fetch_row($res_course);
if (empty($row_course[0])) {
continue; // Course_code doesn't exist'
} else {
$sql = "SELECT code FROM $tbl_course WHERE code ='".$row_course[0]."' AND visibility = '0'";
$resu = Database::query($sql, __FILE__, __LINE__);
$resu = Database::query($sql);
$r_check_course = Database::fetch_row($resu);
if (!empty($r_check_course[0])) {
continue; // user_id is not active.
@ -4772,14 +4772,14 @@ function DokeosWSUnsuscribeCoursesFromSession($params) {
foreach ($course_list as $enreg_course) {
$enreg_course = Database::escape_string($enreg_course);
Database::query("DELETE FROM $tbl_session_rel_course WHERE course_code='$enreg_course' AND id_session='$id_session'", __FILE__, __LINE__);
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE course_code='$enreg_course' AND id_session='$id_session'", __FILE__, __LINE__);
Database::query("DELETE FROM $tbl_session_rel_course WHERE course_code='$enreg_course' AND id_session='$id_session'");
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE course_code='$enreg_course' AND id_session='$id_session'");
$return = Database::affected_rows();
}
$nbr_courses = 0;
$sql = "SELECT nbr_courses FROM $tbl_session WHERE id = '$id_session'";
$res_nbr_courses = Database::query($sql, __FILE__, __LINE__);
$res_nbr_courses = Database::query($sql);
$row_nbr_courses = Database::fetch_row($res_nbr_courses);
if (Database::num_rows($res_nbr_courses) > 0) {
@ -4788,7 +4788,7 @@ function DokeosWSUnsuscribeCoursesFromSession($params) {
// Update number of users in the session.
$update_sql = "UPDATE $tbl_session SET nbr_courses= $nbr_courses WHERE id='$id_session' ";
Database::query($update_sql, __FILE__, __LINE__);
Database::query($update_sql);
$results[] = 1;
continue;

66
main/wiki/index.php
Unescape View File

@ -201,7 +201,7 @@ Display::display_introduction_section(TOOL_WIKI);
//release of blocked pages to prevent concurrent editions
$sql='SELECT * FROM '.$tbl_wiki.'WHERE is_editing!="0" '.$condition_session;
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
while ($is_editing_block=Database::fetch_array($result))
{
$max_edit_time=1200; // 20 minutes
@ -221,7 +221,7 @@ while ($is_editing_block=Database::fetch_array($result))
if ($time_editing>$max_edit_time || ($is_editing_block['is_editing']==$_user['user_id'] && $_GET['action']!='edit'))
{
$sql='UPDATE '.$tbl_wiki.' SET is_editing="0", time_edit="0000-00-00 00:00:00" WHERE is_editing="'.$is_editing_block['is_editing'].'" '.$condition_session;
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
@ -287,11 +287,11 @@ if (isset($_POST['SaveWikiNew']))
if ($_GET['view'])
{
$sql='SELECT * FROM '.$tbl_wiki.'WHERE id="'.Database::escape_string($_GET['view']).'"'; //current view
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$current_row=Database::fetch_array($result);
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.$condition_session.' ORDER BY id DESC'; //last version
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$last_row=Database::fetch_array($result);
if ($_GET['view']<$last_row['id'])
@ -603,7 +603,7 @@ if ($_GET['action']=='mactiveusers')
echo '<div class="actions">'.get_lang('MostActiveUsers').'</div>';
$sql='SELECT *, COUNT(*) AS NUM_EDIT FROM '.$tbl_wiki.' WHERE '.$groupfilter.$condition_session.' GROUP BY user_id';
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
//show table
if (Database::num_rows($allpages) > 0)
@ -646,7 +646,7 @@ if ($_GET['action']=='usercontrib')
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.$condition_session.' AND user_id="'.Security::remove_XSS($_GET['user_id']).'" AND visibility=1';
}
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
//show table
if (Database::num_rows($allpages) > 0)
@ -733,7 +733,7 @@ if ($_GET['action']=='mostchanged')
$sql='SELECT *, MAX(version) AS MAX FROM '.$tbl_wiki.' WHERE '.$groupfilter.$condition_session.' AND visibility=1 GROUP BY reflink';
}
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
//show table
if (Database::num_rows($allpages) > 0)
@ -787,7 +787,7 @@ if ($_GET['action']=='mvisited')
$sql='SELECT *, SUM(hits) AS tsum FROM '.$tbl_wiki.' WHERE '.$groupfilter.$condition_session.' AND visibility=1 GROUP BY reflink';
}
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
//show table
if (Database::num_rows($allpages) > 0)
@ -837,7 +837,7 @@ if ($_GET['action']=='wanted')
//get name pages
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.$condition_session.' GROUP BY reflink ORDER BY reflink ASC';
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
while ($row=Database::fetch_array($allpages))
{
@ -849,7 +849,7 @@ if ($_GET['action']=='wanted')
$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE visibility=1 AND '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.'.$groupfilter.$condition_session; // new version
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
while ($row=Database::fetch_array($allpages))
{
//$row['linksto']= str_replace("\n".$row["reflink"]."\n", "\n", $row["linksto"]); //remove self reference. TODO: check
@ -890,7 +890,7 @@ if ($_GET['action']=='orphaned')
//get name pages
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.$condition_session.' GROUP BY reflink ORDER BY reflink ASC';
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
while ($row=Database::fetch_array($allpages))
{
$pages[] = $row['reflink'];
@ -901,7 +901,7 @@ if ($_GET['action']=='orphaned')
$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.'.$groupfilter.$condition_session.' '; // new version
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
while ($row=Database::fetch_array($allpages))
{
//$row['linksto']= str_replace("\n".$row["reflink"]."\n", "\n", $row["linksto"]); //remove self reference. TODO: check
@ -936,7 +936,7 @@ if ($_GET['action']=='orphaned')
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.$condition_session.' AND reflink="'.$vshow.'" AND visibility=1 GROUP BY reflink';
}
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
echo '<ul>';
while ($row=Database::fetch_array($allpages))
@ -993,13 +993,13 @@ if ($_GET['action']=='delete')
if ($_GET['delete'] == 'yes')
{
$sql='DELETE '.$tbl_wiki_discuss.' FROM '.$tbl_wiki.', '.$tbl_wiki_discuss.' WHERE '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' AND '.$tbl_wiki_discuss.'.publication_id='.$tbl_wiki.'.id';
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$sql='DELETE '.$tbl_wiki_mailcue.' FROM '.$tbl_wiki.', '.$tbl_wiki_mailcue.' WHERE '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' AND '.$tbl_wiki_mailcue.'.id='.$tbl_wiki.'.id';
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$sql='DELETE FROM '.$tbl_wiki.' WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.$condition_session.'';
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
check_emailcue(0, 'E');
@ -1088,7 +1088,7 @@ if ($_GET['action']=='links')
{
$sql='SELECT * FROM '.$tbl_wiki.' WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.$condition_session.'';
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
//get type assignment icon
@ -1140,7 +1140,7 @@ if ($_GET['action']=='links')
}
$allpages=Database::query($sql,__LINE__,__FILE__);
$allpages=Database::query($sql);
//show table
if (Database::num_rows($allpages) > 0)
@ -1271,7 +1271,7 @@ if ($_GET['action']=='edit')
$_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$tbl_wiki.'.'.$groupfilter.$condition_session.' ORDER BY id DESC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
@ -1487,7 +1487,7 @@ if ($_GET['action']=='edit')
$time_edit = date("Y-m-d H:i:s");
$sql='UPDATE '.$tbl_wiki.' SET is_editing="'.$_user['user_id'].'", time_edit="'.$time_edit.'" WHERE id="'.$row['id'].'"';
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
elseif($row['is_editing']!=$_user['user_id'])
{
@ -1713,7 +1713,7 @@ if ($_GET['action']=='history' or Security::remove_XSS($_POST['HistoryDifference
//First, see the property visibility that is at the last register and therefore we should select descending order. But to give ownership to each record, this is no longer necessary except for the title. TODO: check this
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.$condition_session.' ORDER BY id DESC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
@ -1743,7 +1743,7 @@ if ($_GET['action']=='history' or Security::remove_XSS($_POST['HistoryDifference
{
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.$condition_session.' ORDER BY id DESC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$title = Security::remove_XSS($_GET['title']);
$group_id = Security::remove_XSS($_GET['group_id']);
@ -1825,12 +1825,12 @@ if ($_GET['action']=='history' or Security::remove_XSS($_POST['HistoryDifference
else
{
$sql_old="SELECT * FROM $tbl_wiki WHERE id='".Database::escape_string($_POST['old'])."'";
$result_old=Database::query($sql_old,__LINE__,__FILE__);
$result_old=Database::query($sql_old);
$version_old=Database::fetch_array($result_old);
$sql_new="SELECT * FROM $tbl_wiki WHERE id='".Database::escape_string($_POST['new'])."'";
$result_new=Database::query($sql_new,__LINE__,__FILE__);
$result_new=Database::query($sql_new);
$version_new=Database::fetch_array($result_new);
if(isset($_POST['HistoryDifferences']))
@ -1946,7 +1946,7 @@ if ($_GET['action']=='recentchanges')
//$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND visibility=1 AND '.$tbl_wiki.'.'.$groupfilter.' ORDER BY dtime DESC'; // new version
}
$allpages=Database::query($sql,__LINE__,__FILE__);
$allpages=Database::query($sql);
//show table
if (Database::num_rows($allpages) > 0)
@ -2036,7 +2036,7 @@ if ($_GET['action']=='allpages')
}
$allpages=Database::query($sql,__LINE__,__FILE__);
$allpages=Database::query($sql);
//show table
if (Database::num_rows($allpages) > 0)
@ -2123,14 +2123,14 @@ if ($_GET['action']=='discuss')
//first extract the date of last version
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.$condition_session.' ORDER BY id DESC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$lastversiondate=$row['dtime'];
$lastuserinfo=Database::get_user_info_from_id($row['user_id']);
//select page to discuss
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.$condition_session.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$id=$row['id'];
$firstuserid=$row['user_id'];
@ -2295,7 +2295,7 @@ if ($_GET['action']=='discuss')
$message_author=api_get_user_id();
$sql="INSERT INTO $tbl_wiki_discuss (publication_id, userc_id, comment, p_score, dtime) VALUES ('".$id."','".$message_author."','".$_POST['comment']."','".$_POST['rating']."','".$dtime."')";
$result=Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result=Database::query($sql) or die(Database::error());
check_emailcue($id, 'D', $dtime, $message_author);
@ -2306,17 +2306,17 @@ if ($_GET['action']=='discuss')
$user_table = Database :: get_main_table(TABLE_MAIN_USER);
$sql="SELECT * FROM $tbl_wiki_discuss reviews, $user_table user WHERE reviews.publication_id='".$id."' AND user.user_id='".$firstuserid."' ORDER BY id DESC";
$result=Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result=Database::query($sql) or die(Database::error());
$countWPost = Database::num_rows($result);
echo get_lang('NumComments').": ".$countWPost; //comment's numbers
$sql="SELECT SUM(p_score) as sumWPost FROM $tbl_wiki_discuss WHERE publication_id='".$id."' AND NOT p_score='-' ORDER BY id DESC";
$result2=Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result2=Database::query($sql) or die(Database::error());
$row2=Database::fetch_array($result2);
$sql="SELECT * FROM $tbl_wiki_discuss WHERE publication_id='".$id."' AND NOT p_score='-'";
$result3=Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result3=Database::query($sql) or die(Database::error());
$countWPost_score= Database::num_rows($result3);
echo ' - '.get_lang('NumCommentsScore').': '.$countWPost_score;//
@ -2333,7 +2333,7 @@ if ($_GET['action']=='discuss')
echo ' - '.get_lang('RatingMedia').': '.$avg_WPost_score; // average rating
$sql='UPDATE '.$tbl_wiki.' SET score="'.Database::escape_string($avg_WPost_score).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.$condition_session; // check if work ok. TODO:
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
echo '<hr noshade size="1">';
//echo '<div style="overflow:auto; height:170px;">';

104
main/wiki/wiki.inc.php
Unescape View File

@ -68,7 +68,7 @@ function checktitle($paramwk)
global $groupfilter;
$sql='SELECT * FROM '.$tbl_wiki.' WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($paramwk)))).'" AND '.$groupfilter.''; // TODO: check if need entity
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$numberofresults=Database::num_rows($result);
if ($numberofresults==0) // the value has not been found and is this available
@ -369,7 +369,7 @@ function save_wiki() {
if ($_clean['page_id'] ==0)
{
$sql='UPDATE '.$tbl_wiki.' SET page_id="'.$Id.'" WHERE id="'.$Id.'"';
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
//update wiki config
@ -382,7 +382,7 @@ function save_wiki() {
{
$sql='UPDATE'.$tbl_wiki_conf.' SET task="'.$_clean['task'].'", feedback1="'.$_clean['feedback1'].'", feedback2="'.$_clean['feedback2'].'", feedback3="'.$_clean['feedback3'].'", fprogress1="'.$_clean['fprogress1'].'", fprogress2="'.$_clean['fprogress2'].'", fprogress3="'.$_clean['fprogress3'].'", max_text="'.$_clean['max_text'].'", max_version="'.$_clean['max_version'].'", startdate_assig="'.$_clean['startdate_assig'].'", enddate_assig="'.$_clean['enddate_assig'].'", delayedsubmit="'.$_clean['delayedsubmit'].'" WHERE page_id="'.$_clean['page_id'].'"';
}
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $_clean['group_id']);
@ -428,18 +428,18 @@ function delete_wiki()
global $tbl_wiki, $tbl_wiki_conf, $tbl_wiki_discuss, $tbl_wiki_mailcue, $groupfilter;
//identify the first id by group = identify wiki
$sql='SELECT * FROM '.$tbl_wiki.' WHERE '.$groupfilter.' ORDER BY id DESC';
$allpages=Database::query($sql,__FILE__,__LINE__);
$allpages=Database::query($sql);
while ($row=Database::fetch_array($allpages)) {
$id = $row['id'];
$group_id = $row['group_id'];
$page_id = $row['page_id'];
Database::query('DELETE FROM '.$tbl_wiki_conf.' WHERE page_id="'.$id.'"' ,__FILE__,__LINE__);
Database::query('DELETE FROM '.$tbl_wiki_discuss.' WHERE publication_id="'.$id.'"' ,__FILE__,__LINE__);
Database::query('DELETE FROM '.$tbl_wiki_conf.' WHERE page_id="'.$id.'"');
Database::query('DELETE FROM '.$tbl_wiki_discuss.' WHERE publication_id="'.$id.'"');
}
Database::query('DELETE FROM '.$tbl_wiki_mailcue.' WHERE group_id="'.$group_id.'"' ,__FILE__,__LINE__);
Database::query('DELETE FROM '.$tbl_wiki.' WHERE '.$groupfilter.'',__FILE__,__LINE__);
Database::query('DELETE FROM '.$tbl_wiki_mailcue.' WHERE group_id="'.$group_id.'"');
Database::query('DELETE FROM '.$tbl_wiki.' WHERE '.$groupfilter.'');
return get_lang('WikiDeleted');
}
@ -547,7 +547,7 @@ function save_new_wiki() {
} else {
$dtime = date( "Y-m-d H:i:s" );
$sql = "INSERT INTO ".$tbl_wiki." (reflink, title, content, user_id, group_id, dtime, visibility, visibility_disc, ratinglock_disc, assignment, comment, progress, version, linksto, user_ip, session_id) VALUES ('".$_clean['reflink']."','".$_clean['title']."','".$_clean['content']."','".$_clean['user_id']."','".$_clean['group_id']."','".$dtime."','".$_clean['visibility']."','".$_clean['visibility_disc']."','".$_clean['ratinglock_disc']."','".$_clean['assignment']."','".$_clean['comment']."','".$_clean['progress']."','".$_clean['version']."','".$_clean['linksto']."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."', '".Database::escape_string($session_id)."')";
$result = Database::query($sql,__LINE__,__FILE__);
$result = Database::query($sql);
$Id = Database::insert_id();
if ($Id > 0) {
@ -556,11 +556,11 @@ function save_new_wiki() {
}
$sql='UPDATE '.$tbl_wiki.' SET page_id="'.$Id.'" WHERE id="'.$Id.'"';
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
//insert wiki config
$sql="INSERT INTO ".$tbl_wiki_conf." (page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit) VALUES ('".$Id."','".$_clean['task']."','".$_clean['feedback1']."','".$_clean['feedback2']."','".$_clean['feedback3']."','".$_clean['fprogress1']."','".$_clean['fprogress2']."','".$_clean['fprogress3']."','".$_clean['max_text']."','".$_clean['max_version']."','".$_clean['startdate_assig']."','".$_clean['enddate_assig']."','".$_clean['delayedsubmit']."')";
Database::query($sql,__LINE__,__FILE__);
Database::query($sql);
check_emailcue(0, 'A');
@ -787,13 +787,13 @@ function display_wiki_entry($newtitle)
//first, check page visibility in the first page version
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($pageMIX)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$KeyVisibility=$row['visibility'];
// second, show the last version
$sql='SELECT * FROM '.$tbl_wiki.', '.$tbl_wiki_conf.' WHERE '.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND '.$tbl_wiki.'.reflink="'.api_html_entity_decode(Database::escape_string(stripslashes(urldecode($pageMIX)))).'" AND '.$tbl_wiki.'.'.$groupfilter.' '.$filter.' ORDER BY id DESC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
@ -801,7 +801,7 @@ function display_wiki_entry($newtitle)
if($row['id'])
{
$sql='UPDATE '.$tbl_wiki.' SET hits=(hits+1) WHERE id='.$row['id'].'';
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
@ -1022,7 +1022,7 @@ function wiki_exist($title)
global $tbl_wiki;
global $groupfilter;
$sql='SELECT id FROM '.$tbl_wiki.'WHERE title="'.Database::escape_string($title).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$cant=Database::num_rows($result);
if ($cant>0)
return true;
@ -1070,7 +1070,7 @@ function check_addnewpagelock()
$_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$status_addlock=$row['addlock'];
@ -1089,10 +1089,10 @@ function check_addnewpagelock()
$status_addlock=1;
}
Database::query('UPDATE '.$tbl_wiki.' SET addlock="'.Database::escape_string($status_addlock).'" WHERE '.$groupfilter.'',__LINE__,__FILE__);
Database::query('UPDATE '.$tbl_wiki.' SET addlock="'.Database::escape_string($status_addlock).'" WHERE '.$groupfilter.'');
$sql='SELECT * FROM '.$tbl_wiki.'WHERE '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
}
@ -1119,7 +1119,7 @@ function check_protect_page()
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$status_editlock=$row['editlock'];
@ -1139,11 +1139,11 @@ function check_protect_page()
$sql='UPDATE '.$tbl_wiki.' SET editlock="'.Database::escape_string($status_editlock).'" WHERE id="'.$id.'"';
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
}
@ -1169,7 +1169,7 @@ function check_visibility_page()
$_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$status_visibility=$row['visibility'];
@ -1190,11 +1190,11 @@ function check_visibility_page()
}
$sql='UPDATE '.$tbl_wiki.' SET visibility="'.Database::escape_string($status_visibility).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter;
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
}
@ -1225,7 +1225,7 @@ function check_visibility_discuss()
$_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$status_visibility_disc=$row['visibility_disc'];
@ -1243,11 +1243,11 @@ function check_visibility_discuss()
}
$sql='UPDATE '.$tbl_wiki.' SET visibility_disc="'.Database::escape_string($status_visibility_disc).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter;
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
}
@ -1271,7 +1271,7 @@ function check_addlock_discuss()
$_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$status_addlock_disc=$row['addlock_disc'];
@ -1290,11 +1290,11 @@ function check_addlock_discuss()
}
$sql='UPDATE '.$tbl_wiki.' SET addlock_disc="'.Database::escape_string($status_addlock_disc).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter;
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
}
@ -1319,7 +1319,7 @@ function check_ratinglock_discuss()
$_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$status_ratinglock_disc=$row['ratinglock_disc'];
@ -1338,11 +1338,11 @@ function check_ratinglock_discuss()
}
$sql='UPDATE '.$tbl_wiki.' SET ratinglock_disc="'.Database::escape_string($status_ratinglock_disc).'" WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter; //Visibility. Value to all,not only for the first
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.html_entity_decode(Database::escape_string(stripslashes(urldecode($page)))).'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
}
@ -1367,13 +1367,13 @@ function check_notify_page($reflink)
$_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.$reflink.'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$id=$row['id'];
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="P"';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$idm=$row['id'];
@ -1391,14 +1391,14 @@ function check_notify_page($reflink)
if ($_GET['actionpage']=='locknotify' && $status_notify==0)
{
$sql="INSERT INTO ".$tbl_wiki_mailcue." (id, user_id, type, group_id) VALUES ('".$id."','".api_get_user_id()."','P','".$_clean['group_id']."')";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$status_notify=1;
}
if ($_GET['actionpage']=='unlocknotify' && $status_notify==1)
{
$sql='DELETE FROM '.$tbl_wiki_mailcue.' WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="P"'; //$_clean['group_id'] not necessary
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$status_notify=0;
}
@ -1422,13 +1422,13 @@ function check_notify_discuss($reflink)
$_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.$reflink.'" AND '.$groupfilter.' ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$id=$row['id'];
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="D"';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$idm=$row['id'];
@ -1446,14 +1446,14 @@ function check_notify_discuss($reflink)
if ($_GET['actionpage']=='locknotifydisc' && $status_notify_disc==0)
{
$sql="INSERT INTO ".$tbl_wiki_mailcue." (id, user_id, type, group_id) VALUES ('".$id."','".api_get_user_id()."','D','".$_clean['group_id']."')";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$status_notify_disc=1;
}
if ($_GET['actionpage']=='unlocknotifydisc' && $status_notify_disc==1)
{
$sql='DELETE FROM '.$tbl_wiki_mailcue.' WHERE id="'.$id.'" AND user_id="'.api_get_user_id().'" AND type="D"'; //$_clean['group_id'] not necessary
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$status_notify_disc=0;
}
@ -1477,7 +1477,7 @@ function check_notify_all()
$_clean['group_id']=(int)$_SESSION['_gid'];
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE user_id="'.api_get_user_id().'" AND type="F" AND group_id="'.$_clean['group_id'].'"';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$idm=$row['user_id'];
@ -1495,14 +1495,14 @@ function check_notify_all()
if ($_GET['actionpage']=='locknotifyall' && $status_notify_all==0)
{
$sql="INSERT INTO ".$tbl_wiki_mailcue." (user_id, type, group_id) VALUES ('".api_get_user_id()."','F','".$_clean['group_id']."')";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$status_notify_all=1;
}
if ($_GET['actionpage']=='unlocknotifyall' && $status_notify_all==1)
{
$sql='DELETE FROM '.$tbl_wiki_mailcue.' WHERE user_id="'.api_get_user_id().'" AND type="F" AND group_id="'.$_clean['group_id'].'"';
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$status_notify_all=0;
}
@ -1552,7 +1552,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
//second, extract data from first reg
$sql='SELECT * FROM '.$tbl_wiki.'WHERE reflink="'.$id_or_ref.'" AND '.$groupfilter.' ORDER BY id ASC'; //id_or_ref is reflink from tblwiki
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$id=$row['id'];
@ -1564,7 +1564,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$allow_send_mail=true; //if visibility off - notify off
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="'.$type.'" OR type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=full.
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$emailtext=get_lang('EmailWikipageModified').' <strong>'.$email_page_name.'</strong> '.get_lang('Wiki');
}
@ -1594,7 +1594,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$sql='SELECT * FROM '.$tbl_wiki.'WHERE id="'.$id.'" ORDER BY id ASC';
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$email_page_name=$row['title'];
@ -1605,7 +1605,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$allow_send_mail=true; //if visibility off - notify off
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="'.$type.'" OR type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=full
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$emailtext=get_lang('EmailWikiPageDiscAdded').' <strong>'.$email_page_name.'</strong> '.get_lang('Wiki');
}
@ -1617,7 +1617,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$sql='SELECT * FROM '.$tbl_wiki.' ORDER BY id DESC'; //the added is always the last
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$email_page_name=$row['title'];
@ -1651,7 +1651,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
}
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=full
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$emailtext=get_lang('EmailWikiPageAdded').' <strong>'.$email_page_name.'</strong> '.get_lang('In').' '. get_lang('Wiki');
}
@ -1671,7 +1671,7 @@ function check_emailcue($id_or_ref, $type, $lastime='', $lastuser='')
$email_date_changes=$today;
$sql='SELECT * FROM '.$tbl_wiki_mailcue.'WHERE id="'.$id.'" AND type="F" AND group_id="'.$_clean['group_id'].'"'; //type: P=page, D=discuss, F=wiki
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
$emailtext=get_lang('EmailWikipageDedeleted');
}
@ -1990,7 +1990,7 @@ function display_wiki_search_results($search_term, $search_content=0)
}
}
$result=Database::query($sql,__LINE__,__FILE__);
$result=Database::query($sql);
//show table
if (Database::num_rows($result) > 0)

2
main/work/download.php
Unescape View File

@ -51,7 +51,7 @@ event_download($doc_url);
$sql='SELECT title FROM '.$tbl_student_publication.'
WHERE url LIKE BINARY "'.$doc_url.'"';
$result= Database::query($sql, __FILE__, __LINE__);
$result= Database::query($sql);
$row= Database::fetch_array($result);
$title = str_replace(' ','_', $row['title']);
DocumentManager::file_send_for_download($full_file_name,TRUE, $title);

8
main/work/downloadfolder.inc.php
Unescape View File

@ -68,7 +68,7 @@ if (is_allowed_to_edit()) {
}
//search for all files that are not deleted => visibility != 2
$query = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility<>'2'",__FILE__,__LINE__);
$query = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility<>'2'");
//add tem to the zip file
while ($not_deleted_file = Database::fetch_assoc($query)) { //var_dump($sys_course_path.$_course['path']."/".$not_deleted_file['url']);exit();
$zip_folder->add($sys_course_path.$_course['path']."/".$not_deleted_file['url'],PCLZIP_OPT_REMOVE_PATH, $sys_course_path.$_course['path']."/work".$remove_dir);
@ -86,21 +86,21 @@ else
//big problem: visible files that are in a hidden folder are included when we do a query for visiblity='v'!!!
//so... I do it in a couple of steps:
//1st: get all files that are visible in the given path
$query = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility='1' AND props.lastedit_user_id='".api_get_user_id()."'",__FILE__,__LINE__);
$query = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility='1' AND props.lastedit_user_id='".api_get_user_id()."'");
//add them to an array
$all_visible_files_path = array();
while ($all_visible_files = Database::fetch_assoc($query)) {
$all_visible_files_path[] = $all_visible_files['url'];
}
//2nd: get all folders that are invisible in the given path
$query2 = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility<>'1' AND props.lastedit_user_id='".api_get_user_id()."'",__FILE__,__LINE__);
$query2 = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$querypath."/%' AND work.filetype='file' AND props.visibility<>'1' AND props.lastedit_user_id='".api_get_user_id()."'");
//if we get invisible folders, we have to filter out these results from all visible files we found
if (Database::num_rows($query2)>0) {
//add tem to an array
while ($invisible_folders = Database::fetch_assoc($query2)) {
//3rd: get all files that are in the found invisible folder (these are "invisible" too)
$query3 = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$invisible_folders['path']."/%' AND work.filetype='file' AND props.visibility='1' AND props.lastedit_user_id='".api_get_user_id()."'",__FILE__,__LINE__);
$query3 = Database::query("SELECT url FROM $tbl_student_publication AS work,$prop_table AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work".$invisible_folders['path']."/%' AND work.filetype='file' AND props.visibility='1' AND props.lastedit_user_id='".api_get_user_id()."'");
//add tem to an array
while ($files_in_invisible_folder = Database::fetch_assoc($query3)) {
$files_in_invisible_folder_path[] = $files_in_invisible_folder['url'];

66
main/work/work.lib.php
Unescape View File

@ -77,7 +77,7 @@ function display_action_links($cur_dir_path, $always_show_tool_options, $always_
// make all files visible or invisible
$work_table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$sql_query = "SHOW COLUMNS FROM ".$work_table." LIKE 'accepted'";
$sql_result = Database::query($sql_query,__FILE__,__LINE__);
$sql_result = Database::query($sql_query);
if ($sql_result) {
$columnStatus = Database::fetch_array($sql_result);
@ -228,7 +228,7 @@ function display_user_link_work($user_id, $name='')
$table_user = Database::get_main_table(TABLE_MAIN_USER);
$sql="SELECT * FROM $table_user WHERE user_id='".Database::escape_string($user_id)."'";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
if ($name=='') {
return "<a href=\"../user/userInfo.php?cidReq=".api_get_course_id()."&gradebook=$gradebook&origin=&uInfo=".$row['user_id']."\">".api_get_person_name($row['firstname'], $row['lastname'])."</a>";
@ -376,8 +376,8 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
}
$sql_result = Database::query($sql_get_publications_list,__FILE__,__LINE__);
$sql_result_num = Database::query($sql_get_publications_num,__FILE__,__LINE__);
$sql_result = Database::query($sql_get_publications_list);
$sql_result_num = Database::query($sql_get_publications_num);
$row=Database::fetch_array($sql_result_num);
$count_files=$row[0];
@ -450,7 +450,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
$sql_select_directory.=" work.post_group_id = '0' ";
}
$sql_select_directory.=" AND work.url LIKE BINARY '".$mydir_temp."' AND work.filetype = 'folder' AND prop.tool='work' $condition_session";
$result=Database::query($sql_select_directory,__FILE__,__LINE__);
$result=Database::query($sql_select_directory);
// var_dump($sql_select_directory);
$row=Database::fetch_array($result);
@ -472,7 +472,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
// form edit directory
if(isset($clean_edit_dir) && $clean_edit_dir==$mydir) {
if(!empty($row['has_properties'])) {
$sql = Database::query('SELECT * FROM '.$work_assigment.' WHERE id = '."'".$row['has_properties']."'".' LIMIT 1',__FILE__,__LINE__);
$sql = Database::query('SELECT * FROM '.$work_assigment.' WHERE id = '."'".$row['has_properties']."'".' LIMIT 1');
$homework = Database::fetch_array($sql);
}
@ -575,31 +575,31 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
if($there_is_a_end_date == true || $there_is_a_expire_date == true) {
if($row['view_properties']=='1') {
$sql_add_publication = "UPDATE ".$work_table." SET has_properties = '".$row['has_properties']. "', view_properties=1 where id ='".$row['id']."'";
Database::query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication);
$expires_query= ' SET expires_on = '."'".(($there_is_a_expire_date == true)?get_date_from_group('expires'):'0000-00-00 00:00:00')."'".',';
$ends_query = ' ends_on = '."'".(($there_is_a_end_date == true) ? get_date_from_group('ends') : '0000-00-00 00:00:00')."'";
Database::query('UPDATE '.$work_assigment.$expires_query.$ends_query.' WHERE id = '."'".$row['has_properties']."'",__FILE__,__LINE__);
Database::query('UPDATE '.$work_assigment.$expires_query.$ends_query.' WHERE id = '."'".$row['has_properties']."'");
} else if($row['view_properties']=='0') {
if ($_POST['enableExpiryDate']=='1') {
$expires_query= ' SET expires_on = '."'".(($there_is_a_expire_date == true)?get_date_from_group('expires'):'0000-00-00 00:00:00')."'";
//$ends_query = ' ends_on = '."'".(($there_is_a_end_date == true) ? get_date_from_group('ends') : '0000-00-00 00:00:00')."'";
Database::query('UPDATE '.$work_assigment.$expires_query.' WHERE id = '."'".$row['has_properties']."'",__FILE__,__LINE__);
Database::query('UPDATE '.$work_assigment.$expires_query.' WHERE id = '."'".$row['has_properties']."'");
$sql_add_publication = "UPDATE ".$work_table." SET has_properties = '".$row['has_properties']. "', view_properties=1 where id ='".$row['id']."'";
Database::query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication);
}
if ($_POST['enableEndDate']=='1') {
//$expires_query= ' SET expires_on = '."'".(($there_is_a_expire_date == true)?get_date_from_group('expires'):'0000-00-00 00:00:00')."'".',';
$ends_query = ' SET ends_on = '."'".(($there_is_a_end_date == true) ? get_date_from_group('ends') : '0000-00-00 00:00:00')."'";
Database::query('UPDATE '.$work_assigment.$ends_query.' WHERE id = '."'".$row['has_properties']."'",__FILE__,__LINE__);
Database::query('UPDATE '.$work_assigment.$ends_query.' WHERE id = '."'".$row['has_properties']."'");
$sql_add_publication = "UPDATE ".$work_table." SET has_properties = '".$row['has_properties']. "', view_properties=1 where id ='".$row['id']."'";
Database::query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication);
}
}
}
//if($_POST['qualification']['qualification']!='')
Database::query('UPDATE '.$work_table.' SET description = '."'".Database::escape_string(Security::remove_XSS($_POST['description']))."'".', qualification = '."'".Database::escape_string($_POST['qualification']['qualification'])."'".',weight = '."'".Database::escape_string($_POST['weight']['weight'])."'".' WHERE id = '."'".$row['id']."'",__FILE__,__LINE__);
Database::query('UPDATE '.Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK).' SET weight = '."'".Database::escape_string($_POST['weight']['weight'])."'".' WHERE course_code = '."'".api_get_course_id()."'".' AND ref_id = '."'".$row['id']."'".'',__FILE__,__LINE__);
Database::query('UPDATE '.$work_table.' SET description = '."'".Database::escape_string(Security::remove_XSS($_POST['description']))."'".', qualification = '."'".Database::escape_string($_POST['qualification']['qualification'])."'".',weight = '."'".Database::escape_string($_POST['weight']['weight'])."'".' WHERE id = '."'".$row['id']."'");
Database::query('UPDATE '.Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK).' SET weight = '."'".Database::escape_string($_POST['weight']['weight'])."'".' WHERE course_code = '."'".api_get_course_id()."'".' AND ref_id = '."'".$row['id']."'".'');
//we are changing the current work and we want add them into gradebook
if(isset($_POST['make_calification']) && $_POST['make_calification']==1) {
@ -624,7 +624,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
// gets calendar_id from student_publication_assigment
$sql = "SELECT add_to_calendar FROM $work_assigment WHERE publication_id ='".$row['id']."'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$calendar_id = Database::fetch_row($res);
// update from agenda if it exists
if (!empty($calendar_id[0])) {
@ -633,7 +633,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
content = '".$dir_name."',
end_date='".get_date_from_group('ends')."'
WHERE id='".$calendar_id[0]."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
@ -656,7 +656,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT course_user.user_id FROM $table_user user, $table_course_user course_user
WHERE course_user.user_id=user.user_id AND course_user.course_code='".api_get_course_id()."' AND course_user.status='1'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$admin_course = '';
while($row_admin = Database::fetch_row($res)) {
$admin_course .='\''.$row_admin[0].'\',';
@ -664,12 +664,12 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
$sql_document = "SELECT count(*) FROM $work_table s, $iprop_table p WHERE s.id = p.ref AND p.tool='work' AND lastedit_user_id IN(".$admin_course.'\''.api_get_user_id().'\''.") AND s.accepted='1' AND url NOT LIKE '".$sub_course_dir.$dir."/%/%' AND url LIKE '".$sub_course_dir.$dir."/%'";
}
//count documents
$res_document = Database::query($sql_document,__FILE__,__LINE__);
$res_document = Database::query($sql_document);
$count_document = Database::fetch_row($res_document);
$cant_files = $count_document[0];
//count directories
$sql_directory = "SELECT count(*) FROM $work_table s WHERE url NOT LIKE '/".$mydir."/%/%' AND url LIKE '/".$mydir."/%'";
$res_directory = Database::query($sql_directory,__FILE__,__LINE__);
$res_directory = Database::query($sql_directory);
$count_directory = Database::fetch_row($res_directory);
$cant_dir = $count_directory[0];
@ -696,7 +696,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
$tbl_gradebook_link = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$add_to_name = '';
$sql = "SELECT weight FROM ". $tbl_gradebook_link ." WHERE type='3' AND ref_id= '".$id2."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$count = Database::num_rows($result);
if($count>0) {
$add_to_name = ' / <span style="color:blue">'.get_lang('Assignment').'</span>';
@ -742,7 +742,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou
//Get the author ID for that document from the item_property table
$is_author = false;
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND ref=".$work->id;
$author_qry = Database::query($author_sql,__FILE__,__LINE__);
$author_qry = Database::query($author_sql);
$row2=Database::fetch_array($author_qry);
@ -916,7 +916,7 @@ function build_work_move_to_selector($folders,$curdirpath,$move_file,$group_dir=
//gets file title
$tbl_work = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$sql = "SELECT title FROM $tbl_work WHERE id ='".(int)$move_file."'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$title = Database::fetch_row($result);
global $gradebook;
@ -1043,11 +1043,11 @@ function del_dir($base_work_dir,$dir,$id) {
}
$table = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$sql = "DELETE FROM $table WHERE url LIKE BINARY 'work/".$dir."/%'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
//delete from DB the directories
$sql = "DELETE FROM $table WHERE filetype = 'folder' AND url LIKE BINARY '/".$dir."%'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
require_once(api_get_path(LIBRARY_PATH).'/fileManage.lib.php');
$new_dir= $dir.'_DELETED_'.$id;
@ -1127,26 +1127,26 @@ function update_dir_name($path, $new_name) {
//update all the files in the other directories according with the next query
$sql = 'SELECT id, url FROM '.$table.' WHERE url LIKE BINARY "work/'.$path.'/%"'; // like binary (Case Sensitive)
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$work_len=strlen('work/'.$path);
while($work = Database :: fetch_array($rs)) {
$new_dir=$work['url'];
$name_with_directory=substr($new_dir,$work_len,strlen($new_dir));
$sql = 'UPDATE '.$table.' SET url="work/'.$path_to_dir.$new_name.$name_with_directory.'" WHERE id= '.$work['id'];
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
//update all the directory's children according with the next query
$sql = 'SELECT id, url FROM '.$table.' WHERE url LIKE BINARY "/'.$path.'%"';
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$work_len=strlen('/'.$path);
while($work = Database :: fetch_array($rs)) {
$new_dir=$work['url'];
$name_with_directory=substr($new_dir,$work_len,strlen($new_dir));
$url=$path_to_dir.$new_name.$name_with_directory;
$sql = 'UPDATE '.$table.' SET url="/'.$url.'" WHERE id= '.$work['id'];
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
}
}
@ -1170,7 +1170,7 @@ function get_parent_directories($my_cur_dir_path) {
$where_sentence = "url LIKE BINARY '" . $dir_acum . "/" . $item."'";
$dir_acum .= '/' . $list_parents[$i];
$sql = "SELECT id FROM ". $work_table . " WHERE ". $where_sentence;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row= Database::fetch_array($result);
$list_id[]=$row['id'];
}
@ -1230,7 +1230,7 @@ function insert_all_directory_in_course_table($base_work_dir) {
filetype = 'folder',
post_group_id = '".intval($_GET['toolgroup'])."',
sent_date = '0000-00-00 00:00:00' ";
Database::query($sql_insert_all, __FILE__, __LINE__);
Database::query($sql_insert_all);
}
}
@ -1435,7 +1435,7 @@ function get_work_id($path) {
} else {
$sql = "SELECT work.id FROM $TBL_STUDENT_PUBLICATION AS work,$TBL_PROP_TABLE AS props WHERE props.tool='work' AND work.id=props.ref AND work.url LIKE 'work/".$path."%' AND work.filetype='file' AND props.visibility<>'2' AND props.lastedit_user_id='".api_get_user_id()."'";
}
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$num_rows = Database::num_rows($result);
if ($result && $num_rows > 0) {
@ -1465,7 +1465,7 @@ function get_list_users_without_publication($task_id) {
} else {
$sql="SELECT C.user_id as id FROM $work_table AS S, $table_course_user AS C, $iprop_table AS I WHERE C.user_id=I.insert_user_id and S.id=I.ref and C.status=5 and S.parent_id='$task_id' and course_code='".api_get_course_id()."'";
}
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$users_with_tasks = array();
while($row = Database::fetch_array($result)) {
$users_with_tasks[] = $row['id'];
@ -1476,7 +1476,7 @@ function get_list_users_without_publication($task_id) {
} else {
$sql_users = "SELECT cu.user_id, u.lastname, u.firstname, u.email FROM $table_course_user AS cu, $table_user AS u WHERE cu.status!=1 and cu.course_code='".api_get_course_id()."' AND u.user_id=cu.user_id";
}
$result_users = Database::query($sql_users, __FILE__, __LINE__);
$result_users = Database::query($sql_users);
$users_without_tasks = array();
while ($row_users = Database::fetch_row($result_users)) {
if (in_array($row_users[0],$users_with_tasks)) continue;

168
main/work/work.php
Unescape View File

@ -161,7 +161,7 @@ isset($_REQUEST['id'])?$id = strval(intval($_REQUEST['id'])):$id='';
$has_expired = false;
$has_ended = false;
isset($_GET['curdirpath'])?$curdirpath=Database::escape_string($_GET['curdirpath']):$curdirpath='';
$sql = Database::query('SELECT description,id FROM '.Database :: get_course_table(TABLE_STUDENT_PUBLICATION).' WHERE filetype = '."'folder'".' and has_properties != '."''".' and url = '."'/".$curdirpath."'".' LIMIT 1',__FILE__,__LINE__);
$sql = Database::query('SELECT description,id FROM '.Database :: get_course_table(TABLE_STUDENT_PUBLICATION).' WHERE filetype = '."'folder'".' and has_properties != '."''".' and url = '."'/".$curdirpath."'".' LIMIT 1');
$is_special = Database::num_rows($sql);
if($is_special > 0) {
$publication = Database::fetch_array($sql);
@ -228,12 +228,12 @@ if (isset($_GET['list']) && Security::remove_XSS($_GET['list'])=='without') {
}
if (isset($_GET['action']) && $_GET['action'] == 'send_mail') {
if (isset($_GET['action']) && $_GET['action'] == 'send_mail') {
if ($_GET['sec_token'] == $_SESSION['token']) {
send_reminder_users_without_publication($publication['id']);
unset($_SESSION['token']);
unset($_SESSION['token']);
}
}
}
api_protect_course_script(true);
@ -433,29 +433,29 @@ $is_allowed_to_edit = api_is_allowed_to_edit(); //has to come after display_tool
if (!empty ($_POST['changeProperties'])) {
// changing the tool setting: default visibility of an uploaded document
$query = "UPDATE " . $main_course_table . " SET show_score='" . $uploadvisibledisabled . "' WHERE code='" . $_course['sysCode'] . "'";
Database::query($query, __FILE__, __LINE__);
Database::query($query);
// changing the tool setting: is a student allowed to delete his/her own document
// database table definition
$table_course_setting = Database :: get_course_table(TOOL_COURSE_SETTING);
// counting the number of occurrences of this setting (if 0 => add, if 1 => update)
$query = "SELECT * FROM " . $table_course_setting . " WHERE variable = 'student_delete_own_publication'";
$result = Database::query($query, __FILE__, __LINE__);
$result = Database::query($query);
$number_of_setting = Database::num_rows($result);
if ($number_of_setting == 1){
$query = "UPDATE " . $table_course_setting . " SET value='" . Database::escape_string($_POST['student_delete_own_publication']) . "' WHERE variable='student_delete_own_publication'";
Database::query($query, __FILE__, __LINE__);
Database::query($query);
} else {
$query = "INSERT INTO " . $table_course_setting . " (variable, value, category) VALUES ('student_delete_own_publication','" . Database::escape_string($_POST['student_delete_own_publication']) . "','work')";
Database::query($query, __FILE__, __LINE__);
Database::query($query);
}
$_course['show_score'] = $uploadvisibledisabled;
} else {
$query = "SELECT * FROM " . $main_course_table . " WHERE code=\"" . $_course['sysCode'] . "\"";
$result = Database::query($query, __FILE__, __LINE__);
$result = Database::query($query);
$row = Database::fetch_array($result);
$uploadvisibledisabled = $row["show_score"];
}
@ -479,7 +479,7 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
}
$sql = "SELECT * FROM " . $work_table . " WHERE id='" . $edit . "'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (!empty($result)) {
$row = Database::fetch_array($result);
@ -503,12 +503,12 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
$sql = "ALTER TABLE " . $work_table . "
CHANGE accepted accepted TINYINT(1) DEFAULT '0'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = "UPDATE " . $work_table . "
SET accepted = 0";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
Display::display_confirmation_message(get_lang('AllFilesInvisible'));
} else {
@ -516,7 +516,7 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
SET accepted = 0
WHERE id = '" . $make_invisible . "'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
Display::display_confirmation_message(get_lang('FileInvisible'));
}
@ -533,17 +533,17 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
if (isset($make_visible) && $make_visible == "all") {
$sql = "ALTER TABLE " . $work_table . "
CHANGE accepted accepted TINYINT(1) DEFAULT '1'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql = "UPDATE " . $work_table . "
SET accepted = 1";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
Display::display_confirmation_message(get_lang('AllFilesVisible'));
} else {
$sql = "UPDATE " . $work_table . "
SET accepted = 1
WHERE id = '" . $make_visible . "'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
Display::display_confirmation_message(get_lang('FileVisible'));
}
@ -618,7 +618,7 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
weight = '".Database::escape_string(Security::remove_XSS($_POST['weight']))."',
session_id = ".intval($id_session);
Database::query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication);
// add the directory
$id = Database::insert_id();
@ -640,11 +640,11 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
add_to_calendar = '$agenda_id',
enable_qualification = '".$enable_calification."',
publication_id = '".$id."'";
Database::query($sql_add_homework, __FILE__, __LINE__);
//Database::query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_homework);
//Database::query($sql_add_publication);
$sql_add_publication = "UPDATE ".$work_table." SET "."has_properties = ".Database::insert_id().", view_properties = 1 ".' where id = '.$id;
Database::query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication);
} else {
@ -654,11 +654,11 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
add_to_calendar = '$agenda_id',
enable_qualification = '".(isset($_POST['enable_calification'])?(int)$_POST['enable_calification']:'')."',
publication_id = '".$id."'";
Database::query($sql_add_homework, __FILE__, __LINE__);
//Database::query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_homework);
//Database::query($sql_add_publication);
$sql_add_publication = "UPDATE ".$work_table." SET "."has_properties = ".Database::insert_id().", view_properties = 0 ".' where id = '.$id;
Database::query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication);
}
@ -706,8 +706,8 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
$delete_directory=$_REQUEST['delete_dir'];
$id=$_REQUEST['delete2'];
del_dir($base_work_dir . '/', $delete_directory,$id);
del_dir($base_work_dir . '/', $delete_directory,$id);
Display :: display_confirmation_message(get_lang('DirDeleted') . ': '.$delete_directory);
}
if (!empty ($_REQUEST['delete2'])) {
@ -718,18 +718,18 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
$delete_2=$_REQUEST['delete2'];
// gets calendar_id from student_publication_assigment
$sql = "SELECT add_to_calendar FROM $TSTDPUBASG WHERE publication_id ='$delete_2'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$calendar_id = Database::fetch_row($res);
// delete from agenda if it exists
if (!empty($calendar_id[0])) {
$t_agenda = Database::get_course_table(TABLE_AGENDA);
$sql = "DELETE FROM $t_agenda WHERE id ='".$calendar_id[0]."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
$sql2="DELETE FROM $TSTDPUBASG WHERE publication_id ='$delete_2'";
$result2 = Database::query($sql2, __FILE__, __LINE__);
$result2 = Database::query($sql2);
$sql3="DELETE FROM $t_gradebook_link WHERE course_code='$course_code' AND ref_id='$delete_2'";
$result3 = Database::query($sql3, __FILE__, __LINE__);
$result3 = Database::query($sql3);
}
/* ----------------------
@ -738,7 +738,7 @@ Display :: display_introduction_section(TOOL_STUDENTPUBLICATION);
if (!empty ($_REQUEST['move'])) {
$folders = array();
$sql = "SELECT url FROM $work_table WHERE url LIKE '/%' AND post_group_id = '".(empty($_SESSION['toolgroup'])?0:$_SESSION['toolgroup'])."'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
while($folder = Database::fetch_array($res)) {
$folders[] = substr($folder['url'],1,(strlen($folder['url'])-1));
}
@ -793,36 +793,36 @@ else {
/*-------------------------------------------
DELETE WORK COMMAND
-----------------------------------------*/
if ($delete) {
if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {
api_not_allowed();
}
if ($delete == "all" && api_is_allowed_to_edit(null,true)) {
if ($delete == "all" && api_is_allowed_to_edit(null,true)) {
$queryString1 = "SELECT url FROM ".$work_table."";
$queryString2 = "DELETE FROM ".$work_table."";
$queryString3 = "DELETE FROM ".$TSTDPUBASG. "";
$sql_agenda = "SELECT add_to_calendar FROM ".$TSTDPUBASG." WHERE add_to_calendar <> 0";
$rs_agenda = Database::query($sql_agenda, __FILE__, __LINE__);
$rs_agenda = Database::query($sql_agenda);
$t_agenda = Database::get_course_table(TABLE_AGENDA);
while ($row_agenda=Database::fetch_array($rs_agenda)) {
$deleteagenda = "DELETE FROM ".$t_agenda." WHERE id='".$row_agenda['add_to_calendar']."'";
$rsdeleteagenda = Database::query($deleteagenda, __FILE__, __LINE__);
}
$result1 = Database::query($queryString1, __FILE__, __LINE__);
$result2 = Database::query($queryString2, __FILE__, __LINE__);
$result3 = Database::query($queryString3, __FILE__, __LINE__);
$rsdeleteagenda = Database::query($deleteagenda);
}
$result1 = Database::query($queryString1);
$result2 = Database::query($queryString2);
$result3 = Database::query($queryString3);
$path = $currentCourseRepositorySys."work/";
$d = dir($path);
if (api_get_setting('permanently_remove_deleted_files') == 'true'){
while (false !== $entry = $d->read()) {
if ($entry == '.' || $entry == '..') continue;
rmdirr($path.$entry);
@ -837,7 +837,7 @@ else {
} else {
//Get the author ID for that document from the item_property table
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" .Database::escape_string($delete);
$author_qry = Database::query($author_sql, __FILE__, __LINE__);
$author_qry = Database::query($author_sql);
if (Database :: num_rows($author_qry) == 1 AND api_get_course_setting('student_delete_own_publication') == 1 OR api_is_allowed_to_edit(null,true)) {
//we found the current user is the author
@ -845,28 +845,28 @@ else {
$queryString2 = "DELETE FROM " . $work_table . " WHERE id='$delete'";
$queryString3 = "DELETE FROM " . $TSTDPUBASG . " WHERE publication_id='$delete'";
$result1 = Database::query($queryString1, __FILE__, __LINE__);
$result2 = Database::query($queryString2, __FILE__, __LINE__);
$result3 = Database::query($queryString3, __FILE__, __LINE__);
$result1 = Database::query($queryString1);
$result2 = Database::query($queryString2);
$result3 = Database::query($queryString3);
if ($result1) {
api_item_property_update($_course, 'work', $delete, 'DocumentDeleted', $user_id);
api_item_property_update($_course, 'work', $delete, 'DocumentDeleted', $user_id);
$row=Database::fetch_array($result1);
$work=$row['url'];
require_once(api_get_path(LIBRARY_PATH).'/fileManage.lib.php');
$extension = pathinfo($work, PATHINFO_EXTENSION);
$basename_file = basename($work, '.'.$extension);
$basename_file = basename($work, '.'.$extension);
$new_dir=$work.'_DELETED_'.$delete.'.'.$extension;
if (api_get_setting('permanently_remove_deleted_files') == 'true'){
my_delete($currentCourseRepositorySys.'/'.$work);
my_delete($currentCourseRepositorySys.'/'.$work);
} else {
rename($currentCourseRepositorySys."/".$work, $currentCourseRepositorySys."/".$new_dir);
}
}
Display::display_confirmation_message(get_lang('TheDocumentHasBeenDeleted'));
} else {
Display::display_error_message(get_lang('YouAreNotAllowedToDeleteThisDocument'));
Display::display_error_message(get_lang('YouAreNotAllowedToDeleteThisDocument'));
}
}
}
@ -882,11 +882,11 @@ else {
//Get the author ID for that document from the item_property table
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" . $edit;
$author_qry = Database::query($author_sql, __FILE__, __LINE__);
$author_qry = Database::query($author_sql);
if (Database :: num_rows($author_qry) == 1) {
//we found the current user is the author
$sql = "SELECT * FROM " . $work_table . " WHERE id='" . $edit . "'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if ($result ) {
$row = Database::fetch_array($result);
$workTitle = $row['title'];
@ -942,7 +942,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
//if we come from the group tools the groupid will be saved in $work_table
@move_uploaded_file($_FILES['file']['tmp_name'], $updir . $my_cur_dir_path . $new_file_name);
$url = "work/" . $my_cur_dir_path . $new_file_name;
$result = Database::query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'", __FILE__, __LINE__);
$result = Database::query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'");
if (!Database::num_rows($result)) {
Database::query("ALTER TABLE " . $work_table . " ADD sent_date DATETIME NOT NULL");
@ -968,7 +968,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
session_id = ".intval($id_session);
Database::query($sql_add_publication, __FILE__, __LINE__);
Database::query($sql_add_publication);
$Id = Database::insert_id();
api_item_property_update($_course, 'work', $Id, 'DocumentAdded', $user_id);
@ -997,7 +997,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
$title = basename($workUrl);
}
$result = Database::query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'", __FILE__, __LINE__);
$result = Database::query("SHOW FIELDS FROM " . $work_table . " LIKE 'sent_date'");
if (!Database::num_rows($result)) {
Database::query("ALTER TABLE " . $work_table . " ADD sent_date DATETIME NOT NULL");
@ -1012,7 +1012,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
sent_date = '".$current_date."',
session_id = ".intval($id_session);
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$insertId = Database::insert_id();
api_item_property_update($_course, 'work', $insertId, 'DocumentAdded', $user_id);
@ -1036,7 +1036,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
if ($id<>'') {
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" . Database::escape_string($id);
$author_qry = Database::query($author_sql, __FILE__, __LINE__);
$author_qry = Database::query($author_sql);
if (Database :: num_rows($author_qry) == 1) {
$is_author = true;
}
@ -1062,7 +1062,7 @@ if ($ctok==$_POST['sec_token']) { //check the token inserted into the form
description = '" . Database::escape_string(Security::remove_XSS($description)) . "'
".$add_to_update."
WHERE id = '$id'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
$insertId = $id;
@ -1085,7 +1085,7 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
$emailto = array ();
if (empty ($id_session)) {
$sql_resp = 'SELECT u.email as myemail FROM ' . $table_course_user . ' cu, ' . $table_user . ' u WHERE cu.course_code = ' . "'" . api_get_course_id() . "'" . ' AND cu.status = 1 AND u.user_id = cu.user_id';
$res_resp = Database::query($sql_resp, __FILE__, __LINE__);
$res_resp = Database::query($sql_resp);
while ($row_email = Database :: fetch_array($res_resp)) {
if (!empty ($row_email['myemail'])) {
$emailto[$row_email['myemail']] = $row_email['myemail'];
@ -1098,7 +1098,7 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
INNER JOIN ' . $table_user . ' user
ON user.user_id = session.id_coach
WHERE session.id = ' . intval($id_session);
$res_resp = Database::query($sql_resp, __FILE__, __LINE__);
$res_resp = Database::query($sql_resp);
while ($row_email = Database :: fetch_array($res_resp)) {
if (!empty ($row_email['myemail'])) {
$emailto[$row_email['myemail']] = $row_email['myemail'];
@ -1106,12 +1106,12 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
}
//coach of the course
$sql_resp = 'SELECT user.email as myemail
$sql_resp = 'SELECT user.email as myemail
FROM ' . $table_session_course_user . ' scu
INNER JOIN ' . $table_user . ' user
ON user.user_id = scu.id_user AND scu.status=2
WHERE scu.id_session = ' . intval($id_session);
$res_resp = Database::query($sql_resp, __FILE__, __LINE__);
$res_resp = Database::query($sql_resp);
while ($row_email = Database :: fetch_array($res_resp)) {
if (!empty ($row_email['myemail'])) {
$emailto[$row_email['myemail']] = $row_email['myemail'];
@ -1121,7 +1121,7 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
}
if (count($emailto) > 0) {
$emailto = implode(',', $emailto);
$emailfromaddr = api_get_setting('emailAdministrator');
$emailfromname = api_get_setting('siteName');
@ -1131,7 +1131,7 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
// The body can be as long as you wish, and any combination of text and variables
$emailbody = get_lang('SendMailBody')."\n".get_lang('CourseName')." : ".$_course['name']."\n";
$emailbody .= get_lang('WorkName')." : ".substr($my_cur_dir_path, 0, -1)."\n";
$emailbody .= get_lang('WorkName')." : ".substr($my_cur_dir_path, 0, -1)."\n";
$emailbody .= get_lang('UserName')." : ".$currentUserFirstName .' '.$currentUserLastName ."\n";
$emailbody .= get_lang('DateSent')." : ".date('d/m/Y H:i')."\n";
$emailbody .= get_lang('FileName')." : ".$title."\n\n".get_lang('DownloadLink')."\n";
@ -1140,12 +1140,12 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
// Every header must be followed by a \n except the last
@api_mail('', $emailto, $emailsubject, $emailbody, $sender_name,$email_admin);
$emailbody_user = get_lang('Dear')." ".$currentUserFirstName .' '.$currentUserLastName ."\n";
$emailbody_user = get_lang('Dear')." ".$currentUserFirstName .' '.$currentUserLastName ."\n";
$emailbody_user .= get_lang('MessageConfirmSendingOfTask')."\n".get_lang('CourseName')." : ".$_course['name']."\n";
$emailbody_user .= get_lang('WorkName')." : ".substr($my_cur_dir_path, 0, -1)."\n";
$emailbody_user .= get_lang('WorkName')." : ".substr($my_cur_dir_path, 0, -1)."\n";
$emailbody_user .= get_lang('DateSent')." : ".date('d/m/Y H:i')."\n";
$emailbody_user .= get_lang('FileName')." : ".$title."\n\n".api_get_setting('administratorName')." ".api_get_setting('administratorSurname') . "\n" . get_lang('Manager') . " " . api_get_setting('siteName') . "\n" . get_lang('Email') . " : " . api_get_setting('emailAdministrator');;
//Mail to user
@api_mail('', $currentUserEmail, $emailsubject, $emailbody_user, $sender_name,$email_admin);
@ -1173,14 +1173,14 @@ if (!empty($_POST['submitWork']) && !empty($succeed) && !$id) {
$has_expired = false;
$has_ended = false;
isset($_GET['curdirpath'])?$curdirpath=Database::escape_string($_GET['curdirpath']):$curdirpath='';
$sql = Database::query('SELECT description,id FROM '.Database :: get_course_table(TABLE_STUDENT_PUBLICATION).' WHERE filetype = '."'folder'".' and has_properties != '."''".' and url = '."'/".$curdirpath."'".' LIMIT 1',__FILE__,__LINE__);
$sql = Database::query('SELECT description,id FROM '.Database :: get_course_table(TABLE_STUDENT_PUBLICATION).' WHERE filetype = '."'folder'".' and has_properties != '."''".' and url = '."'/".$curdirpath."'".' LIMIT 1');
$is_special = Database::num_rows($sql);
*/
if($is_special > 0):
$is_special = true;
define('IS_ASSIGNMENT',1);
//$publication = Database::fetch_array($sql);
$sql = Database::query('SELECT * FROM '.$TSTDPUBASG.' WHERE publication_id = '.(string)$publication['id'].' LIMIT 1',__FILE__,__LINE__);
$sql = Database::query('SELECT * FROM '.$TSTDPUBASG.' WHERE publication_id = '.(string)$publication['id'].' LIMIT 1');
$homework = Database::fetch_array($sql);
if($homework['expires_on']!='0000-00-00 00:00:00' || $homework['ends_on']!='0000-00-00 00:00:00'):
@ -1233,7 +1233,7 @@ if ($is_course_member) {
//Get the author ID for that document from the item_property table
$is_author = false;
$author_sql = "SELECT * FROM $iprop_table WHERE tool = 'work' AND insert_user_id='$user_id' AND ref=" . $edit;
$author_qry = Database::query($author_sql, __FILE__, __LINE__);
$author_qry = Database::query($author_sql);
if (Database :: num_rows($author_qry) == 1) {
$is_author = true;
}
@ -1299,7 +1299,7 @@ if ($is_course_member) {
if($is_allowed_to_edit && !empty($edit) && !empty($parent_id)) {
// Get qualification from parent_id that'll allow the validation qualification over
$sql = "SELECT qualification FROM $work_table WHERE id='$parent_id'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result);
$qualification_over = $row['qualification'];
$form->addElement('text', 'qualification', get_lang('Qualification'),'size="10"');
@ -1451,7 +1451,7 @@ function draw_date_picker($prefix,$default='') {
$new_folder_text .= '<div class="row">
<div class="label">
</div>
<div class="formw"><a href="javascript: void(0);" onclick="javascript: return plus();"><span id="plus">'.Display::return_icon('div_show.gif',get_lang('AdvancedParameters'),array('style'=>'vertical-align:center')).' '.get_lang('AdvancedParameters').'</span></a><br />
'.$addtext.'
@ -1503,7 +1503,7 @@ if (!$display_upload_form && !$display_tool_options) {
$add_query = '';
$sql = "SELECT user.firstname, user.lastname FROM $table_user user, $table_course_user course_user
WHERE course_user.user_id=user.user_id AND course_user.course_code='".api_get_course_id()."' AND course_user.status='1'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$admin_course = '';
while($row = Database::fetch_row($res)) {
$admin_course .='\''.api_get_person_name($row[0], $row[1]).'\',';
@ -1537,10 +1537,10 @@ if (!$display_upload_form && !$display_tool_options) {
$form_filter .= make_select('filter',array(0=>get_lang('SelectAFilter'),1=>get_lang('FilterByNotRevised'),2=>get_lang('FilterByRevised'),3=>get_lang('FilterByNotExpired')),$filter).'&nbsp&nbsp';
$form_filter .= '<button type="submit" class="save" value="'.get_lang('FilterAssignments').'">'.get_lang('FilterAssignments').'</button></form>';
echo $form_filter;
}
}
if(!empty($publication['description'])){
echo '<div class="actions">';
echo '<br /><b>'.get_lang('Description').':</b>&nbsp;&nbsp;'.$publication['description'].'<br /><br />';
@ -1548,7 +1548,7 @@ if (!$display_upload_form && !$display_tool_options) {
}
if ($display_list_users_without_publication) {
display_list_users_without_publication($publication['id']);
} else {
} else {
display_student_publications_list($base_work_dir . '/' . $my_cur_dir_path, 'work/' . $my_cur_dir_path, $currentCourseRepositoryWeb, $link_target_parameter, $dateFormatLong, $origin,$add_query);
}
}

6
plugin/search/client/www/indexer_login.php
Unescape View File

@ -26,15 +26,15 @@ if($_SERVER['REMOTE_ADDR']==$ip_address_of_search_server
$course_rel_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$course = Database::get_main_table(TABLE_MAIN_COURSE);
$sql = "DELETE FROM $course_rel_user WHERE user_id = $id";
$res = @Database::query($sql,__FILE__,__LINE__);
$res = @Database::query($sql);
$sql = "SELECT code FROM $course";
$res = @Database::query($sql,__FILE__,__LINE__);
$res = @Database::query($sql);
if(Database::num_rows($res)>0)
{
while ($row = Database::fetch_array($res))
{
$sql2 = "INSERT INTO $course_rel_user (course_code,user_id,status)VALUES('".$row['code']."',$id,5)";
$res2 = @Database::query($sql2,__FILE__,__LINE__);
$res2 = @Database::query($sql2);
}
}
//now login the user to the platform (put everything needed inside the

254
user_portal.php
Unescape View File

@ -115,16 +115,16 @@ $personal_course_list = UserManager::get_personal_session_course_list($_user['us
// check if a user is enrolled only in one course for going directly to the course after the login
if (api_get_setting('go_to_course_after_login') == 'true') {
if (!isset($_SESSION['coursesAlreadyVisited']) && is_array($personal_course_list) && count($personal_course_list) == 1) {
if (!isset($_SESSION['coursesAlreadyVisited']) && is_array($personal_course_list) && count($personal_course_list) == 1) {
$key = array_keys($personal_course_list);
$course_info = $personal_course_list[$key[0]];
$course_info = $personal_course_list[$key[0]];
$course_directory = $course_info['d'];
$id_session = isset($course_info['id_session'])?$course_info['id_session']:0;
$id_session = isset($course_info['id_session'])?$course_info['id_session']:0;
header('location:'.api_get_path(WEB_COURSE_PATH).$course_directory.'/?id_session='.$id_session);
exit;
}
}
}
$nosession = false;
@ -225,7 +225,7 @@ function get_personal_course_list($user_id) {
AND course_rel_user.user_id = '".$user_id."'
ORDER BY course_rel_user.user_course_cat, course_rel_user.sort ASC,i";
$course_list_sql_result = Database::query($personal_course_list_sql, __FILE__, __LINE__);
$course_list_sql_result = Database::query($personal_course_list_sql);
while ($result_row = Database::fetch_array($course_list_sql_result)) {
$personal_course_list[] = $result_row;
@ -237,7 +237,7 @@ function get_personal_course_list($user_id) {
FROM $main_course_table as course, $tbl_session_course_user as srcru
WHERE srcru.course_code=course.code AND srcru.id_user='$user_id'";
$course_list_sql_result = Database::query($personal_course_list_sql, __FILE__, __LINE__);
$course_list_sql_result = Database::query($personal_course_list_sql);
while ($result_row = Database::fetch_array($course_list_sql_result)) {
$personal_course_list[] = $result_row;
@ -249,7 +249,7 @@ function get_personal_course_list($user_id) {
FROM $main_course_table as course, $tbl_session_course as src, $tbl_session as session
WHERE session.id_coach='$user_id' AND session.id=src.id_session AND src.course_code=course.code";
$course_list_sql_result = Database::query($personal_course_list_sql, __FILE__, __LINE__);
$course_list_sql_result = Database::query($personal_course_list_sql);
//$personal_course_list = array_merge($personal_course_list, $course_list_sql_result);
@ -274,12 +274,12 @@ function display_special_courses ($user_id) {
$tbl_course_field = Database::get_main_table(TABLE_MAIN_COURSE_FIELD);
$tbl_course_field_value = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
$tbl_user_course_category = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
// get course list auto-register
$sql = "SELECT course_code FROM $tbl_course_field_value tcfv INNER JOIN $tbl_course_field tcf ON " .
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql, __FILE__, __LINE__);
$special_course_result = Database::query($sql);
if(Database::num_rows($special_course_result)>0) {
$special_course_list = array();
while ($result_row = Database::fetch_array($special_course_result)) {
@ -288,7 +288,7 @@ function display_special_courses ($user_id) {
}
$with_special_courses = $without_special_courses = '';
if (!empty($special_course_list)) {
$with_special_courses = ' course.code IN ('.implode(',',$special_course_list).')';
$with_special_courses = ' course.code IN ('.implode(',',$special_course_list).')';
}
if (!empty($with_special_courses)) {
@ -298,48 +298,48 @@ function display_special_courses ($user_id) {
FROM $TABLECOURS course
LEFT JOIN $TABLECOURSUSER course_rel_user ON course.code = course_rel_user.course_code AND course_rel_user.user_id = '$user_id'
WHERE $with_special_courses";
$rs_special_course = api_sql_query($sql, __FILE__, __LINE__);
$rs_special_course = api_sql_query($sql);
$number_of_courses = Database::num_rows($rs_special_course);
$key = 0;
$status_icon = '';
if ($number_of_courses > 0) {
echo "<table width=\"100%\">";
while ($course = Database::fetch_array($rs_special_course)) {
// get notifications
// get notifications
$my_course = array();
$my_course['db'] = $course['db_name'];
$my_course['k'] = $course['code'];
$my_course['id_session'] = null;
$my_course['s'] = $course['status'];
$my_course['s'] = $course['status'];
$show_notification = show_notification($my_course);
if (empty($course['user_id'])) {
$course['status'] = $user_info['status'];
}
if ($course['status'] == 1) {
$status_icon=Display::return_icon('course.gif', get_lang('Course')).' '.Display::return_icon('teachers.gif', get_lang('Status').': '.get_lang('Teacher'),array('style'=>'width:11px; height:11px;'));
}
if (($course['status'] == 5 && !api_is_coach()) || empty($course['status'])) {
$status_icon=Display::return_icon('course.gif', get_lang('Course')).' '.Display::return_icon('students.gif', get_lang('Status').': '.get_lang('Student'),array('style'=>'width:11px; height:11px'));
}
}
$progress_thematic_icon = get_thematic_progress_icon($course['db_name']);
echo "\t<tr>\n";
echo "\t\t<td>\n";
//show a hyperlink to the course, unless the course is closed and user is not course admin
//$course_access_settings = CourseManager :: get_access_settings($course['code']);
$course_visibility = $course['visibility'];
if ($course_visibility != COURSE_VISIBILITY_CLOSED || $course['status'] == COURSEMANAGER) {
$course_title = '<a href="'.api_get_path(WEB_COURSE_PATH).$course['directory'].'/?id_session=0&amp;autoreg=1">'.$course['title'].'</a>';
if ($course_visibility != COURSE_VISIBILITY_CLOSED || $course['status'] == COURSEMANAGER) {
$course_title = '<a href="'.api_get_path(WEB_COURSE_PATH).$course['directory'].'/?id_session=0&amp;autoreg=1">'.$course['title'].'</a>';
} else {
$course_title = $course['title']." ".get_lang('CourseClosed');
}
echo "<div style=\"float:left;margin-right:10px;\">".$status_icon."</div><span style=\"font-size:135%;\">".$course_title."</span>&nbsp;&nbsp;<span>$progress_thematic_icon</span><br />";
echo "<div style=\"float:left;margin-right:10px;\">".$status_icon."</div><span style=\"font-size:135%;\">".$course_title."</span>&nbsp;&nbsp;<span>$progress_thematic_icon</span><br />";
if (api_get_setting('display_coursecode_in_courselist') == 'true') {
echo $course['visual_code'];
}
@ -348,19 +348,19 @@ function display_special_courses ($user_id) {
}
if (api_get_setting('display_teacher_in_courselist') == 'true') {
echo $course['tutor'];
}
}
echo '&nbsp;';
echo Display::return_icon('klipper.png', get_lang('CourseAutoRegister'));
// show notifications
echo $show_notification;
echo "\t\t</td>\n";
echo "\t</tr>\n";
$key++;
}
echo "</table>";
}
}
}
}
@ -386,14 +386,14 @@ function display_courses($user_id) {
// Step 1: We get all the categories of the user.
$tucc = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."' ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
// We simply display the title of the category.
echo "<tr><td colspan=\"2\" class=\"user_course_category\">";
echo '<a name="category'.$row['id'].'"></a>'; // display an internal anchor.
echo $row['title'];
echo $row['title'];
echo "</td>";
echo "</tr>";
echo "</tr>";
display_courses_in_category($row['id']);
}
echo "</table>\n";
@ -409,15 +409,15 @@ function display_courses_in_category($user_category_id) {
// table definitions
$TABLECOURS = Database::get_main_table(TABLE_MAIN_COURSE);
$TABLECOURSUSER = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$TABLE_USER_COURSE_CATEGORY = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$TABLE_USER_COURSE_CATEGORY = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$TABLE_COURSE_FIELD = Database :: get_main_table(TABLE_MAIN_COURSE_FIELD);
$TABLE_COURSE_FIELD_VALUE = Database :: get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
// get course list auto-register
$sql = "SELECT course_code FROM $TABLE_COURSE_FIELD_VALUE tcfv INNER JOIN $TABLE_COURSE_FIELD tcf ON " .
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql, __FILE__, __LINE__);
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql);
if(Database::num_rows($special_course_result)>0) {
$special_course_list = array();
while ($result_row = Database::fetch_array($special_course_result)) {
@ -426,9 +426,9 @@ function display_courses_in_category($user_category_id) {
}
$without_special_courses = '';
if (!empty($special_course_list)) {
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
}
$sql_select_courses = "SELECT course.code, course.visual_code, course.subscribe subscr, course.unsubscribe unsubscr,
course.title title, course.tutor_name tutor, course.db_name, course.directory, course_rel_user.status status,
@ -439,31 +439,31 @@ function display_courses_in_category($user_category_id) {
AND course_rel_user.user_id = '".$_user['user_id']."'
AND course_rel_user.user_course_cat='".$user_category_id."' $without_special_courses
ORDER BY course_rel_user.user_course_cat, course_rel_user.sort ASC";
$result = Database::query($sql_select_courses,__FILE__,__LINE__);
$result = Database::query($sql_select_courses);
$number_of_courses = Database::num_rows($result);
$key = 0;
$status_icon = '';
while ($course = Database::fetch_array($result)) {
// get notifications
// get notifications
$my_course = array();
$my_course['db'] = $course['db_name'];
$my_course['k'] = $course['code'];
$my_course['id_session'] = null;
$my_course['s'] = $course['status'];
$show_notification = show_notification($my_course);
$my_course['s'] = $course['status'];
$show_notification = show_notification($my_course);
// course list
// course list
if ($course['status'] == COURSEMANAGER) {
$status_icon=Display::return_icon('course.gif', get_lang('Course')).' '.Display::return_icon('teachers.gif', get_lang('Status').': '.get_lang('Teacher'),array('style'=>'width:11px; height:11px;'));
}
if (($course['status'] == STUDENT && !api_is_coach()) || empty($course['status'])) {
$status_icon=Display::return_icon('course.gif', get_lang('Course')).' '.Display::return_icon('students.gif', get_lang('Status').': '.get_lang('Student'),array('style'=>'width:11px; height:11px'));
}
$progress_thematic_icon = get_thematic_progress_icon($course['db_name']);
}
$progress_thematic_icon = get_thematic_progress_icon($course['db_name']);
echo "\t<tr>\n";
echo "\t\t<td>\n";
//function logic - act on the data
$is_virtual_course = CourseManager :: is_virtual_course_from_system_code($course['code']);
if ($is_virtual_course) {
@ -476,7 +476,7 @@ function display_courses_in_category($user_category_id) {
return; //do not display this course entry
}
}
$has_virtual_courses = CourseManager :: has_virtual_courses_from_code($course['code'], api_get_user_id());
if ($has_virtual_courses) {
$course_info = api_get_course_info($course['code']);
@ -487,16 +487,16 @@ function display_courses_in_category($user_category_id) {
$course_title = $course['title'];
$course_display_code = $course['visual_code'];
}
//show a hyperlink to the course, unless the course is closed and user is not course admin
//show a hyperlink to the course, unless the course is closed and user is not course admin
$course_visibility = $course['visibility'];
if ($course_visibility != COURSE_VISIBILITY_CLOSED || $course['status'] == COURSEMANAGER) {
$course_title = '<a href="'.api_get_path(WEB_COURSE_PATH).$course['directory'].'/?id_session=0">'.$course['title'].'</a>';
if ($course_visibility != COURSE_VISIBILITY_CLOSED || $course['status'] == COURSEMANAGER) {
$course_title = '<a href="'.api_get_path(WEB_COURSE_PATH).$course['directory'].'/?id_session=0">'.$course['title'].'</a>';
} else {
$course_title = $course['title']." ".get_lang('CourseClosed');
}
echo "<div style=\"float:left;margin-right:10px;\">".$status_icon."</div><span style=\"font-size:135%;\">".$course_title."</span>&nbsp;&nbsp;<span>$progress_thematic_icon </span><br />";
if (api_get_setting('display_coursecode_in_courselist') == 'true') {
echo $course_display_code;
@ -507,9 +507,9 @@ function display_courses_in_category($user_category_id) {
if (api_get_setting('display_teacher_in_courselist') == 'true') {
echo $course['tutor'];
}
// show notifications
// show notifications
echo $show_notification;
echo "\t\t</td>\n";
echo "\t</tr>\n";
$key++;
@ -532,20 +532,20 @@ function display_courses_in_category($user_category_id) {
$tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION,$course_dbname);
$session_id = intval($session_id);
$sql = "SELECT progress FROM $tbl_course_description WHERE description_type = 8 AND session_id = '$session_id' ";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$img = '';
$title = '0%';
$image = 'level_0.png';
if (Database::num_rows($rs) > 0) {
$row = Database::fetch_array($rs);
$row = Database::fetch_array($rs);
$progress = $row['progress'];
$image = 'level_'.$progress.'.png';
$title = $row['progress'].'%';
}
$img = Display::return_icon($image,get_lang('ThematicAdvance'),array('style'=>'vertical-align:middle')).'&nbsp;'.$title;
return $img;
$title = $row['progress'].'%';
}
$img = Display::return_icon($image,get_lang('ThematicAdvance'),array('style'=>'vertical-align:middle')).'&nbsp;'.$title;
return $img;
}
/**
* Warning: this function defines a global.
@ -758,7 +758,7 @@ function get_logged_user_course_html($course, $session_id = 0, $class='courses')
$s_htlm_status_icon=Display::return_icon('course.gif', get_lang('Course')).' '.Display::return_icon('teachers.gif', get_lang('Status').': '.get_lang('Teacher'),array('style'=>'width:11px; height:11px'));
}
if ($s_course_status == 2 || ($is_coach && $s_course_status != 1)) {
$s_htlm_status_icon=Display::return_icon('course.gif', get_lang('Course')).' '.Display::return_icon('coachs.gif', get_lang('Status').': '.get_lang('GeneralCoach'),array('style'=>'width:11px; height:11px'));
$s_htlm_status_icon=Display::return_icon('course.gif', get_lang('Course')).' '.Display::return_icon('coachs.gif', get_lang('Status').': '.get_lang('GeneralCoach'),array('style'=>'width:11px; height:11px'));
}
if (($s_course_status == 5 && !$is_coach) || empty($s_course_status)) {
$s_htlm_status_icon=Display::return_icon('course.gif', get_lang('Course')).' '.Display::return_icon('students.gif', get_lang('Status').': '.get_lang('Student'),array('style'=>'width:11px; height:11px'));
@ -783,7 +783,7 @@ function get_logged_user_course_html($course, $session_id = 0, $class='courses')
$result .= $course_display_title." "." ".get_lang('CourseClosed')."";
}
$progress_thematic_icon = get_thematic_progress_icon($course_database,$session_id);
$result .= '&nbsp;&nbsp;<span>'.$progress_thematic_icon.'</span>';
$result .= '&nbsp;&nbsp;<span>'.$progress_thematic_icon.'</span>';
// show the course_code and teacher if chosen to display this
if (api_get_setting('display_coursecode_in_courselist') == 'true' || api_get_setting('display_teacher_in_courselist') == 'true') {
$result .= '<br />';
@ -807,7 +807,7 @@ function get_logged_user_course_html($course, $session_id = 0, $class='courses')
if ($s_course_status == 1 || ($s_course_status == 5 && empty($my_course['id_session'])) || empty($s_course_status)) {
$result .= $course_teacher;
}
if (($s_course_status == 5 && !empty($my_course['id_session'])) || ($is_coach && $s_course_status != 1)) {
$result .= get_lang('Coachs').': '.implode(', ',$course_coachs);
}
@ -823,7 +823,7 @@ function get_logged_user_course_html($course, $session_id = 0, $class='courses')
}
$result .= (isset($course['special_course']))? ' '.Display::return_icon('klipper.png', get_lang('CourseAutoRegister')) : '';
$current_course_settings = CourseManager :: get_access_settings($my_course['k']);
// display the what's new icons
@ -869,7 +869,7 @@ function get_logged_user_course_html($course, $session_id = 0, $class='courses')
$result .= '</ul>';
}
$result .= '</li>';
if (api_get_setting('use_session_mode') == 'true' && !$nosession) {
$session = '';
$active = false;
@ -883,7 +883,7 @@ function get_logged_user_course_html($course, $session_id = 0, $class='courses')
INNER JOIN '.$tbl_session_category.' sc ON ts.session_category_id = sc.id
WHERE ts.id='.(int) $my_course['id_session']. ' LIMIT 1';
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$sessioncoach = Database::store_result($rs);
$sessioncoach = $sessioncoach[0];
@ -933,7 +933,7 @@ function get_session_title_box($session_id) {
LEFT JOIN '.$main_user_table .' tu
ON ts.id_coach = tu.user_id
WHERE ts.id='.intval($session_id);
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$session_info = Database::store_result($rs);
$session_info = $session_info[0];
$session = array();
@ -1009,7 +1009,7 @@ function show_notification($my_course) {
USE INDEX (access_cours_code, access_user_id)
WHERE access_cours_code = '".$my_course['k']."'
AND access_user_id = '$user_id' AND access_session_id ='".$my_course['id_session']."'";
$resLastTrackInCourse = Database::query($sqlLastTrackInCourse, __FILE__, __LINE__);
$resLastTrackInCourse = Database::query($sqlLastTrackInCourse);
$oldestTrackDate = "3000-01-01 00:00:00";
while ($lastTrackInCourse = Database::fetch_array($resLastTrackInCourse)) {
$lastTrackInCourseDate[$lastTrackInCourse['access_tool']] = $lastTrackInCourse['access_date'];
@ -1034,19 +1034,19 @@ function show_notification($my_course) {
$group_ids[] = 0; //add group 'everyone'
//filter all selected items
while ($res && ($item_property = Database::fetch_array($res))) {
if ((!isset ($lastTrackInCourseDate[$item_property['tool']]) || $lastTrackInCourseDate[$item_property['tool']] < $item_property['lastedit_date'])
&& ((in_array($item_property['to_group_id'], $group_ids) && ($item_property['tool'] != TOOL_DROPBOX && $item_property['tool'] != TOOL_NOTEBOOK && $item_property['tool'] != TOOL_CHAT)))
&& ($item_property['visibility'] == '1' || ($my_course['s'] == '1' && $item_property['visibility'] == '0') || !isset ($item_property['visibility']))) {
if (($item_property['tool'] == TOOL_ANNOUNCEMENT || $item_property['tool'] == TOOL_CALENDAR_EVENT) && (($item_property['to_user_id'] != $user_id ) && (!isset($item_property['to_group_id']) || !in_array($item_property['to_group_id'],$group_ids)) )) continue;
if ($item_property['tool'] == TOOL_SURVEY) {
$survey_info = survey_manager::get_survey($item_property['ref'],0,$my_course['k']);
$invited_users = SurveyUtil::get_invited_users($survey_info['code'],$course_database);
if (!in_array($user_id,$invited_users['course_users'])) continue;
}
$notifications[$item_property['tool']] = $item_property;
if ($item_property['tool'] == TOOL_SURVEY) {
$survey_info = survey_manager::get_survey($item_property['ref'],0,$my_course['k']);
$invited_users = SurveyUtil::get_invited_users($survey_info['code'],$course_database);
if (!in_array($user_id,$invited_users['course_users'])) continue;
}
$notifications[$item_property['tool']] = $item_property;
}
}
//show all tool icons where there is something new
@ -1076,7 +1076,7 @@ function get_user_course_categories() {
$output = array();
$table_category = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM ".$table_category." WHERE user_id='".Database::escape_string($_user['user_id'])."'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$output[$row['id']] = $row['title'];
}
@ -1135,7 +1135,7 @@ if (!empty ($_GET['include']) && preg_match('/^[a-zA-Z0-9_-]*\.html$/',$_GET['in
--------------------------------------*/
// compose a structured array of session categories, sessions and courses
// for the current user
if (isset($_GET['history']) && intval($_GET['history']) == 1) {
$courses_tree = UserManager::get_sessions_by_category($_user['user_id'],true,true);
} else {
@ -1144,7 +1144,7 @@ if (!empty ($_GET['include']) && preg_match('/^[a-zA-Z0-9_-]*\.html$/',$_GET['in
foreach ($courses_tree as $cat => $sessions) {
$courses_tree[$cat]['details'] = SessionManager::get_session_category($cat);
if ($cat == 0) {
$courses_tree[$cat]['courses'] = CourseManager::get_courses_list_by_user_id($_user['user_id'],false);
$courses_tree[$cat]['courses'] = CourseManager::get_courses_list_by_user_id($_user['user_id'],false);
}
$courses_tree[$cat]['sessions'] = array_flip(array_flip($sessions));
if (count($courses_tree[$cat]['sessions'])>0) {
@ -1155,7 +1155,7 @@ if (!empty ($_GET['include']) && preg_match('/^[a-zA-Z0-9_-]*\.html$/',$_GET['in
}
}
$list = '';
$list = '';
foreach ($personal_course_list as $my_course) {
$thisCourseDbName = $my_course['db'];
$thisCourseSysCode = $my_course['k'];
@ -1200,7 +1200,7 @@ if (!empty ($_GET['include']) && preg_match('/^[a-zA-Z0-9_-]*\.html$/',$_GET['in
$sqlGetLastAnnouncements .= "WHERE DATE_FORMAT(end_date,'%Y %m %d') >= '".date("Y m d", $_user["lastLogin"])."'";
}
$sqlGetLastAnnouncements .= "ORDER BY end_date DESC LIMIT ".$maxValvas;
$resGetLastAnnouncements = Database::query($sqlGetLastAnnouncements, __FILE__, __LINE__);
$resGetLastAnnouncements = Database::query($sqlGetLastAnnouncements);
if ($resGetLastAnnouncements) {
while ($annoncement = Database::fetch_array($resGetLastAnnouncements)) {
$keyTools = 'valvas';
@ -1232,7 +1232,7 @@ if (!empty ($_GET['include']) && preg_match('/^[a-zA-Z0-9_-]*\.html$/',$_GET['in
WHERE start_date >= CURDATE()
ORDER BY start_date, start_time
LIMIT $maxAgenda";
$resGetNextAgendaEvent = Database::query($sqlGetNextAgendaEvent, __FILE__, __LINE__);
$resGetNextAgendaEvent = Database::query($sqlGetNextAgendaEvent);
if ($resGetNextAgendaEvent) {
while ($agendaEvent = Database::fetch_array($resGetNextAgendaEvent)) {
$keyTools = 'agenda';
@ -1254,7 +1254,7 @@ if (!empty ($_GET['include']) && preg_match('/^[a-zA-Z0-9_-]*\.html$/',$_GET['in
}
if (isset($_GET['history']) && intval($_GET['history']) == 1) {
echo '<h3>'.get_lang('HistoryTrainingSession').'</h3>';
echo '<h3>'.get_lang('HistoryTrainingSession').'</h3>';
if (empty($courses_tree[0]['sessions'])){
echo get_lang('YouDoNotHaveAnySessionInItsHistory');
}
@ -1277,8 +1277,8 @@ if ( is_array($courses_tree) ) {
foreach ($category['sessions'] as $session) {
//don't show empty sessions
if (count($session['courses'])<1) { continue; }
if (count($session['courses'])<1) { continue; }
//courses inside the current session
$date_session_start = $session['details']['date_start'];
$days_access_before_beginning = ($session['details']['nb_days_access_before_beginning'])*24*3600;
@ -1286,19 +1286,19 @@ if ( is_array($courses_tree) ) {
$html_courses_session = '';
$count_courses_session = 0;
foreach ($session['courses'] as $course) {
$is_coach_course = api_is_coach($session['details']['id'],$course['code']);
$is_coach_course = api_is_coach($session['details']['id'],$course['code']);
if ($is_coach_course) {
$allowed_time = (strtotime($date_session_start)-$days_access_before_beginning);
$allowed_time = (strtotime($date_session_start)-$days_access_before_beginning);
} else {
$allowed_time = strtotime($date_session_start);
}
if ($session_now > $allowed_time) {
$c = get_logged_user_course_html($course, $session['details']['id'], 'session_course_item');
$html_courses_session .= $c[1];
$count_courses_session++;
$count_courses_session++;
}
}
if ($count_courses_session > 0) {
echo '<ul class="session_box">';
echo '<li class="session_box_title" id="session_'.$session['details']['id'].'" >';
@ -1308,27 +1308,27 @@ if ( is_array($courses_tree) ) {
echo '</li>';
echo $html_courses_session;
echo '</ul>';
}
}
}
} else {
// all sessions included in
if (!empty($category['details'])) {
$count_courses_session = 0;
$html_sessions = '';
foreach ($category['sessions'] as $session) {
//don't show empty sessions
if (count($session['courses'])<1) { continue; }
if (count($session['courses'])<1) { continue; }
$date_session_start = $session['details']['date_start'];
$days_access_before_beginning = ($session['details']['nb_days_access_before_beginning'])*24*3600;
$session_now = time();
$html_courses_session = '';
$count = 0;
foreach ($session['courses'] as $course) {
$is_coach_course = api_is_coach($session['details']['id'],$course['code']);
$is_coach_course = api_is_coach($session['details']['id'],$course['code']);
if ($is_coach_course) {
$allowed_time = (strtotime($date_session_start)-$days_access_before_beginning);
$allowed_time = (strtotime($date_session_start)-$days_access_before_beginning);
} else {
$allowed_time = strtotime($date_session_start);
}
@ -1336,31 +1336,31 @@ if ( is_array($courses_tree) ) {
$c = get_logged_user_course_html($course, $session['details']['id'], 'session_course_item');
$html_courses_session .= $c[1];
$count_courses_session++;
$count++;
}
}
$count++;
}
}
if ($count > 0) {
$s = get_session_title_box($session['details']['id']);
$html_sessions .= '<ul class="session_box" id="session_'.$session['details']['id'].'">';
$html_sessions .= '<li class="session_box_title" id="session_'.$session['details']['id'].'">';
$html_sessions .= Display::return_icon('div_hide.gif', get_lang('Expand').'/'.get_lang('Hide'), array('align' => 'absmiddle', 'id' => 'session_img_'.$session['details']['id'])) . ' ';
$html_sessions .= Display::return_icon('div_hide.gif', get_lang('Expand').'/'.get_lang('Hide'), array('align' => 'absmiddle', 'id' => 'session_img_'.$session['details']['id'])) . ' ';
$html_sessions .= get_lang('SessionName') . ': ' . $s['title']. ' - '.(!empty($s['coach'])?$s['coach'].' - ':'').$s['dates'];
$html_sessions .= '</li>';
$html_sessions .= $html_courses_session;
$html_sessions .= '</ul>';
}
}
}
if ($count_courses_session > 0) {
echo '<div class="session_category" id="session_category_'.$category['details']['id'].'" style="background-color:#fbfbfb; border:1px solid #dddddd; padding:5px; margin-top: 10px;">';
echo '<div class="session_category_title_box" id="session_category_title_box_'.$category['details']['id'].'" style="font-size:larger; color: #555555;">'. Display::return_icon('div_hide.gif', get_lang('Expand').'/'.get_lang('Hide'), array('align' => 'absmiddle', 'id' => 'category_img_'.$category['details']['id'])) . ' ' . get_lang('SessionCategory') . ': ' . $category['details']['name'].' - '.get_lang('From').' '.$category['details']['date_start'].' '.get_lang('Until').' '.$category['details']['date_end'].'</div>';
echo $html_sessions;
echo '<div class="session_category_title_box" id="session_category_title_box_'.$category['details']['id'].'" style="font-size:larger; color: #555555;">'. Display::return_icon('div_hide.gif', get_lang('Expand').'/'.get_lang('Hide'), array('align' => 'absmiddle', 'id' => 'category_img_'.$category['details']['id'])) . ' ' . get_lang('SessionCategory') . ': ' . $category['details']['name'].' - '.get_lang('From').' '.$category['details']['date_start'].' '.get_lang('Until').' '.$category['details']['date_end'].'</div>';
echo $html_sessions;
echo '</div>';
}
}
}
}
}
}
@ -1477,7 +1477,7 @@ if ( is_array($list) ) {
}
echo "\n</ul><br /><br />\n";
}
}
}
*/
echo '</div>'; // end of content section
@ -1522,40 +1522,40 @@ if (isset($toolsList) and is_array($toolsList) and isset($digest)) {
echo '<div class="menusection">';
echo '<span class="menusectioncaption">'.get_lang('MenuUser').'</span>';
//user image
// @todo add a platform setting to add the user image
if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_message_tool') == 'true') {
$img_array= UserManager::get_user_picture_path_by_id(api_get_user_id(),'web',true,true);
$img_array= UserManager::get_user_picture_path_by_id(api_get_user_id(),'web',true,true);
$no_image =false;
if ($img_array['file'] == 'unknown.jpg') {
$no_image =true;
}
}
$img_array = UserManager::get_picture_user(api_get_user_id(), $img_array['file'], 50, USER_IMAGE_SIZE_MEDIUM, ' width="90" height="90" ');
echo '<div class="clear"></div>';
echo '<div id="social_widget" >';
echo ' <div id="social_widget_image">';
if ($no_image == false) {
echo '<a href="'.api_get_path(WEB_PATH).'main/social/home.php"><img src="'.$img_array['file'].'" '.$img_array['style'].' border="1"></a>';
} else {
} else {
echo '<a href="'.api_get_path(WEB_PATH).'main/auth/profile.php"><img title="'.get_lang('EditProfile').'" src="'.$img_array['file'].'" '.$img_array['style'].' border="1"></a>';
}
echo '</div>';
echo '</div>';
require_once api_get_path(LIBRARY_PATH).'message.lib.php';
require_once api_get_path(LIBRARY_PATH).'social.lib.php';
require_once api_get_path(LIBRARY_PATH).'group_portal_manager.lib.php';
// New messages
$number_of_new_messages = MessageManager::get_new_messages();
// New contact invitations
$number_of_new_messages_of_friend = SocialManager::get_message_number_invitation_by_user_id(api_get_user_id());
// New group invitations sent by a moderator
$group_pending_invitations = GroupPortalManager::get_groups_by_user(api_get_user_id(), GROUP_USER_PERMISSION_PENDING_INVITATION,false);
$group_pending_invitations = count($group_pending_invitations);
$total_invitations = $number_of_new_messages_of_friend + $group_pending_invitations;
$cant_msg = '';
if ($number_of_new_messages > 0) {
@ -1568,18 +1568,18 @@ if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_messa
if (api_get_setting('show_tabs', 'social') == 'true') {
$link = '?f=social';
}
echo '<a href="'.api_get_path(WEB_PATH).'main/messages/inbox.php'.$link.'" class="message-body">'.get_lang('Inbox').$cant_msg.' </a><br />';
echo '<a href="'.api_get_path(WEB_PATH).'main/messages/inbox.php'.$link.'" class="message-body">'.get_lang('Inbox').$cant_msg.' </a><br />';
echo '<a href="'.api_get_path(WEB_PATH).'main/messages/new_message.php'.$link.'" class="message-body">'.get_lang('Compose').' </a><br />';
//echo '<a href="'.api_get_path(WEB_PATH).'main/auth/profile.php" class="message-body">'.get_lang('EditMyProfile').' </a><br />';
if ($total_invitations > 0) {
if ($total_invitations > 0) {
echo '<a href="'.api_get_path(WEB_PATH).'main/social/invitations.php" class="message-body">'.get_lang('PendingInvitations').' ('.$total_invitations.') </a><br />';
}
echo '</p>';
echo '</div>';
echo '</div>';
echo '</div><div class="clear"></div>';
}
}
// My account section
@ -1603,7 +1603,7 @@ echo '</div>'; //close menusection
//deleting the myprofile link
if (api_get_setting('allow_social_tool') == true) {
unset($menu_navigation['myprofile']);
unset($menu_navigation['myprofile']);
}
// Main navigation section
@ -1618,7 +1618,7 @@ if (!empty($menu_navigation)) {
echo '<a href="'.$navigation_info['url'].'" target="_self">'.$navigation_info['title'].'</a>';
echo '</li>';
echo "\n";
}
echo '</ul>';
echo '</div>';

2
webchatdeny.php
Unescape View File

@ -22,7 +22,7 @@ $track_user_table = Database::get_main_table(TABLE_MAIN_USER);
if (isset($_user['user_id']) && $_user['user_id'] != '') {
$_user['user_id'] = intval($_user['user_id']);
$sql = "update $track_user_table set chatcall_user_id = '', chatcall_date = '', chatcall_text='DENIED' where (user_id = ".$_user['user_id'].")";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
Display::display_header();

38
whoisonline.php
Unescape View File

@ -107,7 +107,7 @@ if ($_GET['chatid'] != '') {
$chatid = addslashes($_GET['chatid']);
if ($_GET['chatid'] == strval(intval($_GET['chatid']))) {
$sql = "update $track_user_table set chatcall_user_id = '".Database::escape_string($_user['user_id'])."', chatcall_date = '".Database::escape_string($time)."', chatcall_text = '' where (user_id = ".(int)Database::escape_string($chatid).")";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
//redirect caller to chat
header("Location: ".$_configuration['code_append']."chat/chat.php?".api_get_cidreq()."&origin=whoisonline&target=".Security::remove_XSS($chatid));
exit;
@ -117,7 +117,7 @@ if ($_GET['chatid'] != '') {
// This if statement prevents users accessing the who's online feature when it has been disabled.
if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) || ((api_get_setting('showonline', 'users') == 'true' || api_get_setting('showonline', 'course') == 'true') && $_user['user_id'])) {
if(isset($_GET['cidReq']) && strlen($_GET['cidReq']) > 0) {
$user_list = Who_is_online_in_this_course($_user['user_id'], api_get_setting('time_limit_whosonline'), $_GET['cidReq']);
} else {
@ -125,19 +125,19 @@ if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) ||
}
$total = count($user_list);
if (!isset($_GET['id'])) {
if (!isset($_GET['id'])) {
Display::display_header(get_lang('UsersOnLineList'));
if (api_get_setting('allow_social_tool') == 'true') {
if (!api_is_anonymous()) {
echo '<div id="social-content-left">';
//this include the social menu div
if (!api_is_anonymous()) {
echo '<div id="social-content-left">';
//this include the social menu div
SocialManager::show_social_menu('whoisonline');
echo '</div>';
}
echo '</div>';
}
if ($_GET['id'] == '') {
echo '<p><a class="refresh" href="javascript:window.location.reload()">'.get_lang('Refresh').'</a></p>';
} /*else {
@ -149,18 +149,18 @@ if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) ||
} else {
echo '<div class="actions-title">';
echo get_lang('UsersOnLineList');
echo '</div>';
}
echo '</div>';
}
}
if ($user_list) {
if (!isset($_GET['id'])) {
if (api_get_setting('allow_social_tool') == 'true') {
echo '<div id="social-content-right">';
echo '<div id="social-content-right">';
//this include the social menu div
if (!api_is_anonymous()) {
echo UserManager::get_search_form($_GET['q']);
}
}
}
SocialManager::display_user_list($user_list);
echo '</div>';
@ -172,10 +172,10 @@ if ((api_get_setting('showonline', 'world') == 'true' && !$_user['user_id']) ||
Display::display_header(get_lang('UsersOnLineList'));
echo '<div class="actions-title">';
echo get_lang('UsersOnLineList');
echo '</div>';
echo '</div>';
}
} else {
Display::display_header(get_lang('UsersOnLineList'));
Display::display_error_message(get_lang('AccessNotAllowed'));

6
whoisonlinesession.php
Unescape View File

@ -53,7 +53,7 @@ Display::display_header(get_lang('UserOnlineListSession'));
INNER JOIN $tbl_session_course_user as srcru
ON srcru.id_user = ".$_user['user_id']." AND srcru.status=2
AND session.id = srcru.id_session
ORDER BY date_start, date_end, name",__FILE__,__LINE__);
ORDER BY date_start, date_end, name");
while ($session = Database:: fetch_array($result)) {
$session_is_coach[$session['id']] = $session;
@ -65,7 +65,7 @@ Display::display_header(get_lang('UserOnlineListSession'));
date_end
FROM $tbl_session as session
WHERE session.id_coach = ".$_user['user_id']."
ORDER BY date_start, date_end, name",__FILE__,__LINE__);
ORDER BY date_start, date_end, name");
while ($session = Database:: fetch_array($result)) {
$session_is_coach[$session['id']] = $session;
}
@ -84,7 +84,7 @@ Display::display_header(get_lang('UserOnlineListSession'));
WHERE access_session_id='".$session['id']."'
AND NOW()-access_date<1000 GROUP BY access_user_id";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while($user_list = Database::fetch_array($result)) {
$students_online[$user_list['access_user_id']] = $user_list;

Write Preview
Loading…
Cancel
Save