chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use Database::insert/Database::update

Browse Source
1.10.x
Julio Montoya 10 years ago
parent b0435938ad
commit c7c85d5c20
7 changed files with 234 additions and 175 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 39
      main/admin/course_edit.php
  2. 35
      main/course_info/infocours.php
  3. 53
      main/document/edit_document.php
  4. 95
      main/dropbox/dropbox_class.inc.php
  5. 32
      main/dropbox/dropbox_config.inc.php
  6. 104
      main/dropbox/dropbox_functions.inc.php
  7. 51
      main/inc/lib/notebook.lib.php

39
main/admin/course_edit.php
Unescape View File

@ -323,20 +323,22 @@ if ($form->validate()) {
$department_url = 'http://' . $department_url;
}
$sql = "UPDATE $course_table SET
course_language='" . Database::escape_string($course_language) . "',
title='" . Database::escape_string($title) . "',
category_code='" . Database::escape_string($category_code) . "',
visual_code='" . Database::escape_string($visual_code) . "',
department_name='" . Database::escape_string($department_name) . "',
department_url='" . Database::escape_string($department_url) . "',
disk_quota='" . Database::escape_string($disk_quota) . "',
visibility = '" . Database::escape_string($visibility) . "',
subscribe = '" . Database::escape_string($subscribe) . "',
unsubscribe='" . Database::escape_string($unsubscribe) . "'
WHERE id = $courseId ";
Database::query($sql);
$params = [
'course_language' => $course_language,
'title' => $title,
'category_code' => $category_code,
'visual_code' => $visual_code,
'department_name' => $department_name,
'department_url' => $department_url,
'disk_quota' => $disk_quota,
'visibility' => $visibility,
'subscribe' => $subscribe,
'unsubscribe' => $unsubscribe,
];
Database::update($course_table, $params, ['id = ?' => $courseId]);
// update the extra fields
$courseFieldValue = new ExtraFieldValue('course');
$courseFieldValue->saveFieldValues($course);
@ -377,17 +379,6 @@ if ($form->validate()) {
}
}
// No need to register me as a teacher.
/*
$sql = "INSERT IGNORE INTO " . $course_user_table . " SET
c_id = " . $courseInfo['real_id'] . ",
user_id = '" . $tutor_id . "',
status = '1',
is_tutor ='0',
sort = '0',
user_course_cat='0'";
Database::query($sql);
*/
if (array_key_exists('add_teachers_to_sessions_courses', $courseInfo)) {
$sql = "UPDATE $course_table SET
add_teachers_to_sessions_courses = '$addTeacherToSessionCourses'
@ -396,8 +387,6 @@ if ($form->validate()) {
}
$course_id = $courseInfo['real_id'];
/* $forum_config_table = Database::get_course_table(TOOL_FORUM_CONFIG_TABLE);
$sql = "UPDATE ".$forum_config_table." SET default_lang='".Database::escape_string($course_language)."' WHERE c_id = $course_id "; */
Display::addFlash(Display::return_message(get_lang('ItemUpdated')));

35
main/course_info/infocours.php
Unescape View File

@ -479,27 +479,24 @@ if ($form->validate() && is_settings_editable()) {
'activate_legal'
);
foreach ($updateValues as $index =>$value) {
$updateValues[$index] = Database::escape_string($value);
}
$activeLegal = isset($updateValues['activate_legal']) ? $updateValues['activate_legal'] : '';
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql = "UPDATE $table_course SET
title = '".$updateValues['title']."',
course_language = '".$updateValues['course_language']."',
category_code = '".$updateValues['category_code']."',
department_name = '".$updateValues['department_name']."',
department_url = '".$updateValues['department_url']."',
visibility = '".$updateValues['visibility']."',
subscribe = '".$updateValues['subscribe']."',
unsubscribe = '".$updateValues['unsubscribe']."',
legal = '".$updateValues['legal']."',
activate_legal = '".$activeLegal."',
registration_code = '".$updateValues['course_registration_password']."'
WHERE id = $courseId";
Database::query($sql);
$params = [
'title' => $updateValues['title'],
'course_language' => $updateValues['course_language'],
'category_code' => $updateValues['category_code'],
'department_name' => $updateValues['department_name'],
'department_url' => $updateValues['department_url'],
'visibility' => $updateValues['visibility'],
'subscribe' => $updateValues['subscribe'],
'unsubscribe' => $updateValues['unsubscribe'],
'legal' => $updateValues['legal'],
'activate_legal' => $activeLegal,
'registration_code' => $updateValues['course_registration_password'],
];
Database::update($table_course, $params, ['id = ?' => $courseId]);
// Insert/Updates course_settings table
foreach ($courseSettings as $setting) {

53
main/document/edit_document.php
Unescape View File

@ -195,8 +195,8 @@ if (!api_is_allowed_to_edit()) {
if (isset($_POST['comment'])) {
// Fixing the path if it is wrong
$comment = Database::escape_string(trim($_POST['comment']));
$title = Database::escape_string(trim($_POST['title']));
$comment = trim($_POST['comment']);
$title = trim($_POST['title']);
// Just in case see BT#3525
if (empty($title)) {
@ -208,10 +208,16 @@ if (isset($_POST['comment'])) {
}
if (!empty($document_id)) {
$query = "UPDATE $dbTable SET comment='".$comment."', title='".$title."'
WHERE c_id = $course_id AND id = ".$document_id;
Database::query($query);
$info_message = get_lang('fileModified');
$params = [
'comment' => $comment,
'title' => $title,
];
Database::update(
$dbTable,
$params,
['c_id = ? AND id = ?' => [$course_id, $document_id]]
);
Display::addFlash(Display::return_message(get_lang('fileModified')));
}
}
@ -224,10 +230,6 @@ if ($is_allowed_to_edit) {
$content = isset($_POST['content']) ? trim(str_replace(array("\r", "\n"), '', stripslashes($_POST['content']))) : null;
$content = Security::remove_XSS($content, COURSEMANAGERLOWSECURITY);
/*if (!strstr($content, '/css/frames.css')) {
$content = str_replace('</title></head>', '</title><link rel="stylesheet" href="../css/frames.css" type="text/css" /></head>', $content);
}*/
if ($dir == '/') {
$dir = '';
}
@ -237,7 +239,7 @@ if ($is_allowed_to_edit) {
$read_only_flag = empty($read_only_flag) ? 0 : 1;
if (empty($filename)) {
$msgError = get_lang('NoFileName');
Display::addFlash(Display::return_message(get_lang('NoFileName'), 'warning'));
} else {
$file_size = filesize($document_data['absolute_path']);
@ -350,10 +352,10 @@ if ($is_allowed_to_edit) {
header('Location: document.php?id=' . $document_data['parent_id'] . '&' . api_get_cidreq() . ($is_certificate_mode?'&curdirpath=/certificates&selectcat=1':''));
exit;
} else {
$msgError = get_lang('Impossible');
Display::addFlash(Display::return_message(get_lang('Impossible'), 'warning'));
}
} else {
$msgError = get_lang('Impossible');
Display::addFlash(Display::return_message(get_lang('Impossible'), 'warning'));
}
} else {
if ($document_id) {
@ -393,20 +395,6 @@ if (file_exists($document_data['absolute_path'])) {
$nameTools = get_lang('EditDocument') . ': '.Security::remove_XSS($document_data['title']);
Display::display_header($nameTools, 'Doc');
if (isset($msgError)) {
Display::display_error_message($msgError);
}
if (isset($info_message)) {
Display::display_confirmation_message($info_message);
if (isset($_POST['origin'])) {
$slide_id = $_POST['origin_opt'];
$call_from_tool = $_POST['origin'];
}
}
// Owner
$document_info = api_get_item_property_info(
api_get_course_int_id(),
'document',
@ -573,19 +561,14 @@ function change_name($base_work_dir, $source_file, $rename_to, $dir, $doc)
}
update_db_info('update', $source_file, $new_full_file_name); // fileManage API
$name_changed = get_lang('ElRen');
$info_message = get_lang('fileModified');
Display::addFlash(Display::return_message(get_lang('fileModified')));
$GLOBALS['file_name'] = $rename_to;
$GLOBALS['doc'] = $rename_to;
return $info_message;
return true;
} else {
$dialogBox = get_lang('FileExists'); // TODO: This variable is not used.
/* Return to step 1 */
$rename = $source_file;
unset($source_file);
Display::addFlash(Display::return_message(get_lang('FileExists')));
}
}

95
main/dropbox/dropbox_class.inc.php
Unescape View File

@ -120,31 +120,38 @@ class Dropbox_Work
if ($this->isOldWork) {
$this->id = $res['id'];
$this->upload_date = $res['upload_date'];
$sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET
filesize = '".intval($this->filesize)."' ,
title = '".Database::escape_string($this->title)."',
description = '".Database::escape_string($this->description)."',
author = '".Database::escape_string($this->author)."',
last_upload_date = '".Database::escape_string($this->last_upload_date)."'
WHERE c_id = $course_id AND id = ".intval($this->id)."";
Database::query($sql);
$params = [
'filesize' => $this->filesize,
'title' => $this->title,
'description' => $this->description,
'author' => $this->author,
'last_upload_date' => $this->last_upload_date,
'session_id' => api_get_session_id(),
];
Database::update(
$dropbox_cnf['tbl_file'],
$params,
['c_id = ? AND id = ?' => [$course_id, $this->id]]
);
} else {
$this->upload_date = $this->last_upload_date;
$sql = "INSERT INTO ".$dropbox_cnf['tbl_file']." (c_id, uploader_id, filename, filesize, title, description, author, upload_date, last_upload_date, session_id)
VALUES ( $course_id,
'".intval($this->uploader_id)."'
, '".Database::escape_string($this->filename)."'
, '".intval($this->filesize)."'
, '".Database::escape_string($this->title)."'
, '".Database::escape_string($this->description)."'
, '".Database::escape_string($this->author)."'
, '".Database::escape_string($this->upload_date)."'
, '".Database::escape_string($this->last_upload_date)."'
, ".api_get_session_id()."
)";
Database::query($sql);
$this->id = Database::insert_id(); // Get automatically inserted id
$params = [
'c_id' => $course_id,
'uploader_id' => $this->uploader_id,
'filename' => $this->filename,
'filesize' => $this->filesize,
'title' => $this->title,
'description' => $this->description,
'author' => $this->author,
'upload_date' => $this->upload_date,
'last_upload_date' => $this->last_upload_date,
'session_id' => api_get_session_id(),
];
$this->id = Database::insert($dropbox_cnf['tbl_file'], $params);
if ($this->id) {
$sql = "UPDATE ".$dropbox_cnf['tbl_file']." SET id = iid WHERE iid = {$this->id}";
Database::query($sql);
@ -162,11 +169,6 @@ class Dropbox_Work
$sql = "INSERT INTO ".$dropbox_cnf['tbl_person']." (c_id, file_id, user_id)
VALUES ($course_id, ".intval($this->id)." , ".intval($this->uploader_id).")";
Database::query($sql);
/*$id = Database::insert_id();
if ($id) {
$sql = "UPDATE ".$dropbox_cnf['tbl_person']." SET id = iid WHERE iid = {$this->id}";
Database::query($sql);
}*/
}
}
@ -312,7 +314,7 @@ class Dropbox_SentWork extends Dropbox_Work
$user_id = (int)$rec['id'];
$sql = "INSERT INTO $table_post (c_id, file_id, dest_user_id, session_id)
VALUES ($course_id, $file_id, $user_id, $session_id)";
$result = Database::query($sql);
Database::query($sql);
// If work already exists no error is generated
/**
@ -325,7 +327,7 @@ class Dropbox_SentWork extends Dropbox_Work
// Do not add recipient in person table if mailing zip or just upload.
if (!$justSubmit) {
$result = Database::query($sql); // If work already exists no error is generated
Database::query($sql); // If work already exists no error is generated
}
}
@ -336,7 +338,15 @@ class Dropbox_SentWork extends Dropbox_Work
if (($recipid = $rec["id"]) > $dropbox_cnf['mailingIdBase']) {
$recipid = $ownerid; // mailing file recipient = mailing id, not a person
}
api_item_property_update($_course, TOOL_DROPBOX, $this->id, 'DropboxFileAdded', $ownerid, null, $recipid) ;
api_item_property_update(
$_course,
TOOL_DROPBOX,
$this->id,
'DropboxFileAdded',
$ownerid,
null,
$recipid
);
}
}
@ -660,7 +670,8 @@ class Dropbox_Person
}
//$file_id = $this->sentWork[$index]->id;
// Delete entries in person table concerning sent works
$sql = "DELETE FROM ".$dropbox_cnf['tbl_person']." WHERE c_id = $course_id AND user_id='".$this->userId."' AND file_id='".$id."'";
$sql = "DELETE FROM ".$dropbox_cnf['tbl_person']."
WHERE c_id = $course_id AND user_id='".$this->userId."' AND file_id='".$id."'";
Database::query($sql);
removeMoreIfMailing($id);
removeUnusedFiles(); // Check for unused files
@ -694,13 +705,25 @@ class Dropbox_Person
die(get_lang('GeneralError').' (code 221)');
}
$feedback_date = date('Y-m-d H:i:s', time());
$feedback_date = api_get_utc_datetime();
$this->receivedWork[$wi]->feedback_date = $feedback_date;
$this->receivedWork[$wi]->feedback = $text;
Database::query("UPDATE ".$dropbox_cnf['tbl_post']." SET feedback_date='".
Database::escape_string($feedback_date)."', feedback='".Database::escape_string($text).
"' WHERE c_id = $course_id AND dest_user_id='".$this->userId."' AND file_id='".$id."'");
$params = [
'feedback_date' => $feedback_date,
'feedback' => $text,
];
Database::update(
$dropbox_cnf['tbl_post'],
$params,
[
'c_id = ? AND dest_user_id = ? AND file_id = ?' => [
$course_id,
$this->userId,
$id,
],
]
);
// Update item_property table

32
main/dropbox/dropbox_config.inc.php
Unescape View File

@ -4,29 +4,29 @@
/**
* DATABASE TABLE VARIABLES
*/
$dropbox_cnf['tbl_user'] = Database::get_main_table(TABLE_MAIN_USER);
$dropbox_cnf['tbl_user'] = Database::get_main_table(TABLE_MAIN_USER);
$dropbox_cnf['tbl_course_user'] = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$dropbox_cnf['tbl_post'] = Database::get_course_table(TABLE_DROPBOX_POST);
$dropbox_cnf['tbl_file'] = Database::get_course_table(TABLE_DROPBOX_FILE);
$dropbox_cnf['tbl_person'] = Database::get_course_table(TABLE_DROPBOX_PERSON);
$dropbox_cnf['tbl_intro'] = Database::get_course_table(TABLE_TOOL_INTRO);
$dropbox_cnf['tbl_category'] = Database::get_course_table(TABLE_DROPBOX_CATEGORY);
$dropbox_cnf['tbl_feedback'] = Database::get_course_table(TABLE_DROPBOX_FEEDBACK);
$dropbox_cnf['tbl_post'] = Database::get_course_table(TABLE_DROPBOX_POST);
$dropbox_cnf['tbl_file'] = Database::get_course_table(TABLE_DROPBOX_FILE);
$dropbox_cnf['tbl_person'] = Database::get_course_table(TABLE_DROPBOX_PERSON);
$dropbox_cnf['tbl_intro'] = Database::get_course_table(TABLE_TOOL_INTRO);
$dropbox_cnf['tbl_category'] = Database::get_course_table(TABLE_DROPBOX_CATEGORY);
$dropbox_cnf['tbl_feedback'] = Database::get_course_table(TABLE_DROPBOX_FEEDBACK);
/**
* INITIALISE OTHER VARIABLES & CONSTANTS
*/
$dropbox_cnf['courseId'] = $_cid;
$dropbox_cnf['courseId'] = $_cid;
//path to dropbox subdir in course containing the uploaded files
$dropbox_cnf['sysPath'] = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/dropbox';
$dropbox_cnf['webPath'] = api_get_path(WEB_COURSE_PATH) . $_course['path'] . '/dropbox';
$dropbox_cnf['sysPath'] = api_get_path(SYS_COURSE_PATH) . $_course['path'] . '/dropbox';
$dropbox_cnf['webPath'] = api_get_path(WEB_COURSE_PATH) . $_course['path'] . '/dropbox';
//file size limit as imposed by the platform admin (see Chamilo Config Settings on the platform administration section)
$dropbox_cnf['maxFilesize'] = api_get_setting('dropbox_max_filesize');
$dropbox_cnf['allowOverwrite'] = api_string_2_boolean(api_get_setting('dropbox_allow_overwrite'));
$dropbox_cnf['allowJustUpload'] = api_string_2_boolean(api_get_setting('dropbox_allow_just_upload'));
$dropbox_cnf['allowStudentToStudent'] = api_string_2_boolean(api_get_setting('dropbox_allow_student_to_student'));
$dropbox_cnf['allowGroup'] = api_string_2_boolean(api_get_setting('dropbox_allow_group'));
$dropbox_cnf['maxFilesize'] = api_get_setting('dropbox_max_filesize');
$dropbox_cnf['allowOverwrite'] = api_string_2_boolean(api_get_setting('dropbox_allow_overwrite'));
$dropbox_cnf['allowJustUpload'] = api_string_2_boolean(api_get_setting('dropbox_allow_just_upload'));
$dropbox_cnf['allowStudentToStudent'] = api_string_2_boolean(api_get_setting('dropbox_allow_student_to_student'));
$dropbox_cnf['allowGroup'] = api_string_2_boolean(api_get_setting('dropbox_allow_group'));
/**
* MAILING VARIABLES
@ -43,4 +43,4 @@ $dropbox_cnf['mailingWhereLOGINNAME'] = 'username';
$dropbox_cnf['mailingFileRegexp'] = '/^(.+)\.\w{1,4}$/';
$dropbox_cnf['sent_received_tabs'] = true;
return $dropbox_cnf;
return $dropbox_cnf;

104
main/dropbox/dropbox_functions.inc.php
Unescape View File

@ -221,16 +221,20 @@ function store_move($id, $target, $part)
if ((isset($id) AND $id != '') AND (isset($target) AND $target != '') AND (isset($part) AND $part != '')) {
if ($part == 'received') {
$sql = "UPDATE ".$dropbox_cnf["tbl_post"]." SET cat_id = ".intval($target)."
WHERE c_id = $course_id AND dest_user_id = ".intval($_user['user_id'])."
AND file_id = ".intval($id)."";
$sql = "UPDATE ".$dropbox_cnf["tbl_post"]."
SET cat_id = ".intval($target)."
WHERE c_id = $course_id AND dest_user_id = ".intval($_user['user_id'])."
AND file_id = ".intval($id)."";
Database::query($sql);
$return_message = get_lang('ReceivedFileMoved');
}
if ($part == 'sent') {
$sql = "UPDATE ".$dropbox_cnf["tbl_file"]." SET cat_id = ".intval($target)."
WHERE c_id = $course_id AND uploader_id = ".intval($_user['user_id'])."
AND id = ".intval($id)."";
$sql = "UPDATE ".$dropbox_cnf["tbl_file"]."
SET cat_id = ".intval($target)."
WHERE
c_id = $course_id AND
uploader_id = ".intval($_user['user_id'])." AND
id = ".intval($id)."";
Database::query($sql);
$return_message = get_lang('SentFileMoved');
}
@ -380,23 +384,56 @@ function store_addcategory()
if (!$_POST['edit_id']) {
$session_id = api_get_session_id();
// step 3a, we check if the category doesn't already exist
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND user_id='".$_user['user_id']."' AND cat_name='".Database::escape_string($_POST['category_name'])."' AND received='".$received."' AND sent='$sent' AND session_id='$session_id'";
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']."
WHERE
c_id = $course_id AND
user_id='".$_user['user_id']."' AND
cat_name='".Database::escape_string($_POST['category_name'])."' AND
received='".$received."' AND
sent='$sent' AND
session_id='$session_id'";
$result = Database::query($sql);
// step 3b, we add the category if it does not exist yet.
if (Database::num_rows($result) == 0) {
$sql = "INSERT INTO ".$dropbox_cnf['tbl_category']." (c_id, cat_name, received, sent, user_id, session_id)
VALUES ($course_id, '".Database::escape_string($_POST['category_name'])."', '".Database::escape_string($received)."', '".Database::escape_string($sent)."', ".intval($_user['user_id']).", $session_id)";
Database::query($sql);
$params = [
'c_id' => $course_id,
'cat_name' => $_POST['category_name'],
'received' => $received,
'sent' => $sent,
'user_id' => $_user['user_id'],
'session_id' => $session_id,
];
$id = Database::insert($dropbox_cnf['tbl_category'], $params);
if ($id) {
$sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_id = iid WHERE iid = $id";
Database::query($sql);
}
return array('type' => 'confirmation', 'message' => get_lang('CategoryStored'));
} else {
return array('type' => 'error', 'message' => get_lang('CategoryAlreadyExistsEditIt'));
}
} else {
$sql = "UPDATE ".$dropbox_cnf['tbl_category']." SET cat_name='".Database::escape_string($_POST['category_name'])."', received='".Database::escape_string($received)."' , sent='".Database::escape_string($sent)."'
WHERE c_id = $course_id AND user_id = ".intval($_user['user_id'])."
AND cat_id = ".intval($_POST['edit_id'])."";
Database::query($sql);
$params = [
'cat_name' => $_POST['category_name'],
'received' => $received,
'sent' => $sent
];
Database::update(
$dropbox_cnf['tbl_category'],
$params,
[
'c_id = ? AND user_id = ? AND cat_id = ?' => [
$course_id,
$_user['user_id'],
$_POST['edit_id'],
],
]
);
return array('type' => 'confirmation', 'message' => get_lang('CategoryModified'));
}
}
@ -420,11 +457,15 @@ function display_addcategory_form($category_name = '', $id = '', $action)
if (isset($id) AND $id != '') {
// retrieve the category we are editing
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']." WHERE c_id = $course_id AND cat_id = ".intval($id)."";
$sql = "SELECT * FROM ".$dropbox_cnf['tbl_category']."
WHERE c_id = $course_id AND cat_id = ".intval($id)."";
$result = Database::query($sql);
$row = Database::fetch_array($result);
if (empty($category_name)) { // after an edit with an error we do not want to return to the original name but the name we already modified. (happens when createinrecievedfiles AND createinsentfiles are not checked)
if (empty($category_name)) {
// after an edit with an error we do not want to return to the
// original name but the name we already modified.
// (happens when createinrecievedfiles AND createinsentfiles are not checked)
$category_name = $row['cat_name'];
}
if ($row['received'] == '1') {
@ -445,10 +486,8 @@ function display_addcategory_form($category_name = '', $id = '', $action)
if ($action == 'editcategory') {
$text = get_lang('ModifyCategory');
$class = 'save';
} elseif ($action == 'addreceivedcategory' or $action == 'addsentcategory') {
} elseif ($action == 'addreceivedcategory' || $action == 'addsentcategory') {
$text = get_lang('CreateCategory');
$class = 'add';
}
$form = new FormValidator('add_new_category', 'post', api_get_self().'?view='.Security::remove_XSS($_GET['view']));
@ -462,7 +501,7 @@ function display_addcategory_form($category_name = '', $id = '', $action)
$form->addElement('text', 'category_name', get_lang('CategoryName'));
$form->addRule('category_name', get_lang('ThisFieldIsRequired'), 'required');
$form->addElement('button', 'StoreCategory', $text);
$form->addButtonSave($text, 'StoreCategory');
$defaults = array();
$defaults['category_name'] = $category_name;
@ -755,11 +794,13 @@ function removeMoreIfMailing($file_id)
if ($res = Database::fetch_array($result)) {
$mailingPseudoId = $res['dest_user_id'];
if ($mailingPseudoId > dropbox_cnf('mailingIdBase')) {
$sql = "DELETE FROM " . dropbox_cnf('tbl_person') . " WHERE c_id = $course_id AND user_id='" . $mailingPseudoId . "'";
$sql = "DELETE FROM " . dropbox_cnf('tbl_person') . "
WHERE c_id = $course_id AND user_id='" . $mailingPseudoId . "'";
Database::query($sql);
$sql = "UPDATE " . dropbox_cnf('tbl_file') .
" SET uploader_id='" . api_get_user_id() . "' WHERE c_id = $course_id AND uploader_id='" . $mailingPseudoId . "'";
$sql = "UPDATE " . dropbox_cnf('tbl_file') ."
SET uploader_id='" . api_get_user_id() . "'
WHERE c_id = $course_id AND uploader_id='" . $mailingPseudoId . "'";
Database::query($sql);
}
}
@ -1073,9 +1114,20 @@ function store_feedback()
if (empty($_POST['feedback'])) {
return get_lang('PleaseTypeText');
} else {
$sql="INSERT INTO ".$dropbox_cnf['tbl_feedback']." (c_id, file_id, author_user_id, feedback, feedback_date) VALUES
($course_id, '".intval($_GET['id'])."','".api_get_user_id()."','".Database::escape_string($_POST['feedback'])."', '".api_get_utc_datetime()."')";
Database::query($sql);
$params = [
'c_id' => $course_id,
'file_id' => $_GET['id'],
'author_user_id' => api_get_user_id(),
'feedback' => $_POST['feedback'],
'feedback_date' => api_get_utc_datetime(),
];
$id = Database::insert($dropbox_cnf['tbl_feedback'], $params);
if ($id) {
$sql = "UPDATE ".$dropbox_cnf['tbl_feedback']." SET feedback_id = iid WHERE iid = $id";
Database::query($sql);
}
return get_lang('DropboxFeedbackStored');
}
}

51
main/inc/lib/notebook.lib.php
Unescape View File

@ -118,32 +118,48 @@ class NotebookManager
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University, Belgium
* @version januari 2009, dokeos 1.8.6
*/
static function update_note($values) {
static function update_note($values)
{
if (!is_array($values) or empty($values['note_title'])) {
return false;
}
// Database table definition
$t_notebook = Database :: get_course_table(TABLE_NOTEBOOK);
$table = Database :: get_course_table(TABLE_NOTEBOOK);
$course_id = api_get_course_int_id();
$sessionId = api_get_session_id();
$sql = "UPDATE $t_notebook SET
user_id = '" . api_get_user_id() . "',
course = '" . Database::escape_string(api_get_course_id()) . "',
session_id = '" . $sessionId . "',
title = '" . Database::escape_string($values['note_title']) . "',
description = '" . Database::escape_string($values['note_comment']) . "',
update_date = '" . Database::escape_string(date('Y-m-d H:i:s')) . "'
WHERE c_id = $course_id AND notebook_id = '" . Database::escape_string($values['notebook_id']) . "'";
$result = Database::query($sql);
$affected_rows = Database::affected_rows($result);
$params = [
'user_id' => api_get_user_id(),
'course' => api_get_course_id(),
'session_id' => $sessionId,
'title' => $values['note_title'],
'description' => $values['note_comment'],
'update_date' => api_get_utc_datetime(),
];
Database::update(
$table,
$params,
[
'c_id = ? AND notebook_id = ?' => [
$course_id,
$values['notebook_id'],
],
]
);
// update item_property (update)
api_item_property_update(
api_get_course_info(),
TOOL_NOTEBOOK,
$values['notebook_id'],
'NotebookUpdated',
api_get_user_id()
);
return true;
//update item_property (update)
api_item_property_update(api_get_course_info(), TOOL_NOTEBOOK, $values['notebook_id'], 'NotebookUpdated', api_get_user_id());
if (!empty($affected_rows)) {
return true;
}
}
static function delete_note($notebook_id)
@ -170,7 +186,6 @@ class NotebookManager
static function display_notes()
{
global $_user;
if (!isset($_GET['direction'])) {
$sort_direction = 'ASC';

Write Preview
Loading…
Cancel
Save