From 01d984ee773b13773ec92ac2c63c2398076a13ac Mon Sep 17 00:00:00 2001 From: Yannick Warnier Date: Mon, 29 Dec 2014 16:06:54 +0100 Subject: [PATCH 001/105] Partially fixes security issues - refs #7440 --- main/reservation/rsys.php | 130 +++++++++++++++++++------------------- 1 file changed, 65 insertions(+), 65 deletions(-) diff --git a/main/reservation/rsys.php b/main/reservation/rsys.php index f7f7c19bb7..5472906e60 100755 --- a/main/reservation/rsys.php +++ b/main/reservation/rsys.php @@ -33,7 +33,7 @@ class Rsys { */ function get_num_subscriptions_reservationperiods($res_id) { $sql = "SELECT COUNT(*) FROM ".Rsys :: getTable("subscription")." s - WHERE s.reservation_id = '".Database::escape_string($res_id)."'"; + WHERE s.reservation_id = '".intval($res_id)."'"; return @ Database::result(Database::query($sql), 0, 0); } @@ -134,9 +134,9 @@ class Rsys { * @param - String $name The name * @return - int The id */ - function add_category($naam) { - if (Rsys :: check_category($naam)) { - $sql = "INSERT INTO ".Rsys :: getTable("category")." (name) VALUES ('".Database::escape_string($naam)."')"; + function add_category($name) { + if (Rsys :: check_category($name)) { + $sql = "INSERT INTO ".Rsys :: getTable("category")." (name) VALUES ('".Database::escape_string($name)."')"; Database::query($sql); return Database::insert_id(); } @@ -150,7 +150,7 @@ class Rsys { * @return - boolean True or False */ function check_category($name, $id=0) { - $sql = "SELECT name FROM ".Rsys :: getTable("category")." WHERE LCASE(name)='".strtolower(Database::escape_string($name))."' AND id<>".Database::escape_string($id).""; + $sql = "SELECT name FROM ".Rsys :: getTable("category")." WHERE LCASE(name)='".strtolower(Database::escape_string($name))."' AND id<>".intval($id).""; $Result = Database::query($sql); return (Database::num_rows($Result) == 0); } @@ -163,7 +163,7 @@ class Rsys { */ function edit_category($id, $name) { if (Rsys :: check_category($name, $id)) { - $sql = "UPDATE ".Rsys :: getTable("category")." SET name = '".Database::escape_string($name)."' WHERE id =".Database::escape_string($id).""; + $sql = "UPDATE ".Rsys :: getTable("category")." SET name = '".Database::escape_string($name)."' WHERE id =".intval($id).""; Database::query($sql); return $id; } @@ -177,10 +177,10 @@ class Rsys { */ function delete_category($id) { $id = intval($id); - $sql = "SELECT id FROM ".Rsys :: getTable("item")." WHERE category_id=".Database::escape_string($id).""; + $sql = "SELECT id FROM ".Rsys :: getTable("item")." WHERE category_id=".inval($id).""; $result = Database::query($sql); if (Database::num_rows($result) == 0) { - $sql2 = "DELETE FROM ".Rsys :: getTable("category")." WHERE id =".Database::escape_string($id).""; + $sql2 = "DELETE FROM ".Rsys :: getTable("category")." WHERE id =".intval($id).""; Database::query($sql2); return 0; } else { @@ -200,7 +200,7 @@ class Rsys { $id = intval($id); $sql = "SELECT * FROM ".Rsys :: getTable("category"); if (!empty ($id)) - $sql .= " WHERE id = ".Database::escape_string($id).""; + $sql .= " WHERE id = ".intval($id).""; else $sql .= " ORDER BY ".$orderby; $arr = Database::store_result(Database::query($sql)); @@ -308,8 +308,8 @@ class Rsys { function check_item($item, $category, $id=0) { $sql = "SELECT name FROM ".Rsys :: getTable("item")." WHERE LCASE(name)='".strtolower(Database::escape_string($item))."' - AND category_id=".Database::escape_string($category)." - AND id<>".Database::escape_string($id).""; + AND category_id=".intval($category)." + AND id<>".intval($id).""; $Result = Database::query($sql); return (Database::num_rows($Result) == 0); } @@ -325,7 +325,7 @@ class Rsys { */ function add_item($name, $description, $category, $course = "") { if (Rsys :: check_item($name, $category)) { - $sql = "INSERT INTO ".Rsys :: getTable("item")." (category_id,course_code,name,description,creator) VALUES ('".Database::escape_string($category)."','".Database::escape_string($course)."','".Database::escape_string($name)."','".Database::escape_string($description)."','".api_get_user_id()."')"; + $sql = "INSERT INTO ".Rsys :: getTable("item")." (category_id,course_code,name,description,creator) VALUES ('".intval($category)."','".Database::escape_string($course)."','".Database::escape_string($name)."','".Database::escape_string($description)."','".api_get_user_id()."')"; Database::query($sql); return Database::insert_id(); } @@ -346,8 +346,8 @@ class Rsys { return false; if (!Rsys :: check_item($name, $category, $id)) return false; - $sql = "UPDATE ".Rsys :: getTable("item")." SET category_id='".Database::escape_string($category)."',course_code='".Database::escape_string($course)."',name='".Database::escape_string($name)."',description='".Database::escape_string($description)."' " . - "WHERE id =".Database::escape_string($id).""; + $sql = "UPDATE ".Rsys :: getTable("item")." SET category_id='".intval($category)."',course_code='".Database::escape_string($course)."',name='".Database::escape_string($name)."',description='".Database::escape_string($description)."' " . + "WHERE id =".intval($id).""; Database::query($sql); return $id; } @@ -360,18 +360,18 @@ class Rsys { function delete_item($id) { if (!Rsys :: item_allow($id, 'delete')) return false; - $sql = "SELECT id,end_at FROM".Rsys :: getTable('reservation')." WHERE item_id=".Database::escape_string($id).""; + $sql = "SELECT id,end_at FROM".Rsys :: getTable('reservation')." WHERE item_id=".intval($id).""; $result = Database::query($sql); while ($array = Database::fetch_array($result)) { if (Rsys :: mysql_datetime_to_timestamp(date('Y-m-d H:i:s')) <= Rsys :: mysql_datetime_to_timestamp($array[1])) $checked = true; } if (!$checked) { - $sql = "DELETE FROM ".Rsys :: getTable("item")." WHERE id =".Database::escape_string($id).""; + $sql = "DELETE FROM ".Rsys :: getTable("item")." WHERE id =".intval($id).""; Database::query($sql); - $sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id =".Database::escape_string($id).""; + $sql = "DELETE FROM ".Rsys :: getTable("item_rights")." WHERE item_id =".intval($id).""; Database::query($sql); - $sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE item_id =".Database::escape_string($id).""; + $sql = "DELETE FROM ".Rsys :: getTable("reservation")." WHERE item_id =".intval($id).""; Database::query($sql); return '0'; } else { @@ -403,7 +403,7 @@ class Rsys { LEFT JOIN ".Rsys :: getTable("item_rights")." ir ON ir.item_id=i.id LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = i.id LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id - WHERE i.id='".Database::escape_string($item_id)."' AND (". (!empty ($x) ? "(cu.user_id='".api_get_user_id()."' AND ".$x.") OR " : '')." i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).")"; + WHERE i.id='".intval($item_id)."' AND (". (!empty ($x) ? "(cu.user_id='".api_get_user_id()."' AND ".$x.") OR " : '')." i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).")"; return Database::num_rows(Database::query($sql)) > 0; } @@ -415,7 +415,7 @@ class Rsys { * @return - Array The returned rows */ function get_item($id = null, $orderby = "name ASC") { - $id = Database::escape_string($id); + $id = intval($id); $sql = "SELECT i.* FROM ".Rsys :: getTable("item")." i"; if (!empty ($id)) { if (!Rsys :: item_allow($id, 'view')) @@ -438,7 +438,7 @@ class Rsys { */ function is_blackout($itemid) { $sql = "SELECT id FROM ".Rsys :: getTable("item"); - $sql .= " WHERE id = ".Database::escape_string($itemid)." AND blackout=1"; + $sql .= " WHERE id = ".intval($itemid)." AND blackout=1"; return Database::num_rows(Database::query($sql)) == 1; } @@ -450,7 +450,7 @@ class Rsys { * @return - Array The returned rows */ function get_category_items($id, $orderby = "name ASC") { - $sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE category_id = ".Database::escape_string($id)." ORDER BY ".$orderby; + $sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE category_id = ".intval($id)." ORDER BY ".$orderby; $arr = Database::store_result(Database::query($sql)); return $arr; } @@ -463,7 +463,7 @@ class Rsys { * @return - Array The returned rows */ function get_course_items($id, $orderby = "name ASC") { - $sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE course_id = ".Database::escape_string($id)." ORDER BY ".$orderby; + $sql = "SELECT * FROM ".Rsys :: getTable("item")." WHERE course_code = ".Database::escape_string($id)." ORDER BY ".$orderby; $arr = Database::store_result(Database::query($sql)); return $arr; } @@ -486,7 +486,7 @@ class Rsys { WHERE ((cu.user_id='".api_get_user_id()."' AND (ir.edit_right=1 OR ir.delete_right=1)) OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).")"; if (!empty ($_GET['cat']) && $_GET['cat'] <> 0) { - $sql .= " AND ca.id = '".Database::escape_string($_GET['cat'])."' "; + $sql .= " AND ca.id = '".intval($_GET['cat'])."' "; } $from = intval($from); @@ -533,7 +533,7 @@ class Rsys { * @return - Array The returned rows */ function get_table_itemrights($from, $per_page, $column, $direction) { - $itemid = Database::escape_string($_GET['item_id']); + $itemid = intval($_GET['item_id']); $sql = "SELECT id, name FROM ".Database :: get_main_table(TABLE_MAIN_CLASS); $result = Database::query($sql); while ($array = Database::fetch_array($result, 'NUM')) { @@ -591,8 +591,8 @@ class Rsys { } function set_new_right($item_id, $class_id, $column, $value) { - $item_id = Database::escape_string($item_id); - $class_id = Database::escape_string($class_id); + $item_id = intval($item_id); + $class_id = intval($class_id); $value = Database::escape_string($value); $column = Database::escape_string($column); @@ -625,7 +625,7 @@ class Rsys { * @return - Array The returned rows */ function get_itemfiltered_class($item_id) { - $item_id = Database::escape_string($item_id); + $item_id = intval($item_id); $sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." WHERE id NOT IN (SELECT class_id FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."') ORDER BY name ASC, code ASC"; $arr = Database::store_result(Database::query($sql)); @@ -639,7 +639,7 @@ class Rsys { * @return - int The amount */ function get_num_itemfiltered_class($item_id) { - $item_id = Database::escape_string($item_id); + $item_id = intval($item_id); $sql = "SELECT COUNT(id) FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." WHERE id NOT IN (SELECT class_id FROM ".Rsys :: getTable("item_rights")." WHERE item_id='".$item_id."') ORDER BY name ASC, code ASC"; return Database::result(Database::query($sql), 0, 0); } @@ -656,7 +656,7 @@ class Rsys { function add_item_right($item_id, $class_id, $edit, $delete, $m_reservation) { if (!Rsys :: item_allow($item_id, 'm_rights')) return false; - $sql = "INSERT INTO ".Rsys :: getTable("item_rights")." (item_id,class_id,edit_right,delete_right,m_reservation) VALUES ('".Database::escape_string($item_id)."','".Database::escape_string($class_id)."','".Database::escape_string($edit)."','".Database::escape_string($delete)."','".Database::escape_string($m_reservation)."')"; + $sql = "INSERT INTO ".Rsys :: getTable("item_rights")." (item_id,class_id,edit_right,delete_right,m_reservation) VALUES ('".intval($item_id)."','".intval($class_id)."','".Database::escape_string($edit)."','".Database::escape_string($delete)."','".Database::escape_string($m_reservation)."')"; Database::query($sql); } @@ -671,8 +671,8 @@ class Rsys { * @return - int The id */ function edit_item_right($item_id, $class_id, $edit, $delete, $m_reservation) { - $item_id = Database::escape_string($item_id); - $class_id = Database::escape_string($class_id); + $item_id = intval($item_id); + $class_id = intval($class_id); if (!Rsys :: item_allow($item_id, 'm_rights')) return false; @@ -686,8 +686,8 @@ class Rsys { * @param - int $id The id */ function delete_item_right($item_id, $class_id) { - $item_id = Database::escape_string($item_id); - $class_id = Database::escape_string($class_id); + $item_id = intval($item_id); + $class_id = intval($class_id); if (!Rsys :: item_allow($item_id, 'm_rights')) return false; @@ -696,15 +696,15 @@ class Rsys { } function get_class_group($class_id) { - $class_id = Database::escape_string($class_id); + $class_id = intval($class_id); $sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_CLASS)." WHERE id='".$class_id."'"; $arr = Database::store_result(Database::query($sql)); return $arr; } function get_item_rights($item_id, $class_id) { - $item_id = Database::escape_string($item_id); - $class_id = Database::escape_string($class_id); + $item_id = intval($item_id); + $class_id = intval($class_id); $sql = "SELECT * FROM ".Rsys :: getTable('item_rights')." WHERE item_id='".$item_id."' AND class_id='".$class_id."'"; $arr = Database::store_result(Database::query($sql)); @@ -712,7 +712,7 @@ class Rsys { } function black_out_changer($item_id) { - $item_id = Database::escape_string($item_id); + $item_id = intval($item_id); $sql = "SELECT blackout FROM ".Rsys :: getTable("item")." WHERE id='".$item_id."'"; $Value = Database::store_result(Database::query($sql)); ($Value[0][0] == 0 ? $changedValue = 1 : $changedValue = 0); @@ -723,7 +723,7 @@ class Rsys { } function black_out_notifier($item_id, $value) { - $item_id = Database::escape_string($item_id); + $item_id = intval($item_id); $value = Database::escape_string($value); $sql = "SELECT id, timepicker FROM ".Rsys :: getTable('reservation')." @@ -791,7 +791,7 @@ class Rsys { } function check_date($item_id, $start_date, $end_date, $start_at, $end_at) { - $item_id = Database::escape_string($item_id); + $item_id = intval($item_id); $start_date = Database::escape_string($start_date); $end_date = Database::escape_string($end_date); $start_at = Database::escape_string($start_at); @@ -826,8 +826,8 @@ class Rsys { } function check_date_edit($item_id, $start_date, $end_date, $start_at, $end_at, $reservation_id) { - $item_id = Database::escape_string($item_id); - $reservation_id = Database::escape_string($reservation_id); + $item_id = intval($item_id); + $reservation_id = intval($reservation_id); $start_date = Database::escape_string($start_date); $end_date = Database::escape_string($end_date); $start_at = Database::escape_string($start_at); @@ -882,7 +882,7 @@ class Rsys { * Returns an array with items from a category linked to rights(used by m_reservations.php) */ function get_cat_r_items($category) { - $category = Database::escape_string($category); + $category = intval($category); $sql = "SELECT i.id,i.name as catitem FROM ".Rsys :: getTable('item')." i INNER JOIN ".Rsys :: getTable('category')." cat ON cat.id=i.category_id @@ -901,7 +901,7 @@ class Rsys { * Returns an array with [ itemID => "category/item" ] with view_rights (used by reservation.php) */ function get_cat_items($category) { - $category = Database::escape_string($category); + $category = intval($category); $sql = "SELECT i.id,i.name as catitem FROM ".Rsys :: getTable('item')." i INNER JOIN ".Rsys :: getTable('category')." cat ON cat.id=i.category_id @@ -955,7 +955,7 @@ class Rsys { } function check_edit_right($id) { - $id = Database::escape_string($id); + $id = intval($id); $sql = "SELECT r.id FROM ".Rsys :: getTable('reservation')." r INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id @@ -971,7 +971,7 @@ class Rsys { } function check_delete_right($id) { - $id = Database::escape_string($id); + $id = intval($id); $sql = "SELECT r.id FROM ".Rsys :: getTable('reservation')." r INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id @@ -987,7 +987,7 @@ class Rsys { } function check_auto_accept($id) { - $id = Database::escape_string($id); + $id = intval($id); $sql = "SELECT auto_accept FROM ".Rsys :: getTable('reservation')." WHERE id='".$id."'"; return Database::result(Database::query($sql), 0, 0); } @@ -1068,7 +1068,7 @@ class Rsys { } } - $sql = "INSERT INTO ".Rsys :: getTable("reservation")." (item_id,auto_accept,max_users,start_at,end_at,subscribe_from,subscribe_until,notes,timepicker,timepicker_min,timepicker_max,subid) VALUES ('".Database::escape_string($item_id)."','".Database::escape_string($auto_accept)."','". (intval($max_users) > 1 ? $max_users : 1)."','".Database::escape_string($start_at)."','".Database::escape_string($end_at)."','".Database::escape_string($subscribe_from)."','".Database::escape_string($subscribe_until)."','".Database::escape_string($notes)."','".$timepicker."','".$min."','".$max."','". ($subid == 0 ? 0 : $subid)."')"; + $sql = "INSERT INTO ".Rsys :: getTable("reservation")." (item_id,auto_accept,max_users,start_at,end_at,subscribe_from,subscribe_until,notes,timepicker,timepicker_min,timepicker_max,subid) VALUES ('".intval($item_id)."','".Database::escape_string($auto_accept)."','". (intval($max_users) > 1 ? $max_users : 1)."','".Database::escape_string($start_at)."','".Database::escape_string($end_at)."','".Database::escape_string($subscribe_from)."','".Database::escape_string($subscribe_until)."','".Database::escape_string($notes)."','".$timepicker."','".$min."','".$max."','". ($subid == 0 ? 0 : $subid)."')"; Database::query($sql); return 0; } @@ -1082,7 +1082,7 @@ class Rsys { * */ function edit_reservation($id, $item_id, $auto_accept, $max_users, $start_at, $end_at, $subscribe_from, $subscribe_until, $notes, $timepicker) { - $id = Database::escape_string($id); + $id = intval($id); if (!Rsys :: item_allow($item_id, 'm_reservation')) return false; @@ -1116,7 +1116,7 @@ class Rsys { } else { $auto_accept = 0; } - $sql = "UPDATE ".Rsys :: getTable("reservation")." SET item_id='".Database::escape_string($item_id)."',auto_accept='".Database::escape_string($auto_accept)."',max_users='". ($max_users > 1 ? $max_users : 1)."',start_at='".Database::escape_string($start_at)."',end_at='".Database::escape_string($end_at)."',subscribe_from='".Database::escape_string($subscribe_from)."',subscribe_until='".Database::escape_string($subscribe_until)."',notes='".Database::escape_string($notes)."' WHERE id='".$id."'"; + $sql = "UPDATE ".Rsys :: getTable("reservation")." SET item_id='".intval($item_id)."',auto_accept='".Database::escape_string($auto_accept)."',max_users='". ($max_users > 1 ? $max_users : 1)."',start_at='".Database::escape_string($start_at)."',end_at='".Database::escape_string($end_at)."',subscribe_from='".Database::escape_string($subscribe_from)."',subscribe_until='".Database::escape_string($subscribe_until)."',notes='".Database::escape_string($notes)."' WHERE id='".$id."'"; Database::query($sql); return 0; } @@ -1125,7 +1125,7 @@ class Rsys { * Deletes a reservation */ function delete_reservation($id) { - $id = Database::escape_string($id); + $id = intval($id); $sql = "SELECT id FROM ".Rsys :: getTable("reservation")."WHERE id='".$id."' OR subid='".$id."'"; $result2 = Database::query($sql); @@ -1148,7 +1148,7 @@ class Rsys { } function is_owner_item($id) { - $id = Database::escape_string($id); + $id = intval($id); $sql = "SELECT creator FROM ".Rsys :: getTable('item')." i ,".Rsys :: getTable('reservation')." r where i.id = r.item_id and r.id = '".$id."' @@ -1160,7 +1160,7 @@ class Rsys { } function get_reservation($id) { - $id = Database::escape_string($id); + $id = intval($id); $sql = "SELECT * FROM ".Rsys :: getTable('reservation')." r @@ -1301,7 +1301,7 @@ class Rsys { and s.reservation_id = r.id"; if (!empty ($_GET['rid'])) { - $sql .= " and r.id = '".Database::escape_string($_GET['rid'])."'"; + $sql .= " and r.id = '".intval($_GET['rid'])."'"; } $sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page; $result = Database::query($sql); @@ -1354,7 +1354,7 @@ class Rsys { function set_accepted($id, $value) { global $subscription; - $id = Database::escape_string($id); + $id = intval($id); $value = Database::escape_string($value); $sql = "UPDATE ".Rsys :: getTable('subscription')." SET ACCEPTED='".$value."' WHERE dummy='".$id."'"; Database::query($sql); @@ -1407,7 +1407,7 @@ class Rsys { */ function check_date_subscription($reservation_id, $start_at, $end_at) { - $reservation_id = Database::escape_string($reservation_id); + $reservation_id = intval($reservation_id); $start_at = Database::escape_string($start_at); $end_at = Database::escape_string($end_at); @@ -1461,7 +1461,7 @@ class Rsys { } function check_date_month_calendar($date, $itemid) { - $itemid = Database::escape_string($itemid); + $itemid = intval($itemid); $date = Database::escape_string($date); $sql = "SELECT id FROM ".Rsys :: getTable('reservation')." @@ -1485,13 +1485,13 @@ class Rsys { * @param - int $reservation_id The id off the reservation */ function add_subscription($reservation_id, $user_id, $accepted) { - $reservation_id = Database::escape_string($reservation_id); - $user_id = Database::escape_string($user_id); - $accepted = Database::escape_string($accepted); + $reservation_id = intval($reservation_id); + $user_id = intval($user_id); + $accepted = intval($accepted); $sql = "SELECT user_id FROM ".Rsys :: getTable("subscription")." WHERE user_id='".$user_id."' AND reservation_id='".$reservation_id."'"; if (Database::num_rows(Database::query($sql)) == 0) { - $sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."')"; + $sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted) VALUES ('".intval($user_id)."','".intval($reservation_id)."','". ($accepted ? '1' : '0')."')"; Database::query($sql); $sql = "UPDATE ".Rsys :: getTable("reservation")." SET subscribers=subscribers+1 WHERE id='".$reservation_id."'"; Database::query($sql); @@ -1528,7 +1528,7 @@ class Rsys { if ((Rsys :: mysql_datetime_to_timestamp($end_date)-Rsys :: mysql_datetime_to_timestamp($start_date)) > ($max*60)) return 3; } - $sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted,start_at,end_at) VALUES ('".Database::escape_string($user_id)."','".Database::escape_string($reservation_id)."','". ($accepted ? '1' : '0')."','".$start_date."','".$end_date."')"; + $sql = "INSERT INTO ".Rsys :: getTable("subscription")." (user_id,reservation_id,accepted,start_at,end_at) VALUES ('".intval($user_id)."','".intval($reservation_id)."','". ($accepted ? '1' : '0')."','".$start_date."','".$end_date."')"; Database::query($sql); return 0; } @@ -1539,7 +1539,7 @@ class Rsys { function delete_subscription($reservation_id, $dummy) { $sql = "DELETE FROM ".Rsys :: getTable("subscription")." WHERE dummy='".Database::escape_string($dummy)."'"; Database::query($sql); - $sql = "UPDATE ".Rsys :: getTable("reservation")." SET subscribers=subscribers-1 WHERE id='".Database::escape_string($reservation_id)."'"; + $sql = "UPDATE ".Rsys :: getTable("reservation")." SET subscribers=subscribers-1 WHERE id='".intval($reservation_id)."'"; Database::query($sql); } @@ -1642,7 +1642,7 @@ class Rsys { * ['max_end_at'] = the maximal end_at in all reservations (usefull to build table) */ function get_item_reservations($from, $till, $itemid) { - $itemid = Database::escape_string($itemid); + $itemid = intval($itemid); $till = Database::escape_string($till); $from = Database::escape_string($from); @@ -1698,7 +1698,7 @@ class Rsys { * Returns $reservation_id=>"START_AT - END_AT" */ function get_item_subfiltered_reservations($item_id) { - $itemid = Database::escape_string($itemid); + $itemid = intval($itemid); $sql = "SELECT r.id AS reservation_id, r.start_at, r.end_at FROM ".Rsys :: getTable('reservation')." r INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id From 52c806a671d8f782f128edeefe8f42977e4c1907 Mon Sep 17 00:00:00 2001 From: Yannick Warnier Date: Thu, 1 Jan 2015 15:13:34 +0100 Subject: [PATCH 002/105] Fix possible issue checking the courses directory during installation on a host with default IP --- main/install/install.lib.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/main/install/install.lib.php b/main/install/install.lib.php index 9281b7bb1d..24b85dd608 100755 --- a/main/install/install.lib.php +++ b/main/install/install.lib.php @@ -2185,6 +2185,13 @@ function check_course_script_interpretation($course_dir, $course_attempt_name, $ $parsed_url = parse_url($url); //$scheme = isset($parsedUrl['scheme']) ? $parsedUrl['scheme'] : ''; //http $host = isset($parsed_url['host']) ? $parsed_url['host'] : ''; + // Patch if the host is the default host and is used through + // the IP address (sometimes the host is not taken correctly + // in this case) + if (empty($host) && !empty($_SERVER['HTTP_HOST'])) { + $host = $_SERVER['HTTP_HOST']; + $url = preg_replace('#:///#', '://'.$host.'/', $url); + } $path = isset($parsed_url['path']) ? $parsed_url['path'] : '/'; $port = isset($parsed_url['port']) ? $parsed_url['port'] : '80'; From eb9b9fc3f51f10b6eb9fe53b6a343d27a36625a8 Mon Sep 17 00:00:00 2001 From: robbosch Date: Fri, 9 Jan 2015 08:46:35 +0100 Subject: [PATCH 003/105] Changing UI --- main/gradebook/lib/be/category.class.php | 12 +++++------- main/gradebook/lib/fe/displaygradebook.php | 2 +- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/main/gradebook/lib/be/category.class.php b/main/gradebook/lib/be/category.class.php index 4847165488..e015b8e143 100755 --- a/main/gradebook/lib/be/category.class.php +++ b/main/gradebook/lib/be/category.class.php @@ -1631,14 +1631,12 @@ class Category implements GradebookItem if (!empty($fileWasGenerated)) { $url = api_get_path(WEB_PATH) . 'certificates/index.php?id=' . $my_certificate['id']; $certificates = Display::url( - Display::return_icon( - 'certificate_download.png', - get_lang('DownloadCertificate'), - array(), - ICON_SIZE_MEDIUM - ).' '.get_lang('DownloadCertificate'), + ' '.get_lang('DownloadCertificate'), $url, - array('target' => '_blank') + array( + 'target' => '_blank', + 'class' => 'btn' + ) ); $exportToPDF = Display::url( Display::return_icon( diff --git a/main/gradebook/lib/fe/displaygradebook.php b/main/gradebook/lib/fe/displaygradebook.php index fb73ceaa6f..7d7058d91c 100755 --- a/main/gradebook/lib/fe/displaygradebook.php +++ b/main/gradebook/lib/fe/displaygradebook.php @@ -455,7 +455,7 @@ class DisplayGradebook if (!empty($certificateLinkInfo) && isset($certificateLinkInfo['certificate_link'])) { $certificateLink .= ' ' . $certificateLinkInfo['certificate_link'].""; } - $scoreinfo .= '

' . get_lang('Total') . ' : ' . $scorecourse_display . $certificateLink. '

'; + $scoreinfo .= '

' . get_lang('Total') . ' : ' . $scorecourse_display . $certificateLink. '

'; } Display :: display_normal_message($scoreinfo, false); From b14bcb36ad2145721205145561ae9a2d024a3a36 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 9 Jan 2015 09:02:33 +0100 Subject: [PATCH 004/105] Adding option $_configuration['certificate_pdf_orientation'] See BT#9250 --- main/gradebook/lib/be/category.class.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/main/gradebook/lib/be/category.class.php b/main/gradebook/lib/be/category.class.php index e015b8e143..8a8559d48c 100755 --- a/main/gradebook/lib/be/category.class.php +++ b/main/gradebook/lib/be/category.class.php @@ -1680,7 +1680,13 @@ class Category implements GradebookItem $catId, $userList = array() ) { + $orientation = api_get_configuration_value('certificate_pdf_orientation'); + $params['orientation'] = 'landscape'; + if (!empty($orientation)) { + $params['orientation'] = $orientation; + } + $params['left'] = 0; $params['right'] = 0; $params['top'] = 0; From 73e381620438970423d371e717ad0bb8d5667a29 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 9 Jan 2015 12:20:14 +0100 Subject: [PATCH 005/105] Adding exercise_max_fckeditors_in_page setting see BT#9247 --- main/exercice/exercise_show.php | 34 ++++++++++++++++++++++++++--- main/install/configuration.dist.php | 3 +++ 2 files changed, 34 insertions(+), 3 deletions(-) diff --git a/main/exercice/exercise_show.php b/main/exercice/exercise_show.php index d5ff900ba4..a9cd087e99 100755 --- a/main/exercice/exercise_show.php +++ b/main/exercice/exercise_show.php @@ -72,6 +72,7 @@ if (api_is_course_session_coach( } } +$maxEditors = isset($_configuration['exercise_max_fckeditors_in_page']) ? $_configuration['exercise_max_fckeditors_in_page'] : 0; $is_allowedToEdit = api_is_allowed_to_edit(null, true) || $is_courseTutor || api_is_session_admin() || api_is_drh(); //Getting results from the exe_id. This variable also contain all the information about the exercise @@ -128,6 +129,8 @@ if ($origin != 'learnpath') { } ?> - -
-
-
-
    - - -
    -
    - - -
    -
    -
    - - + + +
    +
    +
    +
      + + + +
      + + +
      +
      +
      + + +
      +
      -
    -
    -
    -
    - '.get_lang('RandomPick').'

    '; - ?> -
-
-
-
    - '.get_lang('CourseCategories').''; - - $action = 'display_courses'; - // level 1 - foreach ($browse_course_categories[0] as $category) { - $category_name = $category['name']; - $category_code = $category['code']; - $count_courses_lv1 = $category['count_courses']; - - if ($code == $category_code) { - $category_link = ''.$category_name.' ('.$count_courses_lv1.')'; + + + '.$category_name.' ('.$count_courses_lv1.') '; - } else { - $category_link = ''.$category_name.' ('.$count_courses_lv1.')'; - } + $hidden_links = 1; } - echo '
  • '.$category_link.'
    • '; - - // level 2 - if (!empty($browse_course_categories[$category_code])) { - foreach ($browse_course_categories[$category_code] as $subcategory1) { - $subcategory1_name = $subcategory1['name']; - $subcategory1_code = $subcategory1['code']; - $count_courses_lv2 = $subcategory1['count_courses']; - if ($code == $subcategory1_code) { - $subcategory1_link = ''.$subcategory1_name.' ('.$count_courses_lv2.')'; - } else { - $subcategory1_link = ''.get_lang('RandomPick').'

    '; + ?> +
+
+
+
    + '.get_lang('CourseCategories').''; + + $action = 'display_courses'; + // level 1 + foreach ($browse_course_categories[0] as $category) { + $category_name = $category['name']; + $category_code = $category['code']; + $count_courses_lv1 = $category['count_courses']; + + if ($code == $category_code) { + $category_link = ''.$category_name.' ('.$count_courses_lv1.')'; + } else { + if (!empty($count_courses_lv1)) { + $category_link = ''.$subcategory1_name.' ('.$count_courses_lv2.') '; + ) .'">'.$category_name.' ('.$count_courses_lv1.') '; + } else { + $category_link = ''.$category_name.' ('.$count_courses_lv1.')'; } - echo '
  • '.$subcategory1_link.'
    • '; - - // level 3 - if (!empty($browse_course_categories[$subcategory1_code])) { - foreach ($browse_course_categories[$subcategory1_code] as $subcategory2) { - $subcategory2_name = $subcategory2['name']; - $subcategory2_code = $subcategory2['code']; - $count_courses_lv3 = $subcategory2['count_courses']; - if ($code == $subcategory2_code) { - $subcategory2_link = ''.$subcategory2_name.' ('.$count_courses_lv3.')'; - } else { - $subcategory2_link = ''.$subcategory2_name.' ('.$count_courses_lv3.')'; - } - echo '
  • '.$subcategory2_link.'
    • '; - - // level 4 - if (!empty($browse_course_categories[$subcategory2_code])) { - foreach ($browse_course_categories[$subcategory2_code] as $subcategory3) { - $subcategory3_name = $subcategory3['name']; - $subcategory3_code = $subcategory3['code']; - $count_courses_lv4 = $subcategory3['count_courses']; - if ($code == $subcategory3_code) { - $subcategory3_link = ''.$subcategory3_name.' ('.$count_courses_lv4.')'; - } else { - $subcategory3_link = ''.$subcategory3_name.' ('.$count_courses_lv4.') '; + } + echo '
  • '.$category_link.'
    • '; + + // level 2 + if (!empty($browse_course_categories[$category_code])) { + foreach ($browse_course_categories[$category_code] as $subcategory1) { + $subcategory1_name = $subcategory1['name']; + $subcategory1_code = $subcategory1['code']; + $count_courses_lv2 = $subcategory1['count_courses']; + if ($code == $subcategory1_code) { + $subcategory1_link = ''.$subcategory1_name.' ('.$count_courses_lv2.')'; + } else { + $subcategory1_link = ''.$subcategory1_name.' ('.$count_courses_lv2.') '; + } + echo '
  • '.$subcategory1_link.'
    • '; + + // level 3 + if (!empty($browse_course_categories[$subcategory1_code])) { + foreach ($browse_course_categories[$subcategory1_code] as $subcategory2) { + $subcategory2_name = $subcategory2['name']; + $subcategory2_code = $subcategory2['code']; + $count_courses_lv3 = $subcategory2['count_courses']; + if ($code == $subcategory2_code) { + $subcategory2_link = ''.$subcategory2_name.' ('.$count_courses_lv3.')'; + } else { + $subcategory2_link = ''.$subcategory2_name.' ('.$count_courses_lv3.')'; + } + echo '
  • '.$subcategory2_link.'
    • '; + + // level 4 + if (!empty($browse_course_categories[$subcategory2_code])) { + foreach ($browse_course_categories[$subcategory2_code] as $subcategory3) { + $subcategory3_name = $subcategory3['name']; + $subcategory3_code = $subcategory3['code']; + $count_courses_lv4 = $subcategory3['count_courses']; + if ($code == $subcategory3_code) { + $subcategory3_link = ''.$subcategory3_name.' ('.$count_courses_lv4.')'; + } else { + $subcategory3_link = ''.$subcategory3_name.' ('.$count_courses_lv4.') '; + } + echo '
  • '.$subcategory3_link.'
    • '; } - echo '
  • '.$subcategory3_link.'
    • '; } } } } } - } - } ?> -
-
+ } ?> + +
- -
-
    -
    • -
  • - - - - - -
    • -
    • -
    -
    - 'span2', - 'id' => 'date', - 'readonly' => '' - )); ?> - -
    -
    -
+ +
+
    +
    • +
  • + + + + + +
    • +
    • +
    +
    + 'span2', + 'id' => 'date', + 'readonly' => '' + )); ?> + +
    +
    +
+
+
- -
-
-
-

-
- - +
+

+
+ + ".get_lang('SearchResultsFor')." ".Security::remove_XSS($_POST['search_term'])."
"; - } + if (!empty($search_term)) { + echo "

".get_lang('SearchResultsFor')." ".Security::remove_XSS($_POST['search_term'])."
"; + } - $ajax_url = api_get_path(WEB_AJAX_PATH).'course.ajax.php?a=add_course_vote'; - $user_id = api_get_user_id(); + $ajax_url = api_get_path(WEB_AJAX_PATH).'course.ajax.php?a=add_course_vote'; + $user_id = api_get_user_id(); - if (!empty($browse_courses_in_category)) { + if (!empty($browse_courses_in_category)) { - foreach ($browse_courses_in_category as $course) { + foreach ($browse_courses_in_category as $course) { - $course_hidden = ($course['visibility'] == COURSE_VISIBILITY_HIDDEN); + $course_hidden = ($course['visibility'] == COURSE_VISIBILITY_HIDDEN); - if ($course_hidden) { - continue; - } - - $user_registerd_in_course = CourseManager::is_user_subscribed_in_course($user_id, $course['code']); - $user_registerd_in_course_as_teacher = CourseManager::is_course_teacher($user_id, $course['code']); - $user_registerd_in_course_as_student = ($user_registerd_in_course && !$user_registerd_in_course_as_teacher); - $course_public = ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD); - $course_open = ($course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM); - $course_private = ($course['visibility'] == COURSE_VISIBILITY_REGISTERED); - $course_closed = ($course['visibility'] == COURSE_VISIBILITY_CLOSED); - $course_subscribe_allowed = ($course['subscribe'] == 1); - $course_unsubscribe_allowed = ($course['unsubscribe'] == 1); - $count_connections = $course['count_connections']; - $creation_date = substr($course['creation_date'],0,10); - - $icon_title = null; - - // display the course bloc - echo '

'; - - // display thumbnail - display_thumbnail($course, $icon_title); - - // display course title and button bloc - echo '
'; - display_title($course); - // display button line - echo '
'; - // if user registered as student - if ($user_registerd_in_course_as_student) { - if (!$course_closed) { - display_description_button($course, $icon_title); - display_goto_button($course); - if ($course_unsubscribe_allowed) { - display_unregister_button($course, $stok, $search_term, $code); + if ($course_hidden) { + continue; } - display_already_registered_label('student'); - } - } elseif ($user_registerd_in_course_as_teacher) { - // if user registered as teacher - display_description_button($course, $icon_title); - display_goto_button($course); - if ($course_unsubscribe_allowed) { - display_unregister_button($course, $stok, $search_term, $code); - } - display_already_registered_label('teacher'); - } else { - // if user not registered in the course - if (!$course_closed) { - display_description_button($course, $icon_title); - if (!$course_private) { + + $user_registerd_in_course = CourseManager::is_user_subscribed_in_course($user_id, $course['code']); + $user_registerd_in_course_as_teacher = CourseManager::is_course_teacher($user_id, $course['code']); + $user_registerd_in_course_as_student = ($user_registerd_in_course && !$user_registerd_in_course_as_teacher); + $course_public = ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD); + $course_open = ($course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM); + $course_private = ($course['visibility'] == COURSE_VISIBILITY_REGISTERED); + $course_closed = ($course['visibility'] == COURSE_VISIBILITY_CLOSED); + $course_subscribe_allowed = ($course['subscribe'] == 1); + $course_unsubscribe_allowed = ($course['unsubscribe'] == 1); + $count_connections = $course['count_connections']; + $creation_date = substr($course['creation_date'],0,10); + + $icon_title = null; + + // display the course bloc + echo '
'; + + // display thumbnail + display_thumbnail($course, $icon_title); + + // display course title and button bloc + echo '
'; + display_title($course); + // display button line + echo '
'; + // if user registered as student + if ($user_registerd_in_course_as_student) { + if (!$course_closed) { + display_description_button($course, $icon_title); + display_goto_button($course); + if ($course_unsubscribe_allowed) { + display_unregister_button($course, $stok, $search_term, $code); + } + display_already_registered_label('student'); + } + } elseif ($user_registerd_in_course_as_teacher) { + // if user registered as teacher + display_description_button($course, $icon_title); display_goto_button($course); - if ($course_subscribe_allowed) { - display_register_button($course, $stok, $code, $search_term); + if ($course_unsubscribe_allowed) { + display_unregister_button($course, $stok, $search_term, $code); + } + display_already_registered_label('teacher'); + } else { + // if user not registered in the course + if (!$course_closed) { + display_description_button($course, $icon_title); + if (!$course_private) { + display_goto_button($course); + if ($course_subscribe_allowed) { + display_register_button($course, $stok, $code, $search_term); + } + } } } - } - } - echo '
'; // btn-toolbar - echo '
'; // span4 + echo '
'; // btn-toolbar + echo '
'; // span4 - // display counter - echo '
'; - echo '
'.get_lang('ConnectionsLastMonth').'
'.$count_connections.'
'; - echo '
'; + // display counter + echo '
'; + echo '
'.get_lang('ConnectionsLastMonth').'
'.$count_connections.'
'; + echo '
'; - // end of course bloc - echo '
'; // well_border row + // end of course bloc + echo '
'; // well_border row - } - } else { - if (!isset($_REQUEST['subscribe_user_with_password']) && !isset($_REQUEST['subscribe_course'])) { - Display::display_warning_message(get_lang('ThereAreNoCoursesInThisCategory')); - } - } ?> - - + + + ?> +
- Date: Thu, 15 Jan 2015 13:29:36 +0100 Subject: [PATCH 035/105] Minor - format code. --- main/gradebook/lib/be/abstractlink.class.php | 22 ++++++++++---- main/gradebook/lib/be/category.class.php | 3 ++ main/gradebook/lib/fe/linkform.class.php | 32 +++++++++++++++----- main/inc/lib/pear/HTML/QuickForm.php | 2 +- 4 files changed, 45 insertions(+), 14 deletions(-) diff --git a/main/gradebook/lib/be/abstractlink.class.php b/main/gradebook/lib/be/abstractlink.class.php index 915aebf847..9258c0e01e 100755 --- a/main/gradebook/lib/be/abstractlink.class.php +++ b/main/gradebook/lib/be/abstractlink.class.php @@ -106,7 +106,10 @@ abstract class AbstractLink implements GradebookItem $this->user_id = $user_id; } - public function set_course_code ($course_code) + /** + * @param string $course_code + */ + public function set_course_code($course_code) { $this->course_code = $course_code; $course_info = api_get_course_info($course_code); @@ -263,8 +266,15 @@ abstract class AbstractLink implements GradebookItem public function add() { $this->add_linked_data(); - if (isset($this->type) && isset($this->ref_id) && isset($this->user_id) && isset($this->course_code) && isset($this->category) && isset($this->weight) && isset($this->visible)) { - $tbl_grade_links = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK); + if (isset($this->type) && + isset($this->ref_id) && + isset($this->user_id) && + isset($this->course_code) && + isset($this->category) && + isset($this->weight) && + isset($this->visible) + ) { + $tbl_grade_links = Database:: get_main_table(TABLE_MAIN_GRADEBOOK_LINK); $sql = "SELECT count(*) FROM ".$tbl_grade_links." WHERE ref_id=".$this->get_ref_id()." AND @@ -275,7 +285,7 @@ abstract class AbstractLink implements GradebookItem $result = Database::query($sql); $row_testing = Database::fetch_array($result); - if ($row_testing[0]==0) { + if ($row_testing[0] == 0) { $sql = 'INSERT INTO '.$tbl_grade_links.' (type, ref_id, user_id, course_code, category_id, weight, visible, created_at) VALUES (' .intval($this->get_type()) .','.intval($this->get_ref_id()) @@ -501,14 +511,14 @@ abstract class AbstractLink implements GradebookItem { } - public function get_view_url ($stud_id) + public function get_view_url($stud_id) { return null; } /** * Locks a link - * @param int locked 1 or unlocked 0 + * @param int $locked 1 or unlocked 0 * * */ public function lock($locked) diff --git a/main/gradebook/lib/be/category.class.php b/main/gradebook/lib/be/category.class.php index bd9242c737..20c2e54670 100755 --- a/main/gradebook/lib/be/category.class.php +++ b/main/gradebook/lib/be/category.class.php @@ -58,6 +58,9 @@ class Category implements GradebookItem } } + /** + * @return string + */ public function get_course_code() { return $this->course_code; diff --git a/main/gradebook/lib/fe/linkform.class.php b/main/gradebook/lib/fe/linkform.class.php index 0a27ac2ed3..3f302c1276 100755 --- a/main/gradebook/lib/fe/linkform.class.php +++ b/main/gradebook/lib/fe/linkform.class.php @@ -17,7 +17,7 @@ class LinkForm extends FormValidator { const TYPE_CREATE = 1; const TYPE_MOVE = 2; - + /** @var Category */ private $category_object; private $link_object; private $extra; @@ -30,15 +30,25 @@ class LinkForm extends FormValidator * @param method * @param action */ - function LinkForm($form_type, $category_object,$link_object, $form_name, $method = 'post', $action = null, $extra = null) - { + public function LinkForm( + $form_type, + $category_object, + $link_object, + $form_name, + $method = 'post', + $action = null, + $extra = null + ) { parent :: __construct($form_name, $method, $action); if (isset ($category_object)) { $this->category_object = $category_object; - } if (isset ($link_object)) { - $this->link_object = $link_object; + } else { + if (isset($link_object)) { + $this->link_object = $link_object; + } } + if (isset ($extra)) { $this->extra = $extra; } @@ -47,7 +57,6 @@ class LinkForm extends FormValidator } elseif ($form_type == self :: TYPE_MOVE) { $this->build_move(); } - //$this->setDefaults(); } protected function build_move() @@ -68,10 +77,19 @@ class LinkForm extends FormValidator $this->addElement('submit', null, get_lang('Ok')); } + /** + * Builds the form + */ protected function build_create() { $this->addElement('header', get_lang('MakeLink')); - $select = $this->addElement('select', 'select_link', get_lang('ChooseLink'), null, array('onchange' => 'document.create_link.submit()')); + $select = $this->addElement( + 'select', + 'select_link', + get_lang('ChooseLink'), + null, + array('onchange' => 'document.create_link.submit()') + ); $linkTypes = LinkFactory::get_all_types(); diff --git a/main/inc/lib/pear/HTML/QuickForm.php b/main/inc/lib/pear/HTML/QuickForm.php index b4bb66a6da..911142dda4 100755 --- a/main/inc/lib/pear/HTML/QuickForm.php +++ b/main/inc/lib/pear/HTML/QuickForm.php @@ -644,7 +644,7 @@ class HTML_QuickForm extends HTML_Common * * @param mixed $element element object or type of element to add (text, textarea, file...) * @since 1.0 - * @return HTML_QuickForm_Element a reference to newly added element + * @return HTML_QuickForm_element a reference to newly added element * @access public * @throws HTML_QuickForm_Error */ From a4a4118afbeeea1c20b9c5cedf776b7a07ab7832 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Thu, 15 Jan 2015 13:29:54 +0100 Subject: [PATCH 036/105] Fixes gradebook form link. --- main/gradebook/gradebook_add_link.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/main/gradebook/gradebook_add_link.php b/main/gradebook/gradebook_add_link.php index 3e82119bec..66d370b132 100755 --- a/main/gradebook/gradebook_add_link.php +++ b/main/gradebook/gradebook_add_link.php @@ -1,5 +1,6 @@ validate() && isset($_GET['newtypeselected'])) { // reload page, this time with a parameter indicating the selected type header('Location: '.api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']) .'&typeselected='.$typeform->exportValue('select_link') - .'&course_code='.Security::remove_XSS($_GET['course_code'])).'&'.api_get_cidreq(); + .'&course_code='.Security::remove_XSS($_GET['course_code']).'&'.api_get_cidreq() + ); exit; } From 94ff182d7f46739afa9dfcb06b2a92d8b23f2efe Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Thu, 15 Jan 2015 13:58:07 +0100 Subject: [PATCH 037/105] Deprecating get_statistic_table in favour of get_main_table --- main/inc/lib/database.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/inc/lib/database.lib.php b/main/inc/lib/database.lib.php index 990fbf6632..758884f6d4 100755 --- a/main/inc/lib/database.lib.php +++ b/main/inc/lib/database.lib.php @@ -182,7 +182,7 @@ class Database * statistic table of which you pass the short name as a parameter. * Please, define table names as constants in this library and use them * instead of directly using magic words in your tool code. - * + * @deprecated use get_main_table * @param string $short_table_name, the name of the table */ public static function get_statistic_table($short_table_name) From c303f2392ddcf944e3c8afa62fd6db4e5dc5eea9 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Thu, 15 Jan 2015 13:59:13 +0100 Subject: [PATCH 038/105] Adds id_session in gradebook links. --- main/gradebook/gradebook_edit_cat.php | 13 +++--- main/gradebook/gradebook_edit_link.php | 40 ++++++++++++++----- main/gradebook/lib/be/evaluation.class.php | 31 +++++++++++++- main/gradebook/lib/fe/displaygradebook.php | 8 ++-- .../gradebook/lib/fe/gradebooktable.class.php | 13 +++--- .../gradebook/lib/gradebook_functions.inc.php | 36 ++++++++++------- 6 files changed, 99 insertions(+), 42 deletions(-) diff --git a/main/gradebook/gradebook_edit_cat.php b/main/gradebook/gradebook_edit_cat.php index ac92a2114a..af163695fe 100755 --- a/main/gradebook/gradebook_edit_cat.php +++ b/main/gradebook/gradebook_edit_cat.php @@ -21,7 +21,7 @@ $edit_cat = isset($_REQUEST['editcat']) ? intval($_REQUEST['editcat']) : ''; $htmlHeadXtra[] = ''; $htmlHeadXtra[] = ''; -$htmlHeadXtra[] = ''; function get_courses_list_by_user_id_based_in_exercises($user_id) { $TABLETRACK_EXERCICES = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES); $user_id = intval($user_id); - //$sql = "SELECT DISTINCT exe_user_id, exe_cours_id as code, session_id as id_session FROM $TABLETRACK_EXERCICES WHERE exe_user_id = $user_id GROUP BY exe_user_id, exe_cours_id ORDER by exe_user_id, exe_cours_id ASC"; + //$sql = "SELECT DISTINCT exe_user_id, exe_cours_id as code, session_id as id_session FROM $TABLETRACK_EXERCICES WHERE exe_user_id = $user_id GROUP BY exe_user_id, exe_cours_id ORDER by exe_user_id, exe_cours_id ASC"; $sql = "SELECT DISTINCT exe_user_id, exe_cours_id as code, session_id as id_session FROM $TABLETRACK_EXERCICES WHERE exe_user_id = $user_id ORDER by exe_user_id, exe_cours_id ASC"; - + $res = Database::query($sql); $course_list = array(); while($row = Database::fetch_array($res,'ASSOC')) { - $course_list []= $row; + $course_list []= $row; } - return $course_list; + return $course_list; } @@ -624,13 +619,13 @@ $navigation = "$begin - $end / $count
"; if ($page > 1) { $navigation .=''.get_lang('Previous').''; } else { - $navigation .= get_lang('Previous'); + $navigation .= get_lang('Previous'); } $navigation .= ' '; $page ++; if ($page < $nro_pages) $navigation .= ''.get_lang('Next').''; -else +else $navigation .= get_lang('Next'); echo $navigation; @@ -639,7 +634,7 @@ $session_list = SessionManager::get_sessions_list(array(),array('name')); $options = ''; $options .= ''; foreach ($session_list as $session_data) { - $my_session_list[$session_data['id']] =$session_data['name']; + $my_session_list[$session_data['id']] =$session_data['name']; $options .= ''; } @@ -647,87 +642,94 @@ $combinations = array(); if (!empty($user_list)) { foreach ($user_list as $user) { - $user_id = $user['user_id']; - //if ($user_id != 78 ) continue; $name = $user['firstname'].' '.$user['lastname']; - $course_list_registered = CourseManager::get_courses_list_by_user_id($user_id, true, false); - + $course_list_registered = CourseManager::get_courses_list_by_user_id( + $user_id, + true, + false + ); + $new_course_list = array(); foreach ($course_list_registered as $course_reg) { if (empty($course_reg['id_session'])) { - $course_reg['id_session'] = 0; + $course_reg['id_session'] = 0; } - $new_course_list[] = $course_reg['code'].'_'.$course_reg['id_session']; + $new_course_list[] = $course_reg['code'].'_'.$course_reg['id_session']; } - + $course_list = get_courses_list_by_user_id_based_in_exercises($user_id); - + if (is_array($course_list) && !empty($course_list)) { foreach ($course_list as $my_course) { $key = $my_course['code'].'_'.$my_course['id_session']; - if(!in_array($key,$new_course_list)) { + + if (!in_array($key, $new_course_list)) { $my_course['not_registered'] = 1; - $course_list_registered[] = $my_course; - } + $course_list_registered[] = $my_course; + } } } + foreach ($course_list_registered as & $course) { + $courseInfo = api_get_course_info($course['code']); + $course['name'] = $courseInfo['name']; + } + $course_list = $course_list_registered; - - echo '
'; + + echo '
'; echo ''; - echo ''; - echo ''; - echo ''; - + echo ''; + echo ''; + echo ''; + if (!empty($course_list)) { - echo ''; - - foreach ($course_list as $course) { + echo ''; + foreach ($course_list as $course) { echo ''; + echo ''; } echo ''; echo ''; - + foreach ($course_list as $course) { $course_code = $course['code']; if (empty($course['id_session'])) { - $session_id = 0; + $session_id = 0; } else { - $session_id = $course['id_session']; + $session_id = $course['id_session']; } echo ''; } echo ''; } else { echo ''; - + } echo '
'; - echo "

$name #$user_id

"; - echo '
'; + echo "

$name #$user_id

"; + echo '
'; if (isset($course['id_session']) && !empty($course['id_session'])) { - echo ''.get_lang('SessionName').' '.$my_session_list[$course['id_session']].'
'; + echo ''.get_lang('SessionName').' '.$my_session_list[$course['id_session']].'
'; } - echo $course['title']; + echo $course['name']; echo ' ('.$course['code'].') '; if (isset($course['not_registered']) && !empty($course['not_registered'])) { - echo ' '.get_lang('UserNotRegistered').''; + echo ' '.get_lang('UserNotRegistered').''; } - echo '
'; echo get_lang('MoveTo'); echo '
'; $unique_id = uniqid(); $combinations[$unique_id] = array('course_code' =>$course_code, 'session_id'=>$session_id); - + echo ''; - echo '
'; - echo ''; - echo ''; - echo '
'; + echo '
'; + echo ''; + echo ''; + echo '
'; echo '
'; - echo get_lang('NoCoursesForThisUser'); + echo get_lang('NoCoursesForThisUser'); echo '
'; echo '
'; @@ -735,5 +737,3 @@ if (!empty($user_list)) { } echo $navigation; $_SESSION['combination'] = $combinations; - - diff --git a/main/inc/lib/course.lib.php b/main/inc/lib/course.lib.php index 9e2558074a..acded9439b 100755 --- a/main/inc/lib/course.lib.php +++ b/main/inc/lib/course.lib.php @@ -1379,7 +1379,7 @@ class CourseManager $session_id = intval($session_id); $course_code = Database::escape_string($course_code); $where = array(); - + if (empty($order_by)) { $order_by = 'user.lastname, user.firstname'; if (api_is_western_name_order()) { @@ -2643,12 +2643,13 @@ class CourseManager /** * Get list of courses for a given user - * @param int user ID - * @param boolean Whether to include courses from session or not + * @param int $user_id + * @param boolean $include_sessions Whether to include courses from session or not * @return array List of codes and db names * @author isaac flores paz */ - public static function get_courses_list_by_user_id($user_id, $include_sessions = false) { + public static function get_courses_list_by_user_id($user_id, $include_sessions = false) + { $user_id = intval($user_id); $course_list = array(); $codes = array(); From 99e0d8b67db875f773f67f22ea202d710f191a29 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 16 Jan 2015 09:46:32 +0100 Subject: [PATCH 046/105] Minor - format code, adding intval, fixing queries. --- main/inc/lib/course.lib.php | 149 +++++++++++++++-------- main/inc/lib/sessionmanager.lib.php | 178 ++++++++++++++++------------ 2 files changed, 200 insertions(+), 127 deletions(-) diff --git a/main/inc/lib/course.lib.php b/main/inc/lib/course.lib.php index acded9439b..744be8a349 100755 --- a/main/inc/lib/course.lib.php +++ b/main/inc/lib/course.lib.php @@ -1917,6 +1917,13 @@ class CourseManager } } + /** + * @param int $session_id + * @param string $course_code + * @param string $separator + * @param bool $add_link_to_profile + * @return null|string + */ public static function get_coachs_from_course_to_string( $session_id = 0, $course_code = null, @@ -1943,6 +1950,11 @@ class CourseManager return $coaches_to_string; } + /** + * @param string $course_code + * @param int $session_id + * @return string + */ public static function get_coach_list_from_course_code_to_string($course_code, $session_id) { $tutor_data = ''; @@ -1960,11 +1972,13 @@ class CourseManager } /** - * Return user info array of all users registered in the specified course - * this includes the users of the course itsel and the users of all linked courses. + * Return user info array of all users registered in the specified course + * this includes the users of the course itself and the users of all linked courses. * - * @param array $course_info - * @return array with user info + * @param string $course_code + * @param bool $with_sessions + * @param int $session_id + * @return array with user info */ public static function get_real_and_linked_user_list($course_code, $with_sessions = true, $session_id = 0) { @@ -1991,14 +2005,14 @@ class CourseManager } /** - * Return an array of arrays, listing course info of all courses in the list - * linked to the real course $real_course_code, to which the user $user_id is subscribed. + * Return an array of arrays, listing course info of all courses in the list + * linked to the real course $real_course_code, to which the user $user_id is subscribed. * - * @param $user_id, the id (int) of the user - * @param $real_course_code, the id (char) of the real course + * @param $user_id, the id (int) of the user + * @param $real_course_code, the id (char) of the real course * - * @return array of course info arrays - * @deprecated virtual course feature is not supported + * @return array of course info arrays + * @deprecated virtual course feature is not supported */ public static function get_list_of_virtual_courses_for_specific_user_and_real_course($user_id, $course_code) { @@ -2027,9 +2041,9 @@ class CourseManager /** * Get the list of groups from the course - * @param string Course code - * @param int Session ID (optional) - * @param boolean get empty groups (optional) + * @param string $course_code + * @param int $session_id Session ID (optional) + * @param boolean $in_get_empty_group get empty groups (optional) * @return array List of groups info */ public static function get_group_list_of_course($course_code, $session_id = 0, $in_get_empty_group = 0) @@ -2482,10 +2496,12 @@ class CourseManager $course_found = true; $course_sort = $courses['sort']; if ($counter == 0) { - $sql = 'UPDATE '.$TABLECOURSUSER.' SET sort = sort+1 WHERE user_id= "'.$user_id.'" AND relation_type<>'.COURSE_RELATION_TYPE_RRHH.' AND user_course_cat="0" AND sort > "'.$course_sort.'"'; + $sql = 'UPDATE '.$TABLECOURSUSER.' SET sort = sort+1 + WHERE user_id= "'.$user_id.'" AND relation_type<>'.COURSE_RELATION_TYPE_RRHH.' AND user_course_cat="0" AND sort > "'.$course_sort.'"'; $course_sort++; } else { - $sql = 'UPDATE '.$TABLECOURSUSER.' SET sort = sort+1 WHERE user_id= "'.$user_id.'" AND relation_type<>'.COURSE_RELATION_TYPE_RRHH.' AND user_course_cat="0" AND sort >= "'.$course_sort.'"'; + $sql = 'UPDATE '.$TABLECOURSUSER.' SET sort = sort+1 + WHERE user_id= "'.$user_id.'" AND relation_type<>'.COURSE_RELATION_TYPE_RRHH.' AND user_course_cat="0" AND sort >= "'.$course_sort.'"'; } Database::query($sql); break; @@ -2610,7 +2626,11 @@ class CourseManager } } - public static function get_special_course_list() { + /** + * @return array + */ + public static function get_special_course_list() + { $tbl_course_field = Database :: get_main_table(TABLE_MAIN_COURSE_FIELD); $tbl_course_field_value = Database :: get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES); @@ -2713,6 +2733,7 @@ class CourseManager } } } + return $course_list; } @@ -2877,7 +2898,8 @@ class CourseManager } /** - * Update course attributes. Will only update attributes with a non-empty value. Note that you NEED to check that your attributes are valid before using this function + * Update course attributes. Will only update attributes with a non-empty value. + * Note that you NEED to check that your attributes are valid before using this function * * @param int Course id * @param array Associative array with field names as keys and field values as values @@ -3015,9 +3037,10 @@ class CourseManager $extra_fields = array(); while($rowcf = Database::fetch_array($res_field)) { $extra_field_id = $rowcf['id']; - $sql_field_value = "SELECT field_value FROM $tbl_course_field_value WHERE course_code = '$code' AND field_id = '$extra_field_id' "; - $res_field_value = Database::query($sql_field_value); - if(Database::num_rows($res_field_value) > 0 ) { + $sql = "SELECT field_value FROM $tbl_course_field_value + WHERE course_code = '$code' AND field_id = '$extra_field_id'"; + $res_field_value = Database::query($sql); + if (Database::num_rows($res_field_value) > 0 ) { $r_field_value = Database::fetch_row($res_field_value); $rowcf['extra_field_value'] = $r_field_value[0]; } @@ -3043,8 +3066,9 @@ class CourseManager if(!$row) { return null; } else { - $sql_field_value = "SELECT field_value FROM $tbl_course_field_value WHERE course_code = '$code' AND field_id = '{$row->id}';"; - $res_field_value = Database::query($sql_field_value); + $sql = "SELECT field_value FROM $tbl_course_field_value + WHERE course_code = '$code' AND field_id = '{$row->id}';"; + $res_field_value = Database::query($sql); $row_field_value = Database::fetch_object($res_field_value); if(!$row_field_value) { return null; @@ -3200,9 +3224,12 @@ class CourseManager //Deleting assigned courses to hrm_id if ($_configuration['multiple_access_urls']) { - $sql = "SELECT s.course_code FROM $tbl_course_rel_user s INNER JOIN $tbl_course_rel_access_url a ON (a.course_code = s.course_code) WHERE user_id = $hr_manager_id AND relation_type=".COURSE_RELATION_TYPE_RRHH." AND access_url_id = ".api_get_current_access_url_id().""; + $sql = "SELECT s.course_code FROM $tbl_course_rel_user s + INNER JOIN $tbl_course_rel_access_url a ON (a.course_code = s.course_code) + WHERE user_id = $hr_manager_id AND relation_type=".COURSE_RELATION_TYPE_RRHH." AND access_url_id = ".api_get_current_access_url_id().""; } else { - $sql = "SELECT course_code FROM $tbl_course_rel_user WHERE user_id = $hr_manager_id AND relation_type=".COURSE_RELATION_TYPE_RRHH." "; + $sql = "SELECT course_code FROM $tbl_course_rel_user + WHERE user_id = $hr_manager_id AND relation_type=".COURSE_RELATION_TYPE_RRHH." "; } $result = Database::query($sql); if (Database::num_rows($result) > 0) { @@ -3575,10 +3602,10 @@ class CourseManager public static function display_special_courses($user_id, $load_dirs = false) { $user_id = intval($user_id); - $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); - $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER); + $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); + $tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER); - $special_course_list = self::get_special_course_list(); + $special_course_list = self::get_special_course_list(); $with_special_courses = $without_special_courses = ''; if (!empty($special_course_list)) { @@ -3590,7 +3617,8 @@ class CourseManager $sql = "SELECT course.id, course.code, course.subscribe subscr, course.unsubscribe unsubscr, course_rel_user.status status, course_rel_user.sort sort, course_rel_user.user_course_cat user_course_cat, course_rel_user.user_id FROM $tbl_course course - LEFT JOIN $tbl_course_user course_rel_user ON course.code = course_rel_user.course_code AND course_rel_user.user_id = '$user_id' + LEFT JOIN $tbl_course_user course_rel_user + ON course.code = course_rel_user.course_code AND course_rel_user.user_id = '$user_id' WHERE $with_special_courses group by course.code"; $rs_special_course = Database::query($sql); @@ -3605,8 +3633,6 @@ class CourseManager } $params = array(); // Get notifications. - //$course['id_session'] = null; - //$course['status'] = $course['status']; $course_info['id_session'] = null; $course_info['status'] = $course['status']; @@ -3666,6 +3692,7 @@ class CourseManager } } } + return $html; } @@ -3704,6 +3731,7 @@ class CourseManager // Step 2: We display the course without a user category. $html .= self :: display_courses_in_category(0, $load_dirs); + return $html; } @@ -3718,10 +3746,10 @@ class CourseManager { $user_id = api_get_user_id(); // Table definitions - $TABLECOURS = Database :: get_main_table(TABLE_MAIN_COURSE); - $TABLECOURSUSER = Database :: get_main_table(TABLE_MAIN_COURSE_USER); + $TABLECOURS = Database :: get_main_table(TABLE_MAIN_COURSE); + $TABLECOURSUSER = Database :: get_main_table(TABLE_MAIN_COURSE_USER); $TABLE_ACCESS_URL_REL_COURSE = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE); - $current_url_id = api_get_current_access_url_id(); + $current_url_id = api_get_current_access_url_id(); // Get course list auto-register $special_course_list = self::get_special_course_list(); @@ -3764,7 +3792,6 @@ class CourseManager $html = ''; $course_list = array(); - $showCustomIcon = api_get_configuration_value('course_images_in_courses_list'); // Browse through all courses. @@ -3864,6 +3891,7 @@ class CourseManager } $html .= self::course_item_html($params, $is_subcontent); } + return $html; } @@ -3872,7 +3900,8 @@ class CourseManager * @author Patrick Cool , Ghent University * @return array containing all the titles of the user defined courses with the id as key of the array */ - function get_user_course_categories() { + public static function get_user_course_categories() + { global $_user; $output = array(); $table_category = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY); @@ -4190,7 +4219,8 @@ class CourseManager * if the course code doest not exist in the DB the same course code will be returned * @return string wanted unused code */ - public static function generate_nice_next_course_code($wanted_code) { + public static function generate_nice_next_course_code($wanted_code) + { require_once api_get_path(LIBRARY_PATH).'add_course.lib.inc.php'; $course_code_ok = !self::course_code_exists($wanted_code); if (!$course_code_ok) { @@ -4210,6 +4240,7 @@ class CourseManager } return false; } + return $wanted_code; } @@ -4261,6 +4292,7 @@ class CourseManager } return false; } + return false; } @@ -4307,11 +4339,10 @@ class CourseManager */ public static function get_user_course_vote($user_id, $course_id, $session_id = null, $url_id = null) { - $table_user_course_vote = Database::get_main_table(TABLE_MAIN_USER_REL_COURSE_VOTE); - - $session_id = !isset($session_id) ? api_get_session_id() : intval($session_id); - $url_id = empty($url_id) ? api_get_current_access_url_id() : intval($url_id); + $table_user_course_vote = Database::get_main_table(TABLE_MAIN_USER_REL_COURSE_VOTE); + $session_id = !isset($session_id) ? api_get_session_id() : intval($session_id); + $url_id = empty($url_id) ? api_get_current_access_url_id() : intval($url_id); $user_id = intval($user_id); if (empty($user_id)) { @@ -4325,7 +4356,14 @@ class CourseManager 'url_id' => $url_id ); - $result = Database::select('vote', $table_user_course_vote, array('where' => array('user_id = ? AND c_id = ? AND session_id = ? AND url_id = ?' => $params)), 'first'); + $result = Database::select( + 'vote', + $table_user_course_vote, + array('where' => array( + 'user_id = ? AND c_id = ? AND session_id = ? AND url_id = ?' => $params) + ), + 'first' + ); if (!empty($result)) { return $result['vote']; } @@ -4757,7 +4795,6 @@ class CourseManager return $row[0]; } - /** * Get available le courses count * @param int Access URL ID (optional) @@ -4797,6 +4834,7 @@ class CourseManager } $res = Database::query($sql); $row = Database::fetch_row($res); + return $row[0]; } @@ -4898,22 +4936,27 @@ class CourseManager // Delete only teacher relations that doesn't match the selected teachers $cond = null; if (count($teachers)>0) { - foreach($teachers as $key) { + foreach ($teachers as $key) { + $key = Database::escape_string($key); $cond.= " AND user_id <> '".$key."'"; } } - $sql = 'DELETE FROM '.$course_user_table.' WHERE course_code="'.Database::escape_string($course_code).'" AND status="1"'.$cond; + $sql = 'DELETE FROM '.$course_user_table.' + WHERE course_code="'.Database::escape_string($course_code).'" AND status="1"'.$cond; Database::query($sql); } if (count($teachers) > 0) { foreach ($teachers as $userId) { + $userId = intval($userId); // We check if the teacher is already subscribed in this course - $sql = 'SELECT 1 FROM '.$course_user_table.' WHERE user_id = "'.$userId.'" AND course_code = "'.$course_code.'" '; + $sql = 'SELECT 1 FROM '.$course_user_table.' + HERE user_id = "'.$userId.'" AND course_code = "'.$course_code.'" '; $result = Database::query($sql); if (Database::num_rows($result)) { - $sql = 'UPDATE '.$course_user_table.' SET status = "1" WHERE course_code = "'.$course_code.'" AND user_id = "'.$userId.'" '; + $sql = 'UPDATE '.$course_user_table.' SET status = "1" + WHERE course_code = "'.$course_code.'" AND user_id = "'.$userId.'" '; } else { $sql = "INSERT INTO ".$course_user_table . " SET course_code = '".Database::escape_string($course_code). "', @@ -5012,6 +5055,7 @@ class CourseManager $pluginCourseSettings ); } + return $courseSettings; } @@ -5060,7 +5104,8 @@ class CourseManager $courseSetting = Database::get_course_table(TABLE_COURSE_SETTING); $courseId = intval($courseId); $variable = Database::escape_string($variable); - $sql = "SELECT variable FROM $courseSetting WHERE c_id = $courseId AND variable = '$variable'"; + $sql = "SELECT variable FROM $courseSetting + WHERE c_id = $courseId AND variable = '$variable'"; $result = Database::query($sql); return Database::num_rows($result) > 0; } @@ -5114,8 +5159,8 @@ class CourseManager WHERE course_code = $courseCode AND session_id = $sessionId AND - login_course_date BETWEEN $startDate AND $endDate - "; + login_course_date BETWEEN '$startDate' AND '$endDate' + "; $result = Database::query($sql); @@ -5169,9 +5214,11 @@ class CourseManager FROM $forum f where f.c_id = %s and f.session_id = %s"; } - $sql_query = sprintf($sql, $courseId, $sessionId); - $result = Database::query($sql_query); + + $sql = sprintf($sql, intval($courseId), intval($sessionId)); + $result = Database::query($sql); $row = Database::fetch_array($result); + return $row['count']; } diff --git a/main/inc/lib/sessionmanager.lib.php b/main/inc/lib/sessionmanager.lib.php index 1348ef9be4..18300cf635 100755 --- a/main/inc/lib/sessionmanager.lib.php +++ b/main/inc/lib/sessionmanager.lib.php @@ -536,15 +536,18 @@ class SessionManager $tbl_user = Database::get_main_table(TABLE_MAIN_USER); $tbl_course = Database::get_main_table(TABLE_MAIN_COURSE); - $sql = "select count(*) as total_rows + $sessionId = intval($sessionId); + + $sql = "SELECT count(*) as total_rows FROM $tbl_lp_view v INNER JOIN $tbl_lp l ON l.id = v.lp_id INNER JOIN $tbl_user u ON u.user_id = v.user_id - INNER JOIN $tbl_course c"; - $sql .= ' WHERE v.session_id = ' . $sessionId; + INNER JOIN $tbl_course c + WHERE v.session_id = " . $sessionId; $result_rows = Database::query($sql); $row = Database::fetch_array($result_rows); $num = $row['total_rows']; + return $num; } @@ -569,7 +572,6 @@ class SessionManager $course = api_get_course_info_by_id($courseId); - //getting all the students of the course //we are not using this because it only returns user ids /* if (empty($sessionId) @@ -604,8 +606,8 @@ class SessionManager } $sql = "SELECT u.user_id, u.lastname, u.firstname, u.username, u.email, s.course_code - FROM $session_course_user s - INNER JOIN $user u ON u.user_id = s.id_user + FROM $session_course_user s + INNER JOIN $user u ON u.user_id = s.id_user $where $order $limit"; $sql_query = sprintf($sql, Database::escape_string($course['code']), $sessionId); @@ -903,19 +905,21 @@ class SessionManager //total if ($getAllSessions) { $sql = "SELECT count(w.id) as count - FROM $workTable w - LEFT JOIN $workTableAssignment a ON (a.publication_id = w.id AND a.c_id = w.c_id) - WHERE w.c_id = %s - AND parent_id = 0 - AND active IN (1, 0)"; + FROM $workTable w + LEFT JOIN $workTableAssignment a + ON (a.publication_id = w.id AND a.c_id = w.c_id) + WHERE w.c_id = %s + AND parent_id = 0 + AND active IN (1, 0)"; } else { $sql = "SELECT count(w.id) as count - FROM $workTable w - LEFT JOIN $workTableAssignment a ON (a.publication_id = w.id AND a.c_id = w.c_id) - WHERE w.c_id = %s - AND parent_id = 0 - AND active IN (1, 0) - AND session_id = %s"; + FROM $workTable w + LEFT JOIN $workTableAssignment a + ON (a.publication_id = w.id AND a.c_id = w.c_id) + WHERE w.c_id = %s + AND parent_id = 0 + AND active IN (1, 0) + AND session_id = %s"; } $sql_query = sprintf($sql, $course['real_id'], $sessionId); @@ -928,10 +932,10 @@ class SessionManager */ if ($getAllSessions) { $sql = "SELECT count(distinct page_id) as count FROM $wiki - WHERE c_id = %s"; + WHERE c_id = %s"; } else { $sql = "SELECT count(distinct page_id) as count FROM $wiki - WHERE c_id = %s and session_id = %s"; + WHERE c_id = %s and session_id = %s"; } $sql_query = sprintf($sql, $course['real_id'], $sessionId); $result = Database::query($sql_query); @@ -945,9 +949,12 @@ class SessionManager $survey_list = survey_manager::get_surveys($course['code'], $sessionId); $surveys_total = count($survey_list); - $survey_data = array(); foreach ($survey_list as $survey) { - $user_list = survey_manager::get_people_who_filled_survey($survey['survey_id'], false, $course['real_id']); + $user_list = survey_manager::get_people_who_filled_survey( + $survey['survey_id'], + false, + $course['real_id'] + ); foreach ($user_list as $user_id) { isset($survey_user_list[$user_id]) ? $survey_user_list[$user_id] ++ : $survey_user_list[$user_id] = 1; } @@ -966,11 +973,11 @@ class SessionManager foreach ($users as $user) { //Course description $sql = "SELECT count(*) as count - FROM $table_stats_access - WHERE access_tool = 'course_description' - AND access_cours_code = '%s' - AND access_session_id = %s - AND access_user_id = %s "; + FROM $table_stats_access + WHERE access_tool = 'course_description' + AND access_cours_code = '%s' + AND access_session_id = %s + AND access_user_id = %s "; $sql_query = sprintf($sql, $course['code'], $user['id_session'], $user['user_id']); $result = Database::query($sql_query); @@ -1003,7 +1010,6 @@ class SessionManager $assignments_progress = 0; } - //Wiki //total revisions per user $sql = "SELECT count(*) as count @@ -1015,12 +1021,12 @@ class SessionManager $wiki_revisions = $row['count']; //count visited wiki pages $sql = "SELECT count(distinct default_value) as count - FROM $table_stats_default - WHERE default_user_id = %s - AND default_cours_code = '%s' - AND default_event_type = 'wiki_page_view' - AND default_value_type = 'wiki_page_id' - AND c_id = %s"; + FROM $table_stats_default + WHERE default_user_id = %s + AND default_cours_code = '%s' + AND default_event_type = 'wiki_page_view' + AND default_value_type = 'wiki_page_id' + AND c_id = %s"; $sql_query = sprintf($sql, $user['user_id'], $course['code'], $course['real_id']); $result = Database::query($sql_query); $row = Database::fetch_array($result); @@ -1033,7 +1039,6 @@ class SessionManager $wiki_progress = 0; } - //Surveys $surveys_done = (isset($survey_user_list[$user['user_id']]) ? $survey_user_list[$user['user_id']] : 0); $surveys_left = $surveys_total - $surveys_done; @@ -1113,10 +1118,11 @@ class SessionManager 'surveys_progress' => sprintf($linkSurvey, $surveys_progress . '%'), ); } + return $table; } - function get_number_of_tracking_access_overview() + public static function get_number_of_tracking_access_overview() { // database table definition $track_e_course_access = Database :: get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS); @@ -1130,7 +1136,7 @@ class SessionManager * @author César Perales , Beeznest Team * @version Chamilo 1.9.6 */ - static function get_user_data_access_tracking_overview( + public static function get_user_data_access_tracking_overview( $sessionId, $courseId, $studentId = 0, @@ -1163,6 +1169,7 @@ class SessionManager $is_western_name_order = api_is_western_name_order(); } + $where = null; if (isset($sessionId) && !empty($sessionId)) { $where = sprintf(" WHERE a.session_id = %d", $sessionId); } @@ -1286,7 +1293,8 @@ class SessionManager if (!$session_name_ok) { $table = Database::get_main_table(TABLE_MAIN_SESSION); $session_name = Database::escape_string($session_name); - $sql = "SELECT count(*) as count FROM $table WHERE name LIKE '$session_name%'"; + $sql = "SELECT count(*) as count FROM $table + WHERE name LIKE '$session_name%'"; $result = Database::query($sql); if (Database::num_rows($result) > 0) { $row = Database::fetch_array($result); @@ -1513,8 +1521,9 @@ class SessionManager { $tbl_session = Database::get_main_table(TABLE_MAIN_SESSION); $id_promotion = intval($id_promotion); - $update_sql = "UPDATE $tbl_session SET promotion_id=0 WHERE promotion_id='$id_promotion'"; - if (Database::query($update_sql)) { + $sql = "UPDATE $tbl_session SET promotion_id=0 + WHERE promotion_id='$id_promotion'"; + if (Database::query($sql)) { return true; } else { return false; @@ -1783,18 +1792,19 @@ class SessionManager if ($updateTotal) { // Count users in this session-course relation - $sql = "SELECT COUNT(id_user) as nbUsers FROM $table - WHERE - id_session='$sessionId' AND - course_code='$courseCode' AND - status<>2"; + $sql = "SELECT COUNT(id_user) as nbUsers + FROM $table + WHERE + id_session='$sessionId' AND + course_code='$courseCode' AND + status<>2"; $result = Database::query($sql); list($userCount) = Database::fetch_array($result); // update the session-course relation to add the users total $sql = "UPDATE $tableSessionCourse SET - nbr_users = $userCount - WHERE id_session='$sessionId' AND course_code = '$courseCode'"; + nbr_users = $userCount + WHERE id_session='$sessionId' AND course_code = '$courseCode'"; Database::query($sql); } } @@ -2200,7 +2210,8 @@ class SessionManager $rowsf = Database::fetch_array($ressf); $tms = time(); - $sqlsfv = "SELECT * FROM $t_sfv WHERE session_id = '$session_id' AND field_id = '" . $rowsf['id'] . "' ORDER BY id"; + $sqlsfv = "SELECT * FROM $t_sfv + WHERE session_id = '$session_id' AND field_id = '" . $rowsf['id'] . "' ORDER BY id"; $ressfv = Database::query($sqlsfv); $n = Database::num_rows($ressfv); if ($n > 1) { @@ -2213,7 +2224,8 @@ class SessionManager } $rowsfv = Database::fetch_array($ressfv); if ($rowsfv['field_value'] != $fvalues) { - $sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = " . $rowsfv['id']; + $sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) + WHERE id = " . $rowsfv['id']; $resu = Database::query($sqlu); return($resu ? true : false); } @@ -2223,7 +2235,8 @@ class SessionManager //we need to update the current record $rowsfv = Database::fetch_array($ressfv); if ($rowsfv['field_value'] != $fvalues) { - $sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = " . $rowsfv['id']; + $sqlu = "UPDATE $t_sfv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) + WHERE id = " . $rowsfv['id']; //error_log('UM::update_extra_field_value: '.$sqlu); $resu = Database::query($sqlu); return($resu ? true : false); @@ -2231,10 +2244,9 @@ class SessionManager return true; } else { $sqli = "INSERT INTO $t_sfv (session_id,field_id,field_value,tms) " . - "VALUES ('$session_id'," . $rowsf['id'] . ",'$fvalues',FROM_UNIXTIME($tms))"; - //error_log('UM::update_extra_field_value: '.$sqli); + "VALUES ('$session_id'," . $rowsf['id'] . ",'$fvalues',FROM_UNIXTIME($tms))"; $resi = Database::query($sqli); - return($resi ? true : false); + return $resi ? true : false; } } else { return false; //field not found @@ -2561,7 +2573,9 @@ class SessionManager { $tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY); $id = api_get_current_access_url_id(); - $sql = 'SELECT * FROM ' . $tbl_session_category . ' WHERE access_url_id ="' . $id . '" ORDER BY name ASC'; + $sql = 'SELECT * FROM ' . $tbl_session_category . ' + WHERE access_url_id ="' . $id . '" + ORDER BY name ASC'; $result = Database::query($sql); if (Database::num_rows($result) > 0) { $data = Database::store_result($result, 'ASSOC'); @@ -2969,7 +2983,8 @@ class SessionManager // select the courses $sql = "SELECT * FROM $tbl_course c - INNER JOIN $tbl_session_rel_course src ON c.code = src.course_code + INNER JOIN $tbl_session_rel_course src + ON c.code = src.course_code WHERE src.id_session = '$session_id' "; if (!empty($course_name)) { @@ -3276,10 +3291,11 @@ class SessionManager $tbl_user = Database::get_main_table(TABLE_MAIN_USER); $sql = "SELECT session_rcru.status FROM $tbl_session_rel_course_rel_user session_rcru, $tbl_user user - WHERE session_rcru.id_user = user.user_id AND - session_rcru.id_session = '" . intval($session_id) . "' AND - session_rcru.course_code ='" . Database::escape_string($course_code) . "' AND - user.user_id = " . intval($user_id); + WHERE + session_rcru.id_user = user.user_id AND + session_rcru.id_session = '" . intval($session_id) . "' AND + session_rcru.course_code ='" . Database::escape_string($course_code) . "' AND + user.user_id = " . intval($user_id); $result = Database::query($sql); $status = false; @@ -3308,9 +3324,9 @@ class SessionManager $sql = "SELECT session_rcru.status FROM $tbl_session_rel_course_rel_user session_rcru, $tbl_user user WHERE session_rcru.id_user = user.user_id AND - session_rcru.id_session = '" . intval($session_id) . "' AND - session_rcru.course_code ='" . Database::escape_string($course_code) . "' AND - user.user_id = " . intval($user_id); + session_rcru.id_session = '" . intval($session_id) . "' AND + session_rcru.course_code ='" . Database::escape_string($course_code) . "' AND + user.user_id = " . intval($user_id); $result = Database::query($sql); $status = false; if (Database::num_rows($result)) { @@ -3572,7 +3588,8 @@ class SessionManager $table_session = Database::get_main_table(TABLE_MAIN_SESSION); $course_code = Database::escape_string($course_code); $sql = "SELECT name, s.id - FROM $table_session_course sc INNER JOIN $table_session s ON (sc.id_session = s.id) + FROM $table_session_course sc + INNER JOIN $table_session s ON (sc.id_session = s.id) WHERE sc.course_code = '$course_code' "; $result = Database::query($sql); return Database::store_result($result); @@ -4263,6 +4280,7 @@ class SessionManager ); } } + return array_to_string($list, CourseManager::USER_SEPARATOR); } @@ -4287,6 +4305,7 @@ class SessionManager $coaches[] = $row['id_user']; } } + return $coaches; } @@ -4924,7 +4943,12 @@ class SessionManager $sessionList[] = $sessionInfo['session_id']; } $userInfo = $data['user_info']; - self::suscribe_sessions_to_hr_manager($userInfo, $sessionList, $sendEmail, $removeOldRelationShips); + self::suscribe_sessions_to_hr_manager( + $userInfo, + $sessionList, + $sendEmail, + $removeOldRelationShips + ); } } } @@ -4970,6 +4994,7 @@ class SessionManager } } } + return $message; } @@ -5211,14 +5236,15 @@ class SessionManager * @param int $userId The user id * @return boolean Whether is subscribed */ - public static function isUserSusbcribedAsStudent($sessionId, $userId) { + public static function isUserSusbcribedAsStudent($sessionId, $userId) + { $sessionRelUserTable = Database::get_main_table(TABLE_MAIN_SESSION_USER); $sessionId = intval($sessionId); $userId = intval($userId); - $sql = "SELECT COUNT(1) AS qty FROM $sessionRelUserTable " - . "WHERE id_session = $sessionId AND id_user = $userId AND relation_type = 0"; + $sql = "SELECT COUNT(1) AS qty FROM $sessionRelUserTable + WHERE id_session = $sessionId AND id_user = $userId AND relation_type = 0"; $result = Database::fetch_assoc(Database::query($sql)); @@ -5239,9 +5265,6 @@ class SessionManager if ($sessionInfo['date_start'] == '0000-00-00' && $sessionInfo['date_end'] == '0000-00-00') { return get_lang('NoTimeLimits'); } else { - $startDate = ''; - $endDate = ''; - if ($sessionInfo['date_start'] != '0000-00-00') { $startDate = get_lang('From') . ' ' . api_format_date($sessionInfo['date_start'], DATE_FORMAT_LONG_NO_DAY); } else { @@ -5301,19 +5324,22 @@ class SessionManager * Check if the course belongs to the session * @param int $sessionId The session id * @param string $courseCode The course code + * + * @return bool */ - public static function sessionHasCourse($sessionId, $courseCode) { + public static function sessionHasCourse($sessionId, $courseCode) + { $sessionId = intval($sessionId); $courseCode = Database::escape_string($courseCode); - $courseTablee = Database::get_main_table(TABLE_MAIN_COURSE); + $courseTable = Database::get_main_table(TABLE_MAIN_COURSE); $sessionRelCourseTable = Database::get_main_table(TABLE_MAIN_SESSION_COURSE); - $sql = "SELECT COUNT(1) AS qty FROM $courseTablee c " - . "INNER JOIN $sessionRelCourseTable src " - . "ON c.code = src.course_code " - . "WHERE src.id_session = $sessionId " - . "AND c.code = '$courseCode'"; + $sql = "SELECT COUNT(1) AS qty FROM $courseTable c + INNER JOIN $sessionRelCourseTable src + ON c.code = src.course_code + WHERE src.id_session = $sessionId + AND c.code = '$courseCode' "; $result = Database::query($sql); From fc68d0046c97e32187978624b331baa8bf6a8d55 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 16 Jan 2015 13:26:02 +0100 Subject: [PATCH 047/105] Minor - format code. --- main/admin/settings.lib.php | 145 ++++++++++++----------- main/admin/settings.php | 229 +++++++++++++++++++++--------------- 2 files changed, 206 insertions(+), 168 deletions(-) diff --git a/main/admin/settings.lib.php b/main/admin/settings.lib.php index c2c977cb6c..307e4f9335 100755 --- a/main/admin/settings.lib.php +++ b/main/admin/settings.lib.php @@ -111,18 +111,18 @@ function handle_plugins() { $plugin_obj = new AppPlugin(); $token = Security::get_token(); - if (isset($_POST['submit_plugins'])) { + if (isset($_POST['submit_plugins'])) { store_plugins(); // Add event to the system log. $user_id = api_get_user_id(); $category = $_GET['category']; - event_system( - LOG_CONFIGURATION_SETTINGS_CHANGE, - LOG_CONFIGURATION_SETTINGS_CATEGORY, - $category, - api_get_utc_datetime(), - $user_id - ); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_CATEGORY, + $category, + api_get_utc_datetime(), + $user_id + ); Display :: display_confirmation_message(get_lang('SettingsStored')); } @@ -175,12 +175,12 @@ function handle_plugins() echo '
'; if (in_array($plugin, $installed_plugins)) { - echo Display::url(get_lang('Configure'), 'configure_plugin.php?name='.$plugin, array('class' => 'btn')); - echo Display::url(get_lang('Regions'), 'settings.php?category=Regions&name='.$plugin, array('class' => 'btn')); + echo Display::url(get_lang('Configure'), 'configure_plugin.php?name='.$plugin, array('class' => 'btn')); + echo Display::url(get_lang('Regions'), 'settings.php?category=Regions&name='.$plugin, array('class' => 'btn')); } if (file_exists(api_get_path(SYS_PLUGIN_PATH).$plugin.'/readme.txt')) { - echo Display::url("readme.txt", api_get_path(WEB_PLUGIN_PATH).$plugin."/readme.txt", array('class' => 'btn ajax', '_target' => '_blank')); + echo Display::url("readme.txt", api_get_path(WEB_PLUGIN_PATH).$plugin."/readme.txt", array('class' => 'btn ajax', '_target' => '_blank')); } echo '
'; echo ''; @@ -198,7 +198,7 @@ function handle_plugins() * This function allows the platform admin to choose the default stylesheet * @author Patrick Cool , Ghent University * @author Julio Montoya , Chamilo -*/ + */ function handle_stylesheets() { global $_configuration; @@ -219,7 +219,6 @@ function handle_stylesheets() } $form = new FormValidator('stylesheet_upload', 'post', 'settings.php?category=Stylesheets#tabs-2'); - //$form->addElement('header', get_lang('UploadNewStylesheet')); $form->addElement('text', 'name_stylesheet', get_lang('NameStylesheet'), array('size' => '40', 'maxlength' => '40')); $form->addRule('name_stylesheet', get_lang('ThisFieldIsRequired'), 'required'); $form->addElement('file', 'new_stylesheet', get_lang('UploadNewStylesheet')); @@ -256,7 +255,13 @@ function handle_stylesheets() // Add event to the system log. $user_id = api_get_user_id(); $category = $_GET['category']; - event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_CATEGORY, + $category, + api_get_utc_datetime(), + $user_id + ); if ($result) { Display::display_confirmation_message(get_lang('StylesheetAdded')); @@ -467,7 +472,7 @@ function upload_stylesheet($values, $picture) */ function store_regions() { - $plugin_obj = new AppPlugin(); + $plugin_obj = new AppPlugin(); // Get a list of all current 'Plugins' settings $installed_plugins = $plugin_obj->get_installed_plugins(); @@ -502,7 +507,7 @@ function store_regions() /** * This function allows easy activating and inactivating of plugins * @author Patrick Cool , Ghent University -*/ + */ function store_plugins() { $appPlugin = new AppPlugin(); @@ -533,7 +538,7 @@ function store_plugins() /** * This function allows the platform admin to choose which should be the default stylesheet * @author Patrick Cool , Ghent University -*/ + */ function store_stylesheets() { // Insert the stylesheet. @@ -613,7 +618,7 @@ function handle_search() $sf_values = array(); foreach ($specific_fields as $sf) { - $sf_values[$sf['code']] = $sf['name']; + $sf_values[$sf['code']] = $sf['name']; } $group = array(); $url = Display::div(Display::url(get_lang('AddSpecificSearchField'), 'specific_fields.php'), array('class'=>'sectioncomment')); @@ -970,34 +975,34 @@ function add_edit_template() { } $temp->send_image($upload_dir.$new_file_name); } - } - - // Store the information in the database (as insert or as update). - $table_system_template = Database :: get_main_table('system_template'); - if ($_GET['action'] == 'add') { - $content_template = '{CSS}'.Database::escape_string($values['template_text']).''; - $sql = "INSERT INTO $table_system_template (title, content, image) VALUES ('".Database::escape_string($values['title'])."','".$content_template."','".Database::escape_string($new_file_name)."')"; - Database::query($sql); - - // Display a feedback message. - Display::display_confirmation_message(get_lang('TemplateAdded')); - echo ''.Display::return_icon('new_template.png', get_lang('AddTemplate'),'',ICON_SIZE_MEDIUM).''; - } else { - $content_template = '{CSS}'.Database::escape_string($values['template_text']).''; - $sql = "UPDATE $table_system_template set title = '".Database::escape_string($values['title'])."', content = '".$content_template."'"; - if (!empty($new_file_name)) { - $sql .= ", image = '".Database::escape_string($new_file_name)."'"; - } - $sql .= " WHERE id = ".intval($_GET['id']).""; - Database::query($sql); - - // Display a feedback message. - Display::display_confirmation_message(get_lang('TemplateEdited')); - } + } + + // Store the information in the database (as insert or as update). + $table_system_template = Database :: get_main_table('system_template'); + if ($_GET['action'] == 'add') { + $content_template = '{CSS}'.Database::escape_string($values['template_text']).''; + $sql = "INSERT INTO $table_system_template (title, content, image) VALUES ('".Database::escape_string($values['title'])."','".$content_template."','".Database::escape_string($new_file_name)."')"; + Database::query($sql); + + // Display a feedback message. + Display::display_confirmation_message(get_lang('TemplateAdded')); + echo ''.Display::return_icon('new_template.png', get_lang('AddTemplate'),'',ICON_SIZE_MEDIUM).''; + } else { + $content_template = '{CSS}'.Database::escape_string($values['template_text']).''; + $sql = "UPDATE $table_system_template set title = '".Database::escape_string($values['title'])."', content = '".$content_template."'"; + if (!empty($new_file_name)) { + $sql .= ", image = '".Database::escape_string($new_file_name)."'"; + } + $sql .= " WHERE id = ".intval($_GET['id']).""; + Database::query($sql); + + // Display a feedback message. + Display::display_confirmation_message(get_lang('TemplateEdited')); + } } - Security::clear_token(); - display_templates(); + Security::clear_token(); + display_templates(); } else { @@ -1118,7 +1123,7 @@ function generate_settings_form($settings, $settings_by_access_list) { $i = 0; foreach ($settings as $row) { - if (in_array($row['variable'], array_keys($settings_to_avoid))) { continue; } + if (in_array($row['variable'], array_keys($settings_to_avoid))) { continue; } if (!empty($_configuration['multiple_access_urls'])) { if (api_is_global_platform_admin()) { @@ -1126,18 +1131,18 @@ function generate_settings_form($settings, $settings_by_access_list) { if ($url_id == 1) { if ($row['access_url_changeable'] == '1') { $form->addElement('html', ''); + Display::return_icon('shared_setting.png', get_lang('ChangeSharedSetting')).'
'); } else { $form->addElement('html', ''); + Display::return_icon('shared_setting_na.png', get_lang('ChangeSharedSetting')).''); } } else { if ($row['access_url_changeable'] == '1') { $form->addElement('html', '
'. - Display::return_icon('shared_setting.png', get_lang('ChangeSharedSetting')).'
'); + Display::return_icon('shared_setting.png', get_lang('ChangeSharedSetting')).''); } else { $form->addElement('html', '
'. - Display::return_icon('shared_setting_na.png', get_lang('ChangeSharedSetting')).'
'); + Display::return_icon('shared_setting_na.png', get_lang('ChangeSharedSetting')).''); } } } @@ -1216,25 +1221,25 @@ function generate_settings_form($settings, $settings_by_access_list) { break; case 'textarea': if ($row['variable'] == 'header_extra_content') { - $file = api_get_path(SYS_PATH).api_get_home_path().'header_extra_content.txt'; + $file = api_get_path(SYS_PATH).api_get_home_path().'header_extra_content.txt'; $value = ''; if (file_exists($file)) { $value = file_get_contents($file); } $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('class'=>'span6','rows'=>'10'), $hideme); - $default_values[$row['variable']] = $value; + $default_values[$row['variable']] = $value; } elseif ($row['variable'] == 'footer_extra_content') { - $file = api_get_path(SYS_PATH).api_get_home_path().'footer_extra_content.txt'; - $value = ''; - if (file_exists($file)) { - $value = file_get_contents($file); - } - $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('rows'=>'10', 'class'=>'span6'), $hideme); - $default_values[$row['variable']] = $value; - } else { - $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('rows'=>'10','class'=>'span6'), $hideme); - $default_values[$row['variable']] = $row['selected_value']; - } + $file = api_get_path(SYS_PATH).api_get_home_path().'footer_extra_content.txt'; + $value = ''; + if (file_exists($file)) { + $value = file_get_contents($file); + } + $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('rows'=>'10', 'class'=>'span6'), $hideme); + $default_values[$row['variable']] = $value; + } else { + $form->addElement('textarea', $row['variable'], array(get_lang($row['title']), get_lang($row['comment'])) , array('rows'=>'10','class'=>'span6'), $hideme); + $default_values[$row['variable']] = $row['selected_value']; + } break; case 'radio': $values = api_get_settings_options($row['variable']); @@ -1258,15 +1263,15 @@ function generate_settings_form($settings, $settings_by_access_list) { $result = Database::query($sql); $group = array (); while ($rowkeys = Database::fetch_array($result)) { - //if ($rowkeys['variable'] == 'course_create_active_tools' && $rowkeys['subkey'] == 'enable_search') { continue; } + //if ($rowkeys['variable'] == 'course_create_active_tools' && $rowkeys['subkey'] == 'enable_search') { continue; } - // Profile tab option should be hidden when the social tool is enabled. - if (api_get_setting('allow_social_tool') == 'true') { - if ($rowkeys['variable'] == 'show_tabs' && $rowkeys['subkey'] == 'my_profile') { continue; } - } + // Profile tab option should be hidden when the social tool is enabled. + if (api_get_setting('allow_social_tool') == 'true') { + if ($rowkeys['variable'] == 'show_tabs' && $rowkeys['subkey'] == 'my_profile') { continue; } + } - // Hiding the gradebook option. - if ($rowkeys['variable'] == 'show_tabs' && $rowkeys['subkey'] == 'my_gradebook') { continue; } + // Hiding the gradebook option. + if ($rowkeys['variable'] == 'show_tabs' && $rowkeys['subkey'] == 'my_gradebook') { continue; } $element = & $form->createElement('checkbox', $rowkeys['subkey'], '', get_lang($rowkeys['subkeytext'])); if ($row['access_url_changeable'] == 1) { @@ -1303,7 +1308,7 @@ function generate_settings_form($settings, $settings_by_access_list) { $default_values[$row['variable']] = $row['selected_value']; break; case 'custom': - break; + break; } switch ($row['variable']) { diff --git a/main/admin/settings.php b/main/admin/settings.php index e1c3719473..19428c4bf7 100755 --- a/main/admin/settings.php +++ b/main/admin/settings.php @@ -10,8 +10,6 @@ * @package chamilo.admin */ -/* INIT SECTION */ - // Language files that need to be included. if (isset($_GET['category']) && $_GET['category'] == 'Templates') { $language_file = array('admin', 'document'); @@ -45,7 +43,12 @@ $settings_to_avoid = array( 'example_material_course_creation' => 'true' // ON by default - now we have this option when we create a course ); -$convert_byte_to_mega_list = array('dropbox_max_filesize', 'message_max_upload_filesize', 'default_document_quotum', 'default_group_quotum'); +$convert_byte_to_mega_list = array( + 'dropbox_max_filesize', + 'message_max_upload_filesize', + 'default_document_quotum', + 'default_group_quotum' +); if (isset($_POST['style'])) { Display::$preview_style = $_POST['style']; @@ -68,8 +71,8 @@ if (isset($_GET['delete_watermark'])) { } if (isset($_GET['action']) && $_GET['action'] == 'delete_grading') { - $id = intval($_GET['id']); - api_delete_setting_option($id); + $id = intval($_GET['id']); + api_delete_setting_option($id); } $form_search = new FormValidator('search_settings', 'get', api_get_self() , null, array('class'=>'well form-inline')); @@ -119,11 +122,16 @@ function get_settings($category = null) { $settings = search_setting($_REQUEST['search_field']); } } - return array('settings' => $settings, 'settings_by_access_list' => $settings_by_access_list); + return array( + 'settings' => $settings, + 'settings_by_access_list' => $settings_by_access_list + ); } // Build the form. -if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', 'stylesheets', 'Search'))) { +if (!empty($_GET['category']) && + !in_array($_GET['category'], array('Plugins', 'stylesheets', 'Search')) +) { $my_category = isset($_GET['category']) ? $_GET['category'] : null; $settings_array = get_settings($my_category); $settings = $settings_array['settings']; @@ -139,11 +147,15 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' $un_mark_all = false; if (api_is_multiple_url_enabled()) { - if (isset($values['buttons_in_action_right']) && isset($values['buttons_in_action_right']['mark_all'])) { + if (isset($values['buttons_in_action_right']) && + isset($values['buttons_in_action_right']['mark_all']) + ) { $mark_all = true; } - if (isset($values['buttons_in_action_right']) && isset($values['buttons_in_action_right']['unmark_all'])) { + if (isset($values['buttons_in_action_right']) && + isset($values['buttons_in_action_right']['unmark_all']) + ) { $un_mark_all = true; } } @@ -174,7 +186,10 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' $settings_array = get_settings($my_category); $settings = $settings_array['settings']; $settings_by_access_list = $settings_array['settings_by_access_list']; - $form = generate_settings_form($settings, $settings_by_access_list); + $form = generate_settings_form( + $settings, + $settings_by_access_list + ); } } if (!empty($_FILES['pdf_export_watermark_path'])) { @@ -182,7 +197,10 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' } if (isset($pdf_export_watermark_path) && !empty($pdf_export_watermark_path['name'])) { - $pdf_export_watermark_path_result = PDF::upload_watermark($pdf_export_watermark_path['name'], $pdf_export_watermark_path['tmp_name']); + $pdf_export_watermark_path_result = PDF::upload_watermark( + $pdf_export_watermark_path['name'], + $pdf_export_watermark_path['tmp_name'] + ); if ($pdf_export_watermark_path_result) { $message['confirmation'][] = get_lang('UplUploadSucceeded'); } else { @@ -193,16 +211,15 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' // Set true for allow_message_tool variable if social tool is actived foreach ($convert_byte_to_mega_list as $item) { - if (isset($values[$item])) { - $values[$item] = round($values[$item]*1024*1024); - } - } + if (isset($values[$item])) { + $values[$item] = round($values[$item]*1024*1024); + } + } if (isset($values['allow_social_tool']) && $values['allow_social_tool'] == 'true') { $values['allow_message_tool'] = 'true'; } - // The first step is to set all the variables that have type=checkbox of the category // to false as the checkbox that is unchecked is not in the $_POST data and can // therefore not be set to false. @@ -225,96 +242,115 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', ' foreach ($settings as $item) { $key = $item['variable']; - if (in_array($key, $settings_to_avoid)) { continue; } - if ($key == 'search_field' or $key == 'submit_fixed_in_bottom') { continue; } + if (in_array($key, $settings_to_avoid)) { + continue; + } + if ($key == 'search_field' or $key == 'submit_fixed_in_bottom') { + continue; + } $key = Database::escape_string($key); - $sql = "UPDATE $table_settings_current SET selected_value = 'false' WHERE variable = '".$key."' AND access_url = ".intval($url_id)." AND type IN ('checkbox', 'radio') "; + $sql = "UPDATE $table_settings_current + SET selected_value = 'false' + WHERE variable = '".$key."' AND access_url = ".intval($url_id)." AND type IN ('checkbox', 'radio') "; $res = Database::query($sql); } - /*foreach($settings_to_avoid as $key => $value) { - api_set_setting($key, $value, null, null, $_configuration['access_url']); - }*/ - // Save the settings. $keys = array(); foreach ($values as $key => $value) { - if (strcmp($key,'MAX_FILE_SIZE')===0) { continue; } - if (in_array($key, $settings_to_avoid)) { continue; } + if (strcmp($key, 'MAX_FILE_SIZE') === 0) { + continue; + } + if (in_array($key, $settings_to_avoid)) { + continue; + } // Avoid form elements which have nothing to do with settings - if ($key == 'search_field' or $key == 'submit_fixed_in_bottom') { continue; } + if ($key == 'search_field' or $key == 'submit_fixed_in_bottom') { + continue; + } // Treat gradebook values in separate function. //if (strpos($key, 'gradebook_score_display_custom_values') === false) { - if (!is_array($value)) { - $old_value = api_get_setting($key); - switch ($key) { - case 'header_extra_content': - file_put_contents(api_get_path(SYS_PATH).api_get_home_path().'/header_extra_content.txt', $value); - $value = api_get_home_path().'/header_extra_content.txt'; - break; - case 'footer_extra_content': - file_put_contents(api_get_path(SYS_PATH).api_get_home_path().'/footer_extra_content.txt', $value); - $value = api_get_home_path().'/footer_extra_content.txt'; - break; - // URL validation for some settings. - case 'InstitutionUrl': - case 'course_validation_terms_and_conditions_url': - $value = trim(Security::remove_XSS($value)); - if ($value != '') { - // Here we accept absolute URLs only. - if (strpos($value, '://') === false) { - $value = 'http://'.$value; - } - if (!api_valid_url($value, true)) { - // If the new (non-empty) URL value is invalid, then the old URL value stays. - $value = $old_value; - } + if (!is_array($value)) { + $old_value = api_get_setting($key); + switch ($key) { + case 'header_extra_content': + file_put_contents(api_get_path(SYS_PATH).api_get_home_path().'/header_extra_content.txt', $value); + $value = api_get_home_path().'/header_extra_content.txt'; + break; + case 'footer_extra_content': + file_put_contents(api_get_path(SYS_PATH).api_get_home_path().'/footer_extra_content.txt', $value); + $value = api_get_home_path().'/footer_extra_content.txt'; + break; + // URL validation for some settings. + case 'InstitutionUrl': + case 'course_validation_terms_and_conditions_url': + $value = trim(Security::remove_XSS($value)); + if ($value != '') { + // Here we accept absolute URLs only. + if (strpos($value, '://') === false) { + $value = 'http://'.$value; } - // If the new URL value is empty, then it will be stored (i.e. the setting will be deleted). - break; - - // Validation against e-mail address for some settings. - case 'emailAdministrator': - $value = trim(Security::remove_XSS($value)); - if ($value != '' && !api_valid_email($value)) { - // If the new (non-empty) e-mail address is invalid, then the old e-mail address stays. - // If the new e-mail address is empty, then it will be stored (i.e. the setting will be deleted). + if (!api_valid_url($value, true)) { + // If the new (non-empty) URL value is invalid, then the old URL value stays. $value = $old_value; } - break; - } - if ($old_value != $value) $keys[] = $key; - $result = api_set_setting($key, $value, null, null, $url_id); - } else { - $sql = "SELECT subkey FROM $table_settings_current WHERE variable = '$key'"; - $res = Database::query($sql); - while ($row_subkeys = Database::fetch_array($res)) { - // If subkey is changed: - if ((isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'false') || - (!isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'true')) { - $keys[] = $key; - break; } + // If the new URL value is empty, then it will be stored (i.e. the setting will be deleted). + break; + + // Validation against e-mail address for some settings. + case 'emailAdministrator': + $value = trim(Security::remove_XSS($value)); + if ($value != '' && !api_valid_email($value)) { + // If the new (non-empty) e-mail address is invalid, then the old e-mail address stays. + // If the new e-mail address is empty, then it will be stored (i.e. the setting will be deleted). + $value = $old_value; + } + break; + } + if ($old_value != $value) $keys[] = $key; + $result = api_set_setting($key, $value, null, null, $url_id); + } else { + $sql = "SELECT subkey FROM $table_settings_current WHERE variable = '$key'"; + $res = Database::query($sql); + while ($row_subkeys = Database::fetch_array($res)) { + // If subkey is changed: + if ((isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'false') || + (!isset($value[$row_subkeys['subkey']]) && api_get_setting($key, $row_subkeys['subkey']) == 'true')) { + $keys[] = $key; + break; } - foreach ($value as $subkey => $subvalue) { - $result = api_set_setting($key, 'true', $subkey, null, $url_id); - } - } + foreach ($value as $subkey => $subvalue) { + $result = api_set_setting($key, 'true', $subkey, null, $url_id); + } + } } // Add event configuration settings category to the system log. $user_id = api_get_user_id(); $category = $_GET['category']; - event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_CATEGORY, + $category, + api_get_utc_datetime(), + $user_id + ); // Add event configuration settings variable to the system log. if (is_array($keys) && count($keys) > 0) { foreach ($keys as $variable) { if (in_array($key, $settings_to_avoid)) { continue; } - event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_VARIABLE, $variable, api_get_utc_datetime(), $user_id); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_VARIABLE, + $variable, + api_get_utc_datetime(), + $user_id + ); } } } @@ -401,7 +437,6 @@ $resultcategories[] = array('category' => 'CAS'); $resultcategories[] = array('category' => 'Shibboleth'); $resultcategories[] = array('category' => 'Facebook'); - foreach ($resultcategories as $row) { $url = array(); $url['url'] = api_get_self()."?category=".$row['category']; @@ -413,9 +448,7 @@ foreach ($resultcategories as $row) { } echo Display::actions($action_array); - echo '
'; - echo $form_search_html; if ($watermark_deleted) { @@ -461,23 +494,23 @@ if (!empty($_GET['category'])) { }); '; echo '
'; - echo ''; - - echo '
'; - handle_plugins(); - echo '
'; - - echo '
'; - DashboardManager::handle_dashboard_plugins(); - echo '
'; - - echo '
'; - handle_extensions(); - echo '
'; + echo ''; + + echo '
'; + handle_plugins(); + echo '
'; + + echo '
'; + DashboardManager::handle_dashboard_plugins(); + echo '
'; + + echo '
'; + handle_extensions(); + echo '
'; echo '
'; break; case 'Stylesheets': From 1f69c257302f4924a1262737192621cc7c9ff4a6 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 16 Jan 2015 13:27:05 +0100 Subject: [PATCH 048/105] Fixes double Database:escape_string --- main/admin/settings.lib.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/main/admin/settings.lib.php b/main/admin/settings.lib.php index 307e4f9335..770855fdf3 100755 --- a/main/admin/settings.lib.php +++ b/main/admin/settings.lib.php @@ -542,9 +542,14 @@ function store_plugins() function store_stylesheets() { // Insert the stylesheet. - $style = Database::escape_string($_POST['style']); - if (is_style($style)) { - api_set_setting('stylesheets', $style, null, 'stylesheets', api_get_current_access_url_id()); + if (is_style($_POST['style'])) { + api_set_setting( + 'stylesheets', + $_POST['style'], + null, + 'stylesheets', + api_get_current_access_url_id() + ); } return true; } From 306990009922a682f83ce4cbfc9a0cc63da3df49 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 16 Jan 2015 13:35:33 +0100 Subject: [PATCH 049/105] Fixes unneeded Database:escape_string + format code. --- main/admin/settings.php | 8 +- main/inc/lib/dashboard.lib.php | 154 ++++++++++++++++----------------- 2 files changed, 83 insertions(+), 79 deletions(-) diff --git a/main/admin/settings.php b/main/admin/settings.php index 19428c4bf7..fe7f7445b7 100755 --- a/main/admin/settings.php +++ b/main/admin/settings.php @@ -484,7 +484,13 @@ if (!empty($_GET['category'])) { // add event to system log $user_id = api_get_user_id(); $category = $_GET['category']; - event_system(LOG_CONFIGURATION_SETTINGS_CHANGE, LOG_CONFIGURATION_SETTINGS_CATEGORY, $category, api_get_utc_datetime(), $user_id); + event_system( + LOG_CONFIGURATION_SETTINGS_CHANGE, + LOG_CONFIGURATION_SETTINGS_CATEGORY, + $category, + api_get_utc_datetime(), + $user_id + ); Display :: display_confirmation_message(get_lang('DashboardPluginsHaveBeenUpdatedSucesslly')); } } diff --git a/main/inc/lib/dashboard.lib.php b/main/inc/lib/dashboard.lib.php index b8d01302e5..75818cba2b 100755 --- a/main/inc/lib/dashboard.lib.php +++ b/main/inc/lib/dashboard.lib.php @@ -19,24 +19,24 @@ class DashboardManager * contructor */ public function __construct() - { - } + { + } - /** + /** * This function allows easy activating and inactivating of dashboard plugins * @return void - */ + */ public static function handle_dashboard_plugins() - { - $token = Security::get_existing_token(); - $tokenCondition = '&sec_token='.$token; + { + $token = Security::get_existing_token(); + $tokenCondition = '&sec_token='.$token; /* We scan the plugin directory. Each folder is a potential plugin. */ $dashboard_pluginpath = api_get_path(SYS_PLUGIN_PATH).'dashboard/'; $possibleplugins = self::get_posible_dashboard_plugins_path(); $table_cols = array('name', 'version', 'description'); - echo Display::page_subheader(get_lang('DashboardPlugins')); + echo Display::page_subheader(get_lang('DashboardPlugins')); echo '
'; echo ''; echo ''; @@ -51,28 +51,30 @@ class DashboardManager // We display all the possible enabled or disabled plugins foreach ($possibleplugins as $testplugin) { $plugin_info_file = $dashboard_pluginpath.$testplugin."/$testplugin.info"; - $plugin_info = array(); if (file_exists($plugin_info_file) && is_readable($plugin_info_file)) { $plugin_info = parse_info_file($plugin_info_file); - // change index to lower case - $plugin_info = array_change_key_case($plugin_info); - - echo ''; - self::display_dashboard_plugin_checkboxes($testplugin); - for ($i = 0 ; $i < count($table_cols); $i++) { - if (isset($plugin_info[strtolower($table_cols[$i])])) { - echo ''; - } else { - echo ''; - } - } - echo ''; - } else { - echo Display::tag('tr', Display::tag('td', get_lang('CheckFilePermissions').' '.Security::remove_XSS($plugin_info_file) , array('colspan'=>'3'))); - } + // change index to lower case + $plugin_info = array_change_key_case($plugin_info); + + echo ''; + self::display_dashboard_plugin_checkboxes($testplugin); + for ($i = 0 ; $i < count($table_cols); $i++) { + if (isset($plugin_info[strtolower($table_cols[$i])])) { + echo ''; + } else { + echo ''; + } + } + echo ''; + } else { + echo Display::tag( + 'tr', + Display::tag('td', get_lang('CheckFilePermissions').' '.Security::remove_XSS($plugin_info_file) , array('colspan'=>'3')) + ); + } } // display all disabled block data @@ -84,17 +86,17 @@ class DashboardManager if (isset($disabled_block[strtolower($table_cols[$j])])) { if ($j == 2) { echo ''; + echo ''.$disabled_block[$table_cols[$j]].'
'; + echo ''.get_lang('ThisPluginHasbeenDeletedFromDashboardPluginDirectory').''; + echo ''; } else { echo ''; + echo ''.$disabled_block[$table_cols[$j]].''; + echo ''; } - } else { - echo ''; - } + } else { + echo ''; + } } echo ''; } @@ -113,9 +115,9 @@ class DashboardManager public static function display_dashboard_plugin_checkboxes($plugin_path) { $tbl_block = Database::get_main_table(TABLE_MAIN_BLOCK); - $plugin_path = Database::escape_string($plugin_path); - $sql = "SELECT * FROM $tbl_block WHERE path = '$plugin_path' AND active = 1"; + $sql = "SELECT * FROM $tbl_block + WHERE path = '".Database::escape_string($plugin_path)."' AND active = 1"; $rs = Database::query($sql); $checked = ''; @@ -124,18 +126,18 @@ class DashboardManager } echo ""; } /** - * This function allows easy activating and inactivating of plugins and save them inside db - * @param array dashboard plugin paths + * This function allows easy activating and inactivating + * of plugins and save them inside db + * @param array $plugin_paths dashboard plugin paths * return int affected rows - */ + */ public static function store_dashboard_plugins($plugin_paths) { - $tbl_block = Database :: get_main_table(TABLE_MAIN_BLOCK); $affected_rows = 0; @@ -145,8 +147,8 @@ class DashboardManager if (count($possibleplugins) > 0) { - $selected_plugins = array_intersect(array_keys($plugin_paths),$possibleplugins); - $not_selected_plugins = array_diff($possibleplugins,array_keys($plugin_paths)); + $selected_plugins = array_intersect(array_keys($plugin_paths), $possibleplugins); + $not_selected_plugins = array_diff($possibleplugins, array_keys($plugin_paths)); // get blocks id from not selected path $not_selected_blocks_id = array(); @@ -183,7 +185,6 @@ class DashboardManager // update extra user blocks data $upd_extra_field = self::store_user_blocks($user_id, $user_blocks_id, $columns); - } // clean from block data @@ -196,7 +197,6 @@ class DashboardManager } } - // store selected plugins foreach ($selected_plugins as $testplugin) { $selected_path = Database::escape_string($testplugin); @@ -254,18 +254,16 @@ class DashboardManager // get all plugins path inside plugin directory /* We scan the plugin directory. Each folder is a potential plugin. */ - $possibleplugins = array(); + $possiblePlugins = array(); $dashboard_pluginpath = api_get_path(SYS_PLUGIN_PATH).'dashboard/'; $handle = @opendir($dashboard_pluginpath); - while (false !== ($file = readdir($handle))) - { - if ($file <> '.' AND $file <> '..' AND is_dir($dashboard_pluginpath.$file)) - { - $possibleplugins[] = $file; + while (false !== ($file = readdir($handle))) { + if ($file <> '.' AND $file <> '..' AND is_dir($dashboard_pluginpath.$file)) { + $possiblePlugins[] = $file; } } @closedir($handle); - return $possibleplugins; + return $possiblePlugins; } /** @@ -284,9 +282,9 @@ class DashboardManager while ($row = Database::fetch_array($rs)) { $path = $row['path']; if (!in_array($row['path'],$possibleplugins)) { - $active = 0; + $active = 0; } else { - $active = 1; + $active = 1; } // update active $upd = "UPDATE $tbl_block SET active = '$active' WHERE path = '".$row['path']."'"; @@ -371,28 +369,28 @@ class DashboardManager $dashboard_plugin_path = api_get_path(SYS_PLUGIN_PATH).'dashboard/'.$path.'/'; require_once $dashboard_plugin_path.$filename_controller; if (class_exists($controller_class)) { - $obj_block = new $controller_class($user_id); - - // check if user is allowed to see the block - if (method_exists($obj_block, 'is_block_visible_for_user')) { - $is_block_visible_for_user = $obj_block->is_block_visible_for_user($user_id); - if (!$is_block_visible_for_user) continue; - } - - echo ''; - // checkboxes - self::display_user_dashboard_list_checkboxes($user_id, $block['id']); - echo ''; - echo ''; - echo ''; + // checkboxes + self::display_user_dashboard_list_checkboxes($user_id, $block['id']); + echo ''; + echo ''; + echo ''; - echo ''; + echo ''; } else { - echo Display::tag('tr', Display::tag('td', get_lang('Error').' '.$controller_class, array('colspan'=>'3'))); + echo Display::tag('tr', Display::tag('td', get_lang('Error').' '.$controller_class, array('colspan'=>'3'))); } } @@ -427,7 +425,7 @@ class DashboardManager } echo ""; } @@ -437,7 +435,7 @@ class DashboardManager * @param array selected blocks * @param array columns position * @return bool - */ + */ public static function store_user_blocks($user_id, $enabled_blocks, $columns) { $selected_blocks_id = array(); if (is_array($enabled_blocks) && count($enabled_blocks) > 0) { @@ -469,11 +467,11 @@ class DashboardManager $data = array(); foreach ($extra_user_data as $extra) { $split_extra = explode(':',$extra); - if (!empty($split_extra)) { - $block_id = $split_extra[0]; - $column = isset($split_extra[1]) ? $split_extra[1] : null; - $data[$block_id] = array('block_id' => $block_id, 'column' => $column); - } + if (!empty($split_extra)) { + $block_id = $split_extra[0]; + $column = isset($split_extra[1]) ? $split_extra[1] : null; + $data[$block_id] = array('block_id' => $block_id, 'column' => $column); + } } return $data; } From c87b69a8619c60d3f0a844c6034171a135d39915 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 16 Jan 2015 13:37:22 +0100 Subject: [PATCH 050/105] Disables query filter. See #7440 --- main/inc/lib/database.lib.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/main/inc/lib/database.lib.php b/main/inc/lib/database.lib.php index 758884f6d4..4e83ad3583 100755 --- a/main/inc/lib/database.lib.php +++ b/main/inc/lib/database.lib.php @@ -473,7 +473,7 @@ class Database // Fixes security problem when there's no "" or '' between a variable. // See #7440 for more info if ($addFix) { - $string = "__@$string@__"; + //$string = "__@$string@__"; } return get_magic_quotes_gpc() ? (self::use_default_connection($connection) @@ -748,7 +748,7 @@ class Database $connection = null; } - $query = self::fixQuery($query); + //$query = self::fixQuery($query); // Check if the table contains a c_ (means a course id) if (api_get_setting('server_type') === 'test' && strpos($query, 'c_')) { From e57d9a668f0f8824350e56be4ba6dca9e481b065 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Fri, 16 Jan 2015 16:32:53 +0100 Subject: [PATCH 051/105] Fixes category link now forcing the registration in itemproperty. See BT#9200 --- main/inc/lib/link.lib.php | 59 +++++++++----- main/link/link.php | 130 ++++++++++++++++-------------- main/newscorm/learnpath.class.php | 2 +- 3 files changed, 109 insertions(+), 82 deletions(-) diff --git a/main/inc/lib/link.lib.php b/main/inc/lib/link.lib.php index 91c76bf797..6356f30214 100755 --- a/main/inc/lib/link.lib.php +++ b/main/inc/lib/link.lib.php @@ -800,7 +800,8 @@ function makedefaultviewcode($locatie) */ function change_visibility_link($id, $scope) { - global $_course, $_user; + $_course = api_get_course_info(); + $_user = api_get_user_info(); if ($scope == TOOL_LINK) { api_item_property_update( $_course, @@ -837,6 +838,17 @@ function getLinkCategories($courseId, $sessionId) // Condition for the session. $sessionCondition = api_get_session_condition($sessionId, true, true); + // Getting links + $sql = "SELECT *, linkcat.id + FROM $tblLinkCategory linkcat + WHERE + linkcat.c_id = " . $courseId." + $sessionCondition + ORDER BY linkcat.display_order DESC"; + + $result = Database::query($sql); + $categories = Database::store_result($result); + $sql = "SELECT *, linkcat.id FROM $tblLinkCategory linkcat INNER JOIN $tblItemProperty itemproperties @@ -849,31 +861,34 @@ function getLinkCategories($courseId, $sessionId) itemproperties.c_id = " . $courseId . " ORDER BY linkcat.display_order DESC"; + $result = Database::query($sql); + + $categoryInItemProperty = array(); + if (Database::num_rows($result)) { + while ($row = Database::fetch_array($result, 'ASSOC')) { + $categoryInItemProperty[$row['id']] = $row; + } + } + + foreach ($categories as & $category) { + if (!isset($categoryInItemProperty[$category['id']])) { + api_set_default_visibility($category['id'], TOOL_LINK_CATEGORY); + } + } + $sql = "SELECT *, linkcat.id FROM $tblLinkCategory linkcat + INNER JOIN $tblItemProperty itemproperties + ON (linkcat.id = itemproperties.ref AND linkcat.c_id = itemproperties.c_id) WHERE - linkcat.c_id = " . $courseId." - $sessionCondition + itemproperties.tool = '" . TOOL_LINK_CATEGORY . "' AND + (itemproperties.visibility = '0' OR itemproperties.visibility = '1') + $sessionCondition AND + linkcat.c_id = " . $courseId . " AND + itemproperties.c_id = " . $courseId . " ORDER BY linkcat.display_order DESC"; - - return Database::query($sql); -} - -/** - * Get links categories in the current course and - * session - * @param int $courseId - * @param int $sessionId - * @return array - */ -function getLinkCategoriesResult($courseId, $sessionId) -{ - $result = getLinkCategories($courseId, $sessionId); - $list = array(); - if (Database::num_rows($result)) { - $list = Database::store_result($result, 'ASSOC'); - } - return $list; + $result = Database::query($sql); + return Database::store_result($result, 'ASSOC'); } /** diff --git a/main/link/link.php b/main/link/link.php index 53a1202965..f1967d9fd8 100755 --- a/main/link/link.php +++ b/main/link/link.php @@ -106,18 +106,17 @@ event_access_tool(TOOL_LINK); Display::display_header($nameTools, 'Links'); ?> - + '; - echo ''; - if (api_is_allowed_to_edit(null, true)) { - if ($session_id == $myrow['session_id']) { - echo ''; - } else { - echo ''; - echo '
'; - echo $plugin_info[$table_cols[$i]]; - echo '
'; + echo $plugin_info[$table_cols[$i]]; + echo '
'; - echo ''.$disabled_block[$table_cols[$j]].'
'; - echo ''.get_lang('ThisPluginHasbeenDeletedFromDashboardPluginDirectory').''; - echo '		'; - echo ''.$disabled_block[$table_cols[$j]].''; - echo '  
"; - echo ''; + echo ''; echo "
'.$block['name'].''.$block['description'].'
+ $obj_block = new $controller_class($user_id); + + // check if user is allowed to see the block + if (method_exists($obj_block, 'is_block_visible_for_user')) { + $is_block_visible_for_user = $obj_block->is_block_visible_for_user($user_id); + if (!$is_block_visible_for_user) continue; + } + + echo '
'.$block['name'].''.$block['description'].'
"; - echo ''; + echo ''; echo "
'; - echo ''; - echo '  '.Security::remove_XSS($myrow['category_title']).'
   '.$myrow['description']; - echo '		'; echo $strVisibility; showcategoryadmintools($myrow['id']); echo ''.get_lang('EditionNotAvailableFromSession'); - } - } - echo '
'; - echo showlinksofcategory($myrow['id']); + echo ''; + echo ''; + echo ''; + if (api_is_allowed_to_edit(null, true)) { + if ($session_id == $myrow['session_id']) { + echo ''; + } else { + echo ''; + echo '
'; + echo ''; + echo '  '.Security::remove_XSS($myrow['category_title']).'
   '.$myrow['description']; + echo '		'; echo $strVisibility; showcategoryadmintools($myrow['id']); echo ''.get_lang('EditionNotAvailableFromSession'); + } + } + echo '
'; + echo showlinksofcategory($myrow['id']); echo ''; } else { echo ''; - echo ''; - echo ''; - echo ''; - } - echo ''; - echo ''; - echo '
  '.Security::remove_XSS($myrow['category_title']).$session_img; - echo'
   '; - echo $myrow['description']; - if (api_is_allowed_to_edit(null, true)) { - echo '		'; echo $strVisibility; showcategoryadmintools($myrow['id']); echo '
'; + echo ''; + echo ''; + echo ''; + } + echo ''; + echo ''; + echo '
  '.Security::remove_XSS($myrow['category_title']).$session_img; + echo'
   '; + echo $myrow['description']; + if (api_is_allowed_to_edit(null, true)) { + echo '		'; echo $strVisibility; showcategoryadmintools($myrow['id']); echo '
'; echo ''; } - } else { // NO VISIBLES + } else { + // NO VISIBLE if (api_is_allowed_to_edit(null, true)) { if (isset($urlview[$i]) && $urlview[$i] == '1') { $newurlview = $urlview; diff --git a/main/newscorm/learnpath.class.php b/main/newscorm/learnpath.class.php index f15f8d66ab..50f058a41f 100755 --- a/main/newscorm/learnpath.class.php +++ b/main/newscorm/learnpath.class.php @@ -8499,7 +8499,7 @@ class learnpath $return .= ''; $course_info = api_get_course_info(); - $linkCategories = getLinkCategoriesResult($course_id, $session_id); + $linkCategories = getLinkCategories($course_id, $session_id); $categoryIdList = array(); if (!empty($linkCategories)) { foreach ($linkCategories as $categoryInfo) { From e637608c553c1041ae0c7f217d74f748f48bd789 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 09:47:01 +0100 Subject: [PATCH 052/105] Adds "Auto attendance" base in course login see BT#8814 --- main/attendance/attendance_controller.php | 55 ++++++++----- main/attendance/attendance_list.php | 4 +- main/attendance/index.php | 2 +- main/inc/lib/attendance.lib.php | 98 +++++++++++++++++++++-- main/tracking/courseLog.php | 43 +++++++--- 5 files changed, 164 insertions(+), 38 deletions(-) diff --git a/main/attendance/attendance_controller.php b/main/attendance/attendance_controller.php index 6e3479e67f..f528fac91a 100755 --- a/main/attendance/attendance_controller.php +++ b/main/attendance/attendance_controller.php @@ -544,33 +544,52 @@ class AttendanceController } /** - * Gets attendace base in the table: + * Gets attendance base in the table: * TABLE_STATISTIC_TRACK_E_COURSE_ACCESS + * @param bool $showForm * @throws ViewException */ - public function calendarLogins() + public function calendarLogins($showForm = false, $exportToPdf = true) { - $form = new FormValidator( - 'search', - 'post', - api_get_self().'?'.api_get_cidreq().'&action=calendar_logins' - ); - $form->addDateRangePicker('range', get_lang('Range')); - $form->add_button('submit', get_lang('submit')); $table = null; + $formToDisplay = null; + $startDate = null; + $endDate = null; + + $sessionId = api_get_session_id(); + if ($showForm) { + $form = new FormValidator( + 'search', + 'post', + api_get_self() . '?' . api_get_cidreq( + ) . '&action=calendar_logins' + ); + $form->addDateRangePicker('range', get_lang('Range')); + $form->add_button('submit', get_lang('submit')); + + if ($form->validate()) { + $values = $form->getSubmitValues(); + + $startDate = api_get_utc_datetime($values['range_start']); + $endDate = api_get_utc_datetime($values['range_end']); + } + $formToDisplay = $form->return_form(); + } else { + if (!empty($sessionId)) { + $sessionInfo = api_get_session_info($sessionId); + $startDate = $sessionInfo['date_start']; + $endDate = $sessionInfo['date_end']; + } + } - if ($form->validate()) { - $values = $form->getSubmitValues(); - - $startDate = api_get_utc_datetime($values['range_start']); - $endDate = api_get_utc_datetime($values['range_end']); + $attendance = new Attendance(); - $attendance = new Attendance(); - $table = $attendance->getAttendanceLogins($startDate, $endDate); + if ($exportToPdf) { + $attendance->exportAttendanceLogin($startDate, $endDate); } - + $table = $attendance->getAttendanceLoginTable($startDate, $endDate); $data = array( - 'form' => $form->return_form(), + 'form' => $formToDisplay, 'table' => $table ); $this->view->set_data($data); diff --git a/main/attendance/attendance_list.php b/main/attendance/attendance_list.php index 772b548abe..cc3d4ebd69 100755 --- a/main/attendance/attendance_list.php +++ b/main/attendance/attendance_list.php @@ -19,8 +19,8 @@ if (api_is_allowed_to_edit(null, true)) { echo ''. Display::return_icon('new_attendance_list.png',get_lang('CreateANewAttendance'),'',ICON_SIZE_MEDIUM).''; - echo ''. - Display::return_icon('attendance_list.png',get_lang('Logins'),'',ICON_SIZE_MEDIUM).''; + /*echo ''. + Display::return_icon('attendance_list.png',get_lang('Logins'),'',ICON_SIZE_MEDIUM).'';*/ echo ''; } diff --git a/main/attendance/index.php b/main/attendance/index.php index 94f2b69917..d5a70530e7 100755 --- a/main/attendance/index.php +++ b/main/attendance/index.php @@ -306,7 +306,7 @@ switch ($action) { break; case 'calendar_logins': if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->calendarLogins(); + $attendance_controller->calendarLogins(false, true); } break; default : diff --git a/main/inc/lib/attendance.lib.php b/main/inc/lib/attendance.lib.php index d09a875ec1..37fdbe486b 100755 --- a/main/inc/lib/attendance.lib.php +++ b/main/inc/lib/attendance.lib.php @@ -1464,22 +1464,22 @@ class Attendance return $this->date_time; } - public function get_name($name) + public function get_name() { return $this->name; } - public function get_description($description) + public function get_description() { return $this->description; } - public function get_attendance_qualify_title($attendance_qualify_title) + public function get_attendance_qualify_title() { return $this->attendance_qualify_title; } - public function get_attendance_weight($attendance_weight) + public function get_attendance_weight() { return $this->attendance_weight; } @@ -1490,8 +1490,14 @@ class Attendance * * @return string */ - public function getAttendanceLogins($startDate, $endDate) + public function getAttendanceLogin($startDate, $endDate) { + if (empty($startDate) || $startDate == '0000-00-00' || + empty($endDate)|| $endDate == '0000-00-00' + ) { + return false; + } + $sessionId = api_get_session_id(); $courseCode = api_get_course_id(); if (!empty($sessionId)) { @@ -1544,6 +1550,33 @@ class Attendance } } + return array( + 'users' => $users, + 'dateList' => $dateList, + 'headers' => $headers, + 'results' => $results + ); + } + + /** + * @param string $startDate in UTC time + * @param string $endDate in UTC time + * + * @return string + */ + public function getAttendanceLoginTable($startDate, $endDate) + { + $data = $this->getAttendanceLogin($startDate, $endDate); + + if (!$data) { + return null; + } + + $headers = $data['headers']; + $dateList = $data['dateList']; + $users = $data['users']; + $results = $data['results']; + $table = new HTML_Table(array('class' => 'data_table')); $row = 0; $column = 0; @@ -1580,4 +1613,59 @@ class Attendance return $table->toHtml(); } + + /** + * @param string $startDate in UTC time + * @param string $endDate in UTC time + * + * @return string + */ + public function exportAttendanceLogin($startDate, $endDate) + { + $data = $this->getAttendanceLogin($startDate, $endDate); + + if (!$data) { + return null; + } + $users = $data['users']; + $results = $data['results']; + + $table = new HTML_Table(array('class' => 'data_table')); + + $table->setHeaderContents(0, 0, get_lang('User')); + $table->setHeaderContents(0, 1, get_lang('Dates')); + + $row = 1; + foreach ($users as $user) { + $table->setCellContents( + $row, + 0, + $user['lastname'].' '.$user['firstname'].' ('.$user['username'].')' + ); + $row ++; + } + + $column = 1; + $results[15]['2010-04-11'] = true; + $results[15]['2010-04-13'] = true; + + foreach ($users as $user) { + if (isset($results[$user['user_id']]) && + !empty($results[$user['user_id']]) + ) { + $dates = implode(', ', array_keys($results[$user['user_id']])); + $table->setCellContents(1, $column, $dates); + } + $column++; + } + + $tableToString = $table->toHtml(); + $params = array( + 'filename' => get_lang('Attendance') . '_' . api_get_utc_datetime(), + 'pdf_title' => get_lang('Attendance'), + 'course_code' => api_get_course_id(), + ); + $pdf = new PDF('A4', null, $params); + $pdf->html_to_pdf_with_template($tableToString); + } } diff --git a/main/tracking/courseLog.php b/main/tracking/courseLog.php index 307200a45b..bb48059ad2 100755 --- a/main/tracking/courseLog.php +++ b/main/tracking/courseLog.php @@ -155,21 +155,23 @@ $htmlHeadXtra[] .= $js; // Database table definitions. //@todo remove this calls -$TABLETRACK_ACCESS = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LASTACCESS); -$TABLETRACK_LINKS = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LINKS); -$TABLETRACK_DOWNLOADS = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_DOWNLOADS); -$TABLETRACK_ACCESS_2 = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ACCESS); -$TABLETRACK_EXERCISES = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES); +$TABLETRACK_ACCESS = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LASTACCESS); +$TABLETRACK_LINKS = Database::get_main_table(TABLE_STATISTIC_TRACK_E_LINKS); +$TABLETRACK_DOWNLOADS = Database::get_main_table(TABLE_STATISTIC_TRACK_E_DOWNLOADS); +$TABLETRACK_ACCESS_2 = Database::get_main_table(TABLE_STATISTIC_TRACK_E_ACCESS); +$TABLETRACK_EXERCISES = Database::get_main_table(TABLE_STATISTIC_TRACK_E_EXERCICES); $TABLECOURSUSER = Database::get_main_table(TABLE_MAIN_COURSE_USER); $TABLECOURSE = Database::get_main_table(TABLE_MAIN_COURSE); $table_user = Database::get_main_table(TABLE_MAIN_USER); $TABLEQUIZ = Database::get_course_table(TABLE_QUIZ_TEST); +$sessionId = api_get_session_id(); + // Breadcrumbs. if (isset($_GET['origin']) && $_GET['origin'] == 'resume_session') { $interbreadcrumb[] = array('url' => '../admin/index.php','name' => get_lang('PlatformAdmin')); $interbreadcrumb[] = array('url' => '../admin/session_list.php','name' => get_lang('SessionList')); - $interbreadcrumb[] = array('url' => '../admin/resume_session.php?id_session='.api_get_session_id(), 'name' => get_lang('SessionOverview')); + $interbreadcrumb[] = array('url' => '../admin/resume_session.php?id_session='.$sessionId, 'name' => get_lang('SessionOverview')); } $view = isset($_REQUEST['view']) ? $_REQUEST['view'] : ''; @@ -189,7 +191,7 @@ if (empty($session_id)) { $a_students = CourseManager::get_student_list_from_course_code( api_get_course_id(), true, - api_get_session_id() + $sessionId ); } @@ -220,9 +222,26 @@ if (isset($_GET['additional_profile_field']) && echo '
'; echo Display::return_icon('user_na.png', get_lang('StudentsTracking'), array(), ICON_SIZE_MEDIUM); -echo Display::url(Display::return_icon('course.png', get_lang('CourseTracking'), array(), ICON_SIZE_MEDIUM), 'course_log_tools.php?'.api_get_cidreq()); -echo Display::url(Display::return_icon('tools.png', get_lang('ResourcesTracking'), array(), ICON_SIZE_MEDIUM), 'course_log_resources.php?'.api_get_cidreq()); -echo Display::url(Display::return_icon('quiz.png', get_lang('ExamTracking'), array(), ICON_SIZE_MEDIUM), api_get_path(WEB_CODE_PATH).'tracking/exams.php?'.api_get_cidreq()); +echo Display::url( + Display::return_icon('course.png', get_lang('CourseTracking'), array(), ICON_SIZE_MEDIUM), + 'course_log_tools.php?'.api_get_cidreq() +); + +echo Display::url( + Display::return_icon('tools.png', get_lang('ResourcesTracking'), array(), ICON_SIZE_MEDIUM), + 'course_log_resources.php?'.api_get_cidreq() +); +echo Display::url( + Display::return_icon('quiz.png', get_lang('ExamTracking'), array(), ICON_SIZE_MEDIUM), + api_get_path(WEB_CODE_PATH).'tracking/exams.php?'.api_get_cidreq() +); + +if (!empty($sessionId)) { + echo Display::url( + Display::return_icon('attendance_list.png', get_lang('Logins'), '', ICON_SIZE_MEDIUM), + api_get_path(WEB_CODE_PATH) . 'attendance/index.php?' . api_get_cidreq() . '&action=calendar_logins' + ); +} echo ''; echo ''. @@ -256,8 +275,8 @@ $form_search = new FormValidator( $renderer = $form_search->defaultRenderer(); $renderer->setElementTemplate('{element}'); $form_search->addElement('hidden', 'from', Security::remove_XSS($from)); -$form_search->addElement('hidden', 'session_id', api_get_session_id()); -$form_search->addElement('hidden', 'id_session', api_get_session_id()); +$form_search->addElement('hidden', 'session_id', $sessionId); +$form_search->addElement('hidden', 'id_session', $sessionId); $form_search->addElement('text', 'user_keyword'); $form_search->addElement('style_submit_button', 'submit', get_lang('SearchUsers'), 'class="search"'); $form_search->display(); From a609dbed325f4e2cc690acd4bee483fa57811c81 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 09:58:39 +0100 Subject: [PATCH 053/105] Minor - format code. --- main/attendance/attendance_controller.php | 2 +- main/attendance/index.php | 30 ++++----- main/inc/lib/attendance.lib.php | 78 ++++++++++++++--------- 3 files changed, 64 insertions(+), 46 deletions(-) diff --git a/main/attendance/attendance_controller.php b/main/attendance/attendance_controller.php index f528fac91a..c345ccd308 100755 --- a/main/attendance/attendance_controller.php +++ b/main/attendance/attendance_controller.php @@ -549,7 +549,7 @@ class AttendanceController * @param bool $showForm * @throws ViewException */ - public function calendarLogins($showForm = false, $exportToPdf = true) + public function getAttendanceBaseInLogin($showForm = false, $exportToPdf = true) { $table = null; $formToDisplay = null; diff --git a/main/attendance/index.php b/main/attendance/index.php index d5a70530e7..f46c439d17 100755 --- a/main/attendance/index.php +++ b/main/attendance/index.php @@ -92,7 +92,7 @@ if (isset($_GET['calendar_id'])) { $attendance = new Attendance(); // attendance controller object -$attendance_controller = new AttendanceController(); +$attendanceController = new AttendanceController(); $attendance_data = array(); // get attendance data if (!empty($attendance_id)) { @@ -235,53 +235,53 @@ if ($action == 'calendar_add') { // delete selected attendance if (isset($_POST['action']) && $_POST['action'] == 'attendance_delete_select') { - $attendance_controller->attendance_delete($_POST['id']); + $attendanceController->attendance_delete($_POST['id']); } // distpacher actions to controller switch ($action) { case 'attendance_list': - $attendance_controller->attendance_list(); + $attendanceController->attendance_list(); break; case 'attendance_add': if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_add(); + $attendanceController->attendance_add(); } else { api_not_allowed(); } break; case 'attendance_edit' : if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_edit($attendance_id); + $attendanceController->attendance_edit($attendance_id); } else { api_not_allowed(); } break; case 'attendance_delete' : if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_delete($attendance_id); + $attendanceController->attendance_delete($attendance_id); } else { api_not_allowed(); } break; case 'attendance_restore': if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_restore($attendance_id); + $attendanceController->attendance_restore($attendance_id); } else { api_not_allowed(); } break; case 'attendance_sheet_list': - $attendance_controller->attendance_sheet($action, $attendance_id, $student_id, true); + $attendanceController->attendance_sheet($action, $attendance_id, $student_id, true); break; case 'attendance_sheet_list_no_edit': - $attendance_controller->attendance_sheet($action, $attendance_id, $student_id, false); + $attendanceController->attendance_sheet($action, $attendance_id, $student_id, false); break; case 'attendance_sheet_export_to_pdf': - $attendance_controller->attendance_sheet_export_to_pdf($action, $attendance_id, $student_id, $course_id); + $attendanceController->attendance_sheet_export_to_pdf($action, $attendance_id, $student_id, $course_id); break; case 'attendance_sheet_add' : if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->attendance_sheet($action, $attendance_id); + $attendanceController->attendance_sheet($action, $attendance_id); } else { api_not_allowed(); } @@ -289,7 +289,7 @@ switch ($action) { case 'lock_attendance' : case 'unlock_attendance' : if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->lock_attendance($action, $attendance_id); + $attendanceController->lock_attendance($action, $attendance_id); } else { api_not_allowed(); } @@ -302,13 +302,13 @@ switch ($action) { api_not_allowed(); } case 'calendar_list' : - $attendance_controller->attendance_calendar($action, $attendance_id, $calendar_id); + $attendanceController->attendance_calendar($action, $attendance_id, $calendar_id); break; case 'calendar_logins': if (api_is_allowed_to_edit(null, true)) { - $attendance_controller->calendarLogins(false, true); + $attendanceController->getAttendanceBaseInLogin(false, true); } break; default : - $attendance_controller->attendance_list(); + $attendanceController->attendance_list(); } diff --git a/main/inc/lib/attendance.lib.php b/main/inc/lib/attendance.lib.php index 37fdbe486b..f71724455e 100755 --- a/main/inc/lib/attendance.lib.php +++ b/main/inc/lib/attendance.lib.php @@ -272,12 +272,12 @@ class Attendance $value_calification = 0; $weight_calification = floatval($this->attendance_weight); $sql = "INSERT INTO $tbl_attendance SET - c_id = $course_id, - name ='".Database::escape_string($this->name)."', - description = '".Database::escape_string($this->description)."', - attendance_qualify_title = '$title_gradebook', - attendance_weight = '$weight_calification', - session_id = '$session_id'"; + c_id = $course_id, + name ='".Database::escape_string($this->name)."', + description = '".Database::escape_string($this->description)."', + attendance_qualify_title = '$title_gradebook', + attendance_weight = '$weight_calification', + session_id = '$session_id'"; Database::query($sql); $affected_rows = Database::affected_rows(); $last_id = 0; @@ -383,7 +383,8 @@ class Attendance if (is_array($attendance_id)) { foreach ($attendance_id as $id) { $id = intval($id); - $sql = "UPDATE $tbl_attendance SET active = 1 WHERE c_id = $course_id AND id = '$id'"; + $sql = "UPDATE $tbl_attendance SET active = 1 + WHERE c_id = $course_id AND id = '$id'"; Database::query($sql); $affected_rows = Database::affected_rows(); if (!empty($affected_rows)) { @@ -393,7 +394,8 @@ class Attendance } } else { $attendance_id = intval($attendance_id); - $sql = "UPDATE $tbl_attendance SET active = 1 WHERE c_id = $course_id AND id = '$attendance_id'"; + $sql = "UPDATE $tbl_attendance SET active = 1 + WHERE c_id = $course_id AND id = '$attendance_id'"; Database::query($sql); $affected_rows = Database::affected_rows(); if (!empty($affected_rows)) { @@ -419,7 +421,8 @@ class Attendance if (is_array($attendance_id)) { foreach ($attendance_id as $id) { $id = intval($id); - $sql = "UPDATE $tbl_attendance SET active = 0 WHERE c_id = $course_id AND id = '$id'"; + $sql = "UPDATE $tbl_attendance SET active = 0 + WHERE c_id = $course_id AND id = '$id'"; Database::query($sql); $affected_rows = Database::affected_rows(); if (!empty($affected_rows)) { @@ -429,7 +432,8 @@ class Attendance } } else { $attendance_id = intval($attendance_id); - $sql = "UPDATE $tbl_attendance SET active = 0 WHERE c_id = $course_id AND id = '$attendance_id'"; + $sql = "UPDATE $tbl_attendance SET active = 0 + WHERE c_id = $course_id AND id = '$attendance_id'"; Database::query($sql); $affected_rows = Database::affected_rows(); if (!empty($affected_rows)) { @@ -685,13 +689,18 @@ class Attendance if (count($calendar_ids) > 0) { $sql = "SELECT count(presence) as count_presences FROM $tbl_attendance_sheet - WHERE c_id = $course_id AND user_id = '$uid' AND attendance_calendar_id IN(".implode(',',$calendar_ids).") AND presence = 1"; + WHERE + c_id = $course_id AND + user_id = '$uid' AND + attendance_calendar_id IN(".implode(',',$calendar_ids).") AND + presence = 1"; $rs_count = Database::query($sql); $row_count = Database::fetch_array($rs_count); $count_presences = $row_count['count_presences']; } // save results - $sql = "SELECT id FROM $tbl_attendance_result WHERE c_id = $course_id AND user_id='$uid' AND attendance_id='$attendance_id'"; + $sql = "SELECT id FROM $tbl_attendance_result + WHERE c_id = $course_id AND user_id='$uid' AND attendance_id='$attendance_id'"; $rs_check_result = Database::query($sql); if (Database::num_rows($rs_check_result) > 0) { // update result @@ -702,10 +711,10 @@ class Attendance } else { // insert new result $sql = "INSERT INTO $tbl_attendance_result SET - c_id = $course_id , - user_id = '$uid', - attendance_id = '$attendance_id', - score = '$count_presences'"; + c_id = $course_id , + user_id = '$uid', + attendance_id = '$attendance_id', + score = '$count_presences'"; Database::query($sql); } } @@ -746,8 +755,8 @@ class Attendance } // save data - $ins = "INSERT INTO $tbl_attendance_sheet_log(c_id, attendance_id, lastedit_date, lastedit_type, lastedit_user_id, calendar_date_value) - VALUES($course_id, $attendance_id, '$lastedit_date', '$lastedit_type', $lastedit_user_id, '$calendar_date_value')"; + $ins = "INSERT INTO $tbl_attendance_sheet_log (c_id, attendance_id, lastedit_date, lastedit_type, lastedit_user_id, calendar_date_value) + VALUES ($course_id, $attendance_id, '$lastedit_date', '$lastedit_type', $lastedit_user_id, '$calendar_date_value')"; Database::query($ins); @@ -839,8 +848,12 @@ class Attendance foreach ($attendances_by_course as $attendance) { // get total faults and total weight $total_done_attendance = $attendance['attendance_qualify_max']; - $sql = "SELECT score FROM $tbl_attendance_result - WHERE c_id = $course_id AND user_id = $user_id AND attendance_id = ".$attendance['id']; + $sql = "SELECT score + FROM $tbl_attendance_result + WHERE + c_id = $course_id AND + user_id = $user_id AND + attendance_id = ".$attendance['id']; $rs = Database::query($sql); $score = 0; if (Database::num_rows($rs) > 0) { @@ -884,7 +897,10 @@ class Attendance // Get total faults and total weight $total_done_attendance = $attendance['attendance_qualify_max']; $sql = "SELECT score FROM $tbl_attendance_result - WHERE c_id = {$course_info['real_id']} AND user_id=$user_id AND attendance_id=".$attendance['id']; + WHERE + c_id = {$course_info['real_id']} AND + user_id = $user_id AND + attendance_id=".$attendance['id']; $rs = Database::query($sql); $score = 0; if (Database::num_rows($rs) > 0) { @@ -957,7 +973,7 @@ class Attendance att.c_id = $course_id AND cal.c_id = $course_id AND att.user_id = '$user_id' AND - att.attendance_calendar_id IN(".implode(',',$calendar_ids).") + att.attendance_calendar_id IN (".implode(',',$calendar_ids).") ORDER BY date_time"; $res = Database::query($sql); if (Database::num_rows($res) > 0) { @@ -1014,7 +1030,7 @@ class Attendance attendance_id = '$attendance_id' AND done_attendance = 0 ORDER BY date_time - limit 1"; + LIMIT 1"; $rs = Database::query($sql); $next_calendar_datetime = 0; if (Database::num_rows($rs) > 0) { @@ -1331,10 +1347,14 @@ class Attendance $course_id = api_get_course_int_id(); // check if datetime already exists inside the table $sql = "SELECT id FROM $tbl_attendance_calendar - WHERE c_id = $course_id AND date_time = '".Database::escape_string($this->date_time)."' AND attendance_id = '$attendance_id'"; + WHERE + c_id = $course_id AND + date_time = '".Database::escape_string($this->date_time)."' AND + attendance_id = '$attendance_id'"; $rs = Database::query($sql); if (Database::num_rows($rs) == 0) { - $sql = "UPDATE $tbl_attendance_calendar SET date_time='".Database::escape_string($this->date_time)."' + $sql = "UPDATE $tbl_attendance_calendar + SET date_time='".Database::escape_string($this->date_time)."' WHERE c_id = $course_id AND id = '".intval($calendar_id)."'"; Database::query($sql); $affected_rows = Database::affected_rows(); @@ -1361,7 +1381,7 @@ class Attendance { $tbl_attendance_calendar = Database::get_course_table(TABLE_ATTENDANCE_CALENDAR); $tbl_attendance_sheet = Database::get_course_table(TABLE_ATTENDANCE_SHEET); - $session_id = api_get_session_id(); + $attendance_id = intval($attendance_id); // get all registered users inside current course $users = $this->get_users_rel_course(); @@ -1488,7 +1508,7 @@ class Attendance * @param string $startDate in UTC time * @param string $endDate in UTC time * - * @return string + * @return array */ public function getAttendanceLogin($startDate, $endDate) { @@ -1633,7 +1653,7 @@ class Attendance $table = new HTML_Table(array('class' => 'data_table')); $table->setHeaderContents(0, 0, get_lang('User')); - $table->setHeaderContents(0, 1, get_lang('Dates')); + $table->setHeaderContents(0, 1, get_lang('Date')); $row = 1; foreach ($users as $user) { @@ -1646,8 +1666,6 @@ class Attendance } $column = 1; - $results[15]['2010-04-11'] = true; - $results[15]['2010-04-13'] = true; foreach ($users as $user) { if (isset($results[$user['user_id']]) && From 6d12eee8ff768b2d627217c41d2e1ece1a0fa97e Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 10:14:50 +0100 Subject: [PATCH 054/105] Adds message if no data is available. --- main/attendance/attendance_controller.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/main/attendance/attendance_controller.php b/main/attendance/attendance_controller.php index c345ccd308..0e111238e7 100755 --- a/main/attendance/attendance_controller.php +++ b/main/attendance/attendance_controller.php @@ -585,7 +585,10 @@ class AttendanceController $attendance = new Attendance(); if ($exportToPdf) { - $attendance->exportAttendanceLogin($startDate, $endDate); + $result = $attendance->exportAttendanceLogin($startDate, $endDate); + if (empty($result)) { + api_not_allowed(true, get_lang('NoDataAvailable')); + } } $table = $attendance->getAttendanceLoginTable($startDate, $endDate); $data = array( From efb6f4f6a34f7c1f68fb5f59749cbab44662075b Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 10:41:22 +0100 Subject: [PATCH 055/105] Minor - format code --- main/inc/lib/course.lib.php | 56 ++++++++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/main/inc/lib/course.lib.php b/main/inc/lib/course.lib.php index 744be8a349..ae3327778d 100755 --- a/main/inc/lib/course.lib.php +++ b/main/inc/lib/course.lib.php @@ -3920,7 +3920,8 @@ class CourseManager * @param string Original field name * @return int Course id */ - public static function get_course_id_from_original_id($original_course_id_value, $original_course_id_name) { + public static function get_course_id_from_original_id($original_course_id_value, $original_course_id_name) + { $t_cfv = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES); $table_field = Database::get_main_table(TABLE_MAIN_COURSE_FIELD); $sql_course = "SELECT course_code FROM $table_field cf INNER JOIN $t_cfv cfv ON cfv.field_id=cf.id WHERE field_variable='$original_course_id_name' AND field_value='$original_course_id_value'"; @@ -4149,9 +4150,16 @@ class CourseManager if (isset($course_info['user_course_cat'])) { $user_course_category = $course_info['user_course_cat']; } - $output = array ($user_course_category, $html, $course_info['id_session'], $session, 'active' => $active, 'session_category_id' => $session_category_id); + $output = array( + $user_course_category, + $html, + $course_info['id_session'], + $session, + 'active' => $active, + 'session_category_id' => $session_category_id + ); } else { - $output = array ($course_info['user_course_cat'], $html); + $output = array($course_info['user_course_cat'], $html); } return $output; } @@ -4164,7 +4172,8 @@ class CourseManager * @param int destination session id * @return bool */ - public static function copy_course($source_course_code, $source_session_id, $destination_course_code, $destination_session_id, $params = array()) { + public static function copy_course($source_course_code, $source_session_id, $destination_course_code, $destination_session_id, $params = array()) + { require_once api_get_path(SYS_CODE_PATH).'coursecopy/classes/CourseBuilder.class.php'; require_once api_get_path(SYS_CODE_PATH).'coursecopy/classes/CourseRestorer.class.php'; require_once api_get_path(SYS_CODE_PATH).'coursecopy/classes/CourseSelectForm.class.php'; @@ -4182,7 +4191,6 @@ class CourseManager return false; } - /** * A simpler version of the copy_course, the function creates an empty course with an autogenerated course code * @@ -4292,8 +4300,6 @@ class CourseManager } return false; } - - return false; } /** @@ -4414,9 +4420,9 @@ class CourseManager $result['user_vote'] = self::get_user_course_vote(api_get_user_id(), $course_id, $session_id,$url_id); } - $result['point_average'] = $point_average_in_percentage; - $result['point_average_star'] = $point_average_in_star; - $result['users_who_voted'] = $users_who_voted; + $result['point_average'] = $point_average_in_percentage; + $result['point_average_star'] = $point_average_in_star; + $result['users_who_voted'] = $users_who_voted; return $result; } @@ -4438,7 +4444,7 @@ class CourseManager $add_user = true ) { // Course catalog stats modifications see #4191 - $table_course_ranking = Database::get_main_table(TABLE_STATISTIC_TRACK_COURSE_RANKING); + $table_course_ranking = Database::get_main_table(TABLE_STATISTIC_TRACK_COURSE_RANKING); $now = api_get_utc_datetime(); @@ -4536,10 +4542,15 @@ class CourseManager $action_done = 'nothing'; - $result = Database::select('id, vote', $table_user_course_vote, array('where' => array('user_id = ? AND c_id = ? AND session_id = ? AND url_id = ?' => $params)), 'first'); + $result = Database::select( + 'id, vote', + $table_user_course_vote, + array('where' => array('user_id = ? AND c_id = ? AND session_id = ? AND url_id = ?' => $params)), + 'first' + ); if (empty($result)) { - $result = Database::insert($table_user_course_vote, $params); + Database::insert($table_user_course_vote, $params); $points_to_add = $vote; $add_user = true; $action_done = 'added'; @@ -4548,13 +4559,24 @@ class CourseManager $points_to_add = $vote - $result['vote']; $add_user = false; - $result = Database::update($table_user_course_vote, $my_params, array('user_id = ? AND c_id = ? AND session_id = ? AND url_id = ?' => $params)); + Database::update( + $table_user_course_vote, + $my_params, + array('user_id = ? AND c_id = ? AND session_id = ? AND url_id = ?' => $params) + ); $action_done = 'updated'; } - //Current points + // Current points if (!empty($points_to_add)) { - self::update_course_ranking($course_id, $session_id, $url_id, $points_to_add, false, $add_user); + self::update_course_ranking( + $course_id, + $session_id, + $url_id, + $points_to_add, + false, + $add_user + ); } return $action_done; } @@ -5157,7 +5179,7 @@ class CourseManager $sql = "SELECT * FROM $table WHERE - course_code = $courseCode AND + course_code = '$courseCode' AND session_id = $sessionId AND login_course_date BETWEEN '$startDate' AND '$endDate' "; From 328571acf65499e331bfe9f322ccbe1014dc6950 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 10:55:18 +0100 Subject: [PATCH 056/105] Fixes table report see BT#8814 --- main/inc/lib/attendance.lib.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/main/inc/lib/attendance.lib.php b/main/inc/lib/attendance.lib.php index f71724455e..8257539734 100755 --- a/main/inc/lib/attendance.lib.php +++ b/main/inc/lib/attendance.lib.php @@ -1662,19 +1662,18 @@ class Attendance 0, $user['lastname'].' '.$user['firstname'].' ('.$user['username'].')' ); - $row ++; + $row++; } - $column = 1; - + $row = 1; foreach ($users as $user) { if (isset($results[$user['user_id']]) && !empty($results[$user['user_id']]) ) { $dates = implode(', ', array_keys($results[$user['user_id']])); - $table->setCellContents(1, $column, $dates); + $table->setCellContents($row, 1, $dates); } - $column++; + $row++; } $tableToString = $table->toHtml(); From bec078b6b69c60365075e147d5f12cc0e5398507 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 11:56:04 +0100 Subject: [PATCH 057/105] Improves export to PDF UI see BT#9018 --- main/work/work.lib.php | 52 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 43 insertions(+), 9 deletions(-) diff --git a/main/work/work.lib.php b/main/work/work.lib.php index 2afea2d648..0ab876841f 100755 --- a/main/work/work.lib.php +++ b/main/work/work.lib.php @@ -5019,6 +5019,8 @@ function exportAllStudentWorkFromPublication( return false; } + $assignment = get_work_assignment_by_id($workId); + $courseCode = $courseInfo['code']; $header = get_lang('Course').': '.$courseInfo['title']; $teachers = CourseManager::get_teacher_list_from_course_code_to_string( @@ -5042,8 +5044,11 @@ function exportAllStudentWorkFromPublication( $header .= '
'.get_lang('StudentPublication').': '.$workData['title'].'
'; $content = null; - if (!empty($workData['expires_on'])) { - $content .= '
' . get_lang('ExpiryDate') . ': ' . api_get_local_time($workData['expires_on']); + $expiresOn = null; + + if (!empty($assignment) && isset($assignment['expires_on'])) { + $content .= '
' . get_lang('ExpiryDate') . ': ' . api_get_local_time($assignment['expires_on']); + $expiresOn = api_get_local_time($assignment['expires_on']); } if (!empty($workData['description'])) { @@ -5057,33 +5062,62 @@ function exportAllStudentWorkFromPublication( if (!empty($workList)) { require_once api_get_path(LIBRARY_PATH).'pdf.lib.php'; + $table = new HTML_Table(array('class' => 'data_table')); + $headers = array( + get_lang('Name'), + get_lang('HandOutDateLimit'), + get_lang('SendDate'), + get_lang('Filename'), + get_lang('Score'), + get_lang('Feedback') + ); + + $column = 0; + foreach($headers as $header) { + $table->setHeaderContents(0, $column, $header); + $column++; + } + + $row = 1; + //$pdf->set_custom_header($header); foreach ($workList as $work) { $content .= '
'; // getWorkComments need c_id $work['c_id'] = $courseInfo['real_id']; - $content .= '

'.strip_tags($work['title']).'

'; - $content .= get_lang('Date').': '.api_get_local_time($work['sent_date_from_db']).'
'; + //$content .= get_lang('Date').': '.api_get_local_time($work['sent_date_from_db']).'
'; + $score = null; if (!empty($work['qualification_only'])) { - $content .= get_lang('Score').': '.$work['qualification_only'] . '
'; + $score = $work['qualification_only']; } - $content .= get_lang('Description').': '.$work['description'].'
'; + //$content .= get_lang('Description').': '.$work['description'].'
'; $comments = getWorkComments($work); + $feedback = null; if (!empty($comments)) { $content .= '

'.get_lang('Feedback').':

'; foreach ($comments as $comment) { - $content .= get_lang('User').': '.api_get_person_name( + $feedback .= get_lang('User').': '.api_get_person_name( $comment['firstname'], $comment['lastname'] ).'
'; - $content .= $comment['comment']; - $content .= '
'; + $feedback .= $comment['comment'].'
'; } } + + $table->setCellContents($row, 0, strip_tags($workData['title'])); + $table->setCellContents($row, 1, $expiresOn); + $table->setCellContents($row, 2, api_get_local_time($work['sent_date_from_db'])); + $table->setCellContents($row, 3, strip_tags($work['title'])); + $table->setCellContents($row, 4, $score); + $table->setCellContents($row, 5, $feedback); + + $row++; } + $content = $table->toHtml(); + if (!empty($content)) { $params = array( 'filename' => $workData['title'] . '_' . api_get_local_time(), From 762e7ebf8c858a65cc70b8c83a31fe750af8d607 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 11:59:39 +0100 Subject: [PATCH 058/105] Minor - fixing language variables. --- main/work/work.lib.php | 2 +- main/work/work_list_all.php | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/main/work/work.lib.php b/main/work/work.lib.php index 0ab876841f..261473daba 100755 --- a/main/work/work.lib.php +++ b/main/work/work.lib.php @@ -5066,7 +5066,7 @@ function exportAllStudentWorkFromPublication( $headers = array( get_lang('Name'), get_lang('HandOutDateLimit'), - get_lang('SendDate'), + get_lang('SentDate'), get_lang('Filename'), get_lang('Score'), get_lang('Feedback') diff --git a/main/work/work_list_all.php b/main/work/work_list_all.php index c5c2450614..3de18e5c5d 100755 --- a/main/work/work_list_all.php +++ b/main/work/work_list_all.php @@ -3,7 +3,14 @@ use ChamiloSession as Session; -$language_file = array('exercice', 'work', 'document', 'admin', 'gradebook'); +$language_file = array( + 'exercice', + 'work', + 'document', + 'admin', + 'gradebook', + 'tracking' +); require_once '../inc/global.inc.php'; $current_course_tool = TOOL_STUDENTPUBLICATION; From e911b7f1b1d2f0897c885dce25cc03b41ac8923e Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 12:22:44 +0100 Subject: [PATCH 059/105] Minor - adding user name. --- main/work/work.lib.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/main/work/work.lib.php b/main/work/work.lib.php index 261473daba..1b3afd9edd 100755 --- a/main/work/work.lib.php +++ b/main/work/work.lib.php @@ -5065,6 +5065,7 @@ function exportAllStudentWorkFromPublication( $table = new HTML_Table(array('class' => 'data_table')); $headers = array( get_lang('Name'), + get_lang('User'), get_lang('HandOutDateLimit'), get_lang('SentDate'), get_lang('Filename'), @@ -5107,11 +5108,12 @@ function exportAllStudentWorkFromPublication( } $table->setCellContents($row, 0, strip_tags($workData['title'])); - $table->setCellContents($row, 1, $expiresOn); - $table->setCellContents($row, 2, api_get_local_time($work['sent_date_from_db'])); - $table->setCellContents($row, 3, strip_tags($work['title'])); - $table->setCellContents($row, 4, $score); - $table->setCellContents($row, 5, $feedback); + $table->setCellContents($row, 1, api_get_person_name(strip_tags($work['firstname']), strip_tags($work['lastname']))); + $table->setCellContents($row, 2, $expiresOn); + $table->setCellContents($row, 3, api_get_local_time($work['sent_date_from_db'])); + $table->setCellContents($row, 4, strip_tags($work['title'])); + $table->setCellContents($row, 5, $score); + $table->setCellContents($row, 6, $feedback); $row++; } From 8ff34b91facf08174852ec91fdf20119e1229e1f Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 12:37:29 +0100 Subject: [PATCH 060/105] Minor - using icon instead of a title see BT#9266 --- main/chat/chat_message.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/main/chat/chat_message.php b/main/chat/chat_message.php index 2388f94514..6c79afd935 100755 --- a/main/chat/chat_message.php +++ b/main/chat/chat_message.php @@ -77,13 +77,19 @@ if ($sent) {
@@ -92,8 +98,7 @@ if ($sent) { From 037ec90c68219d9dd5f56c167870de821b0da57a Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 14:12:44 +0100 Subject: [PATCH 061/105] Minor - fixing PDF report see BT#8814 --- main/inc/lib/attendance.lib.php | 20 ++++++++++++--- main/inc/lib/pdf.lib.php | 43 ++++++++++++++++++++++++--------- 2 files changed, 48 insertions(+), 15 deletions(-) diff --git a/main/inc/lib/attendance.lib.php b/main/inc/lib/attendance.lib.php index 8257539734..986523c44c 100755 --- a/main/inc/lib/attendance.lib.php +++ b/main/inc/lib/attendance.lib.php @@ -1513,7 +1513,7 @@ class Attendance public function getAttendanceLogin($startDate, $endDate) { if (empty($startDate) || $startDate == '0000-00-00' || - empty($endDate)|| $endDate == '0000-00-00' + empty($endDate) || $endDate == '0000-00-00' ) { return false; } @@ -1525,14 +1525,16 @@ class Attendance $courseCode, $sessionId, '', - 'lastname' + 'lastname', + 0 ); } else { $users = CourseManager:: get_user_list_from_course_code( $courseCode, 0, '', - 'lastname' + 'lastname', + STUDENT ); } @@ -1664,6 +1666,7 @@ class Attendance ); $row++; } + $table->setColAttributes(0, array('style' => 'width:30%')); $row = 1; foreach ($users as $user) { @@ -1676,11 +1679,20 @@ class Attendance $row++; } - $tableToString = $table->toHtml(); + $tableToString = null; + + //$sessionInfo = api_get_session_info(api_get_session_id()); + //if (!empty($sessionInfo)) { + $tableToString .= ''.get_lang('PeriodToDisplay').': '. + sprintf(get_lang('FromDateXToDateY'), $startDate, $endDate); + //} + + $tableToString .= $table->toHtml(); $params = array( 'filename' => get_lang('Attendance') . '_' . api_get_utc_datetime(), 'pdf_title' => get_lang('Attendance'), 'course_code' => api_get_course_id(), + 'show_real_course_teachers' => true ); $pdf = new PDF('A4', null, $params); $pdf->html_to_pdf_with_template($tableToString); diff --git a/main/inc/lib/pdf.lib.php b/main/inc/lib/pdf.lib.php index 888ea5cab2..253e414c43 100755 --- a/main/inc/lib/pdf.lib.php +++ b/main/inc/lib/pdf.lib.php @@ -42,10 +42,10 @@ class PDF //$this->pdf = $pdf = new mPDF('UTF-8', $pageFormat, '', '', 30, 20, 27, 25, 16, 13, $orientation); //left, right, top, bottom, margin_header, margin footer - $params['left'] = isset($params['left']) ? $params['left'] : 15; - $params['right'] = isset($params['right']) ? $params['right'] : 15; - $params['top'] = isset($params['top']) ? $params['top'] : 20; - $params['bottom'] = isset($params['bottom']) ? $params['bottom'] : 15; + $params['left'] = isset($params['left']) ? $params['left'] : 15; + $params['right'] = isset($params['right']) ? $params['right'] : 15; + $params['top'] = isset($params['top']) ? $params['top'] : 20; + $params['bottom'] = isset($params['bottom']) ? $params['bottom'] : 15; $this->params['filename'] = isset($params['filename']) ? $params['filename'] : api_get_local_time(); $this->params['pdf_title'] = isset($params['pdf_title']) ? $params['pdf_title'] : get_lang('Untitled'); @@ -53,6 +53,7 @@ class PDF $this->params['session_info'] = isset($params['session_info']) ? $params['session_info'] : api_get_session_info(api_get_session_id()); $this->params['course_code'] = isset($params['course_code']) ? $params['course_code'] : api_get_course_id(); $this->params['add_signatures'] = isset($params['add_signatures']) ? $params['add_signatures'] : false; + $this->params['show_real_course_teachers'] = isset($params['show_real_course_teachers']) ? $params['show_real_course_teachers'] : false; $this->pdf = new mPDF( 'UTF-8', @@ -111,10 +112,27 @@ class PDF Display::$global_template->assign('organization', $organization); //Showing only the current teacher/admin instead the all teacher list name see BT#4080 - //$teacher_list = CourseManager::get_teacher_list_from_course_code_to_string($course_code); - $user_info = api_get_user_info(); - $teacher_list = $user_info['complete_name']; + if (isset($this->params['show_real_course_teachers']) && + $this->params['show_real_course_teachers'] + ) { + if (isset($this->params['session_info']) && + !empty($this->params['session_info']) + ) { + $teacher_list = SessionManager::getCoachesByCourseSessionToString( + $this->params['session_info']['id'], + $this->params['course_code'] + + ); + } else { + $teacher_list = CourseManager::get_teacher_list_from_course_code_to_string( + $this->params['course_code'] + ); + } + } else { + $user_info = api_get_user_info(); + $teacher_list = $user_info['complete_name']; + } Display::$global_template->assign('pdf_course', $this->params['course_code']); Display::$global_template->assign('pdf_course_info', $this->params['course_info']); @@ -334,7 +352,8 @@ class PDF * @param string $document_html valid html * @param string $css CSS content of a CSS file * @param string $pdf_name pdf name - * @param string $course_code course code (if you are using html that are located in the document tool you must provide this) + * @param string $course_code course code + * (if you are using html that are located in the document tool you must provide this) * @return string Web path */ public function content_to_pdf( @@ -592,13 +611,15 @@ class PDF public function set_header($course_data) { $this->pdf->defaultheaderfontsize = 10; // in pts - $this->pdf->defaultheaderfontstyle = BI; // blank, B, I, or BI + $this->pdf->defaultheaderfontstyle = 'BI'; // blank, B, I, or BI $this->pdf->defaultheaderline = 1; // 1 to include line below header/above footer if (!empty($course_data['code'])) { $teacher_list = CourseManager::get_teacher_list_from_course_code($course_data['code']); + $teachers = ''; if (!empty($teacher_list)) { + foreach ($teacher_list as $teacher) { $teachers[]= $teacher['firstname'].' '.$teacher['lastname']; } @@ -690,8 +711,8 @@ class PDF /** * Pre-formats a PDF to the right size and, if not stated otherwise, with * header, footer and watermark (if any) - * @param array General course information (to fill headers) - * @param bool Whether we want headers, footers and watermark or not + * @param array $course_data General course information (to fill headers) + * @param bool $complete Whether we want headers, footers and watermark or not */ public function format_pdf($course_data, $complete = true) { From b104f04d4c763662b74159fe12fca7d7f2cf951f Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 14:27:31 +0100 Subject: [PATCH 062/105] Minor - adding session info see BT#8814 --- main/inc/lib/attendance.lib.php | 11 ++++++----- main/template/default/export/table_pdf.tpl | 22 +++++++++++++++------- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/main/inc/lib/attendance.lib.php b/main/inc/lib/attendance.lib.php index 986523c44c..80b25e18e9 100755 --- a/main/inc/lib/attendance.lib.php +++ b/main/inc/lib/attendance.lib.php @@ -1666,7 +1666,7 @@ class Attendance ); $row++; } - $table->setColAttributes(0, array('style' => 'width:30%')); + $table->setColAttributes(0, array('style' => 'width:28%')); $row = 1; foreach ($users as $user) { @@ -1679,15 +1679,16 @@ class Attendance $row++; } - $tableToString = null; + //$tableToString = null; //$sessionInfo = api_get_session_info(api_get_session_id()); //if (!empty($sessionInfo)) { - $tableToString .= ''.get_lang('PeriodToDisplay').': '. - sprintf(get_lang('FromDateXToDateY'), $startDate, $endDate); + /*$tableToString .= ''.get_lang('PeriodToDisplay').': '. + sprintf(get_lang('FromDateXToDateY'), $startDate, $endDate);*/ //} - $tableToString .= $table->toHtml(); + $tableToString = $table->toHtml(); + $params = array( 'filename' => get_lang('Attendance') . '_' . api_get_utc_datetime(), 'pdf_title' => get_lang('Attendance'), diff --git a/main/template/default/export/table_pdf.tpl b/main/template/default/export/table_pdf.tpl index 227bc16fbe..ceab5b958d 100755 --- a/main/template/default/export/table_pdf.tpl +++ b/main/template/default/export/table_pdf.tpl @@ -15,17 +15,25 @@ {% if pdf_session_info %} - - - {{ "Session" | get_lang }}: {{ pdf_session_info.name }} - + + + {{ "Session" | get_lang }}: {{ pdf_session_info.name }} + - {% if pdf_session_info.description %} + {% if pdf_session_info.description %} + + {{ "Description" | get_lang }}: {{ pdf_session_info.description }} + + {% endif %} + + + {% if pdf_session_info.date_start != '0000-00-00' and pdf_session_info.date_end != '0000-00-00' %} + - {{ "Description" | get_lang }}: {{ pdf_session_info.description }} + {{ "PeriodToDisplay" | get_lang }}: {{ "FromDateXToDateY"| get_lang | format(pdf_session_info.date_start, pdf_session_info.date_end ) }} + {% endif %} - {% endif %} {% if pdf_course_info %} From 80bcc765eae9c6c665d5e8f8479093e542846af7 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Mon, 19 Jan 2015 15:45:56 +0100 Subject: [PATCH 063/105] Fixes queries + fixing double link categories see BT#9281 --- main/inc/lib/link.lib.php | 13 +++++++------ main/link/link.php | 33 +++++++++++++++++++++++---------- 2 files changed, 30 insertions(+), 16 deletions(-) diff --git a/main/inc/lib/link.lib.php b/main/inc/lib/link.lib.php index 6356f30214..875f048e3c 100755 --- a/main/inc/lib/link.lib.php +++ b/main/inc/lib/link.lib.php @@ -857,8 +857,7 @@ function getLinkCategories($courseId, $sessionId) itemproperties.tool = '" . TOOL_LINK_CATEGORY . "' AND (itemproperties.visibility = '0' OR itemproperties.visibility = '1') $sessionCondition AND - linkcat.c_id = " . $courseId . " AND - itemproperties.c_id = " . $courseId . " + linkcat.c_id = " . $courseId . " ORDER BY linkcat.display_order DESC"; $result = Database::query($sql); @@ -876,7 +875,7 @@ function getLinkCategories($courseId, $sessionId) } } - $sql = "SELECT *, linkcat.id + $sql = "SELECT DISTINCT linkcat.*, visibility FROM $tblLinkCategory linkcat INNER JOIN $tblItemProperty itemproperties ON (linkcat.id = itemproperties.ref AND linkcat.c_id = itemproperties.c_id) @@ -884,10 +883,12 @@ function getLinkCategories($courseId, $sessionId) itemproperties.tool = '" . TOOL_LINK_CATEGORY . "' AND (itemproperties.visibility = '0' OR itemproperties.visibility = '1') $sessionCondition AND - linkcat.c_id = " . $courseId . " AND - itemproperties.c_id = " . $courseId . " - ORDER BY linkcat.display_order DESC"; + linkcat.c_id = " . $courseId . " + GROUP BY c_id, id + ORDER BY linkcat.display_order DESC + "; $result = Database::query($sql); + return Database::store_result($result, 'ASSOC'); } diff --git a/main/link/link.php b/main/link/link.php index f1967d9fd8..a38a338b1e 100755 --- a/main/link/link.php +++ b/main/link/link.php @@ -476,9 +476,6 @@ if (empty($_GET['action']) || // - instead of a +, the category is no longer clickable and all the links of this category are displayed $myrow['description'] = text_filter($myrow['description']); - // Link categories are always visible. - //$myrow['visibility'] = 1; - $strVisibility = ''; if ($myrow['visibility'] == '1') { $strVisibility = '' . @@ -489,7 +486,6 @@ if (empty($_GET['action']) || } if ($myrow['visibility'] == '1') { - if (isset($urlview[$i]) && $urlview[$i] == '1') { $newurlview = $urlview; $newurlview[$i] = '0'; @@ -502,7 +498,10 @@ if (empty($_GET['action']) || echo ''; if (api_is_allowed_to_edit(null, true)) { if ($session_id == $myrow['session_id']) { - echo ''; echo $strVisibility; showcategoryadmintools($myrow['id']); echo ''; + echo ''; + echo $strVisibility; + showcategoryadmintools($myrow['id']); + echo ''; } else { echo ''.get_lang('EditionNotAvailableFromSession'); } @@ -515,20 +514,27 @@ if (empty($_GET['action']) || echo ''; echo ''; echo ''; - echo ''; + if ($session_id == $myrow['session_id']) { + echo ''; + } } echo ''; echo ''; echo '
+   '.Security::remove_XSS($myrow['category_title']).$session_img; + echo '">  '. + Security::remove_XSS($myrow['category_title']).$session_img; echo'
   '; echo $myrow['description']; + if (api_is_allowed_to_edit(null, true)) { - echo '		'; echo $strVisibility; showcategoryadmintools($myrow['id']); echo ''; + echo $strVisibility; + showcategoryadmintools($myrow['id']); + echo '
'; echo ''; } - } else { // NO VISIBLE if (api_is_allowed_to_edit(null, true)) { @@ -562,9 +568,16 @@ if (empty($_GET['action']) || echo '">  '.Security::remove_XSS($myrow['category_title']).$session_img; echo'
   '; echo $myrow['description']; + if (api_is_allowed_to_edit(null, true)) { - echo ''; echo $strVisibility; showcategoryadmintools($myrow['id']); echo ''; + if ($session_id == $myrow['session_id']) { + echo ''; + echo $strVisibility; + showcategoryadmintools($myrow['id']); + echo ''; + } } + echo ''; echo ''; echo ''; From 241a4490d9563da21b3e0860a3b486353525bdef Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Tue, 20 Jan 2015 09:12:57 +0100 Subject: [PATCH 064/105] Fixes URL redirection see BT#9277 --- main/mySpace/myStudents.php | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/main/mySpace/myStudents.php b/main/mySpace/myStudents.php index ac4e35eb5e..4a9c451777 100755 --- a/main/mySpace/myStudents.php +++ b/main/mySpace/myStudents.php @@ -33,7 +33,6 @@ require_once api_get_path(SYS_CODE_PATH).'survey/survey.lib.php'; api_block_anonymous_users(); - if (!api_is_allowed_to_create_course() && !api_is_session_admin() && !api_is_drh()) { // Check if the user is tutor of the course $user_course_status = CourseManager::get_tutor_in_course_status( @@ -304,8 +303,6 @@ $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh( api_get_course_info() ); - - if (api_is_drh() && !api_is_platform_admin()) { if (!empty($student_id)) { if (api_drh_can_access_all_session_content()) { @@ -352,8 +349,7 @@ if (!empty($student_id)) { } echo $send_mail; if (!empty($student_id) && !empty($_GET['course'])) { - //only show link to connection details if course and student were defined in the URL - + // Only show link to connection details if course and student were defined in the URL echo ''. Display :: return_icon('statistics.png', get_lang('AccessDetails'),'',ICON_SIZE_MEDIUM).''; } @@ -418,7 +414,7 @@ if (!empty($student_id)) { $last_connection_date = get_lang('NoConnexion'); } - // cvs informations + // cvs information $csv_content[] = array( get_lang('Informations', '') ); @@ -614,7 +610,6 @@ if (!empty($student_id)) { - - '.$course_info['title'].' - '.$time_spent_on_course .' - '.$progress.' - '.$score.' - '.$attendances_faults_avg.' - '.$scoretotal_display.''; + '.$course_info['title'].' + '.$time_spent_on_course .' + '.$progress.' + '.$score.' + '.$attendances_faults_avg.' + '.$scoretotal_display.''; if (isset ($_GET['id_coach']) && intval($_GET['id_coach']) != 0) { echo ''; @@ -827,7 +822,10 @@ if (!empty($student_id)) { array($lp_id), $session_id ); - if (!empty($total_time)) $any_result = true; + + if (!empty($total_time)) { + $any_result = true; + } // Get last connection time in lp $start_time = Tracking::get_last_connection_time_in_lp( @@ -913,14 +911,17 @@ if (!empty($student_id)) { if ($from_myspace) { $from ='&from=myspace'; } - $link = Display::url('','lp_tracking.php?course='.Security::remove_XSS($_GET['course']).$from.'&origin='.Security::remove_XSS($_GET['origin']).'&lp_id='.$learnpath['id'].'&student_id='.$user_info['user_id'].'&id_session='.$session_id); + $link = Display::url( + '', + 'lp_tracking.php?cidReq='.Security::remove_XSS($_GET['course']).'&course='.Security::remove_XSS($_GET['course']).$from.'&origin='.Security::remove_XSS($_GET['origin']).'&lp_id='.$learnpath['id'].'&student_id='.$user_info['user_id'].'&id_session='.$session_id + ); echo Display::tag('td', $link); } if (api_is_allowed_to_edit()) { echo ''; if ($any_result === true) { - echo ''; + echo ''; echo Display::return_icon('clean.png',get_lang('Clean'),'',ICON_SIZE_SMALL).''; echo ''; } From a7861d33eaeb1c9f929275bd7751672da59020e4 Mon Sep 17 00:00:00 2001 From: Julio Montoya Date: Tue, 20 Jan 2015 10:06:42 +0100 Subject: [PATCH 065/105] Minor - format code. --- main/course_home/activity.php | 1 - main/course_home/course_home.php | 26 +++++++++++--------------- main/inc/introductionSection.inc.php | 20 +++++++++----------- main/inc/lib/display.lib.php | 8 +++++++- main/inc/lib/sessionmanager.lib.php | 2 +- 5 files changed, 28 insertions(+), 29 deletions(-) diff --git a/main/course_home/activity.php b/main/course_home/activity.php index fa4117e7fb..c0913ac7dd 100755 --- a/main/course_home/activity.php +++ b/main/course_home/activity.php @@ -65,7 +65,6 @@ if ($enabled == 'true') { // COURSE ADMIN ONLY VIEW // Start of tools for CourseAdmins (teachers/tutors) - if ($session_id == 0 && api_is_course_admin() && api_is_allowed_to_edit(null, true)) { $content .= '