chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Reverse small code indentation

Browse Source
1.9.x
Yannick Warnier 11 years ago
parent 52c806a671 3bc8fd6fad
commit d39344b93f
89 changed files with 2357 additions and 1364 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      main/admin/access_url_check_user_session.php
  2. 2
      main/admin/access_url_edit.php
  3. 10
      main/admin/add_sessions_to_promotion.php
  4. 35
      main/admin/add_sessions_to_usergroup.php
  5. 46
      main/admin/add_users_to_session.php
  6. 96
      main/admin/course_list.php
  7. 5
      main/admin/course_request_accepted.php
  8. 14
      main/admin/dashboard_add_courses_to_user.php
  9. 12
      main/admin/dashboard_add_sessions_to_user.php
  10. 74
      main/admin/export_certificates.php
  11. 13
      main/admin/session_course_edit.php
  12. 128
      main/admin/user_list.php
  13. 38
      main/attendance/attendance_controller.php
  14. 7
      main/attendance/attendance_list.php
  15. 11
      main/attendance/calendar_logins.php
  16. 8
      main/attendance/index.php
  17. 19
      main/coursecopy/classes/CourseArchiver.class.php
  18. 172
      main/coursecopy/classes/CourseBuilder.class.php
  19. 44
      main/coursecopy/classes/CourseCopyLearnpath.class.php
  20. 3
      main/coursecopy/classes/CourseCopyTestCategory.php
  21. 11
      main/coursecopy/classes/CourseDescription.class.php
  22. 4
      main/coursecopy/copy_course_session.php
  23. 7
      main/document/slideshow.php
  24. 14
      main/document/upload.php
  25. 6
      main/dropbox/index.php
  26. 10
      main/exercice/exercice.php
  27. 6
      main/exercice/exercise.lib.php
  28. 34
      main/exercice/exercise_show.php
  29. 9
      main/forum/forumfunction.inc.php
  30. 16
      main/gradebook/gradebook_add_cat.php
  31. 30
      main/gradebook/gradebook_add_eval.php
  32. 27
      main/gradebook/gradebook_add_link.php
  33. 20
      main/gradebook/gradebook_add_link_select_course.php
  34. 18
      main/gradebook/gradebook_add_result.php
  35. 107
      main/gradebook/gradebook_display_certificate.php
  36. 11
      main/gradebook/gradebook_edit_all.php
  37. 4
      main/gradebook/index.php
  38. 44
      main/gradebook/lib/be/abstractlink.class.php
  39. 137
      main/gradebook/lib/be/category.class.php
  40. 2
      main/gradebook/lib/fe/displaygradebook.php
  41. 290
      main/gradebook/lib/fe/gradebooktable.class.php
  42. 3
      main/gradebook/lib/gradebook_data_generator.class.php
  43. 73
      main/gradebook/lib/gradebook_functions.inc.php
  44. 2
      main/inc/ajax/course.ajax.php
  45. 10
      main/inc/ajax/document.ajax.php
  46. 17
      main/inc/ajax/model.ajax.php
  47. 17
      main/inc/ajax/session.ajax.php
  48. 7
      main/inc/lib/CoursesAndSessionsCatalog.class.php
  49. 76
      main/inc/lib/add_courses_to_session_functions.lib.php
  50. 97
      main/inc/lib/attendance.lib.php
  51. 48
      main/inc/lib/auth.lib.php
  52. 457
      main/inc/lib/course.lib.php
  53. 44
      main/inc/lib/course_category.lib.php
  54. 107
      main/inc/lib/database.lib.php
  55. 12
      main/inc/lib/display.lib.php
  56. 42
      main/inc/lib/document.lib.php
  57. 3
      main/inc/lib/fileUpload.lib.php
  58. 24
      main/inc/lib/formvalidator/FormValidator.class.php
  59. 61
      main/inc/lib/group_portal_manager.lib.php
  60. 13
      main/inc/lib/link.lib.php
  61. 152
      main/inc/lib/main_api.lib.php
  62. 56
      main/inc/lib/sessionmanager.lib.php
  63. 4
      main/inc/lib/tracking.lib.php
  64. 191
      main/inc/lib/usermanager.lib.php
  65. 24
      main/inc/lib/userportal.lib.php
  66. 7
      main/install/configuration.dist.php
  67. 2
      main/messages/new_message.php
  68. 20
      main/mySpace/company_reports.php
  69. 156
      main/newscorm/learnpath.class.php
  70. 3
      main/newscorm/lp_ajax_switch_item.php
  71. 9
      main/newscorm/lp_ajax_switch_item_toc.php
  72. 7
      main/newscorm/lp_controller.php
  73. 72
      main/reservation/rsys.php
  74. 1
      main/social/group_topics.php
  75. 43
      main/social/groups.php
  76. 31
      main/social/message_for_group_form.inc.php
  77. 28
      main/social/search.php
  78. 9
      main/survey/survey.lib.php
  79. 1
      main/survey/survey_list.php
  80. 19
      main/template/default/auth/courses_categories.php
  81. 7
      main/webservices/registration.soap.php
  82. 3
      main/wiki/index.php
  83. 143
      main/wiki/wiki.inc.php
  84. 6
      main/work/downloadfolder.inc.php
  85. 14
      main/work/student_work.php
  86. 17
      main/work/view.php
  87. 32
      main/work/work.lib.php
  88. 2
      main/work/work.php
  89. 4
      main/work/work_list_all.php

1
main/admin/access_url_check_user_session.php
Unescape View File

@ -56,7 +56,6 @@ $order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' O
$session_list = SessionManager::get_sessions_list();
$html = '';
$show_users_with_problems = isset($_REQUEST['show_users_with_problems']) && $_REQUEST['show_users_with_problems'] == 1 ? true : false;
if ($show_users_with_problems) {

2
main/admin/access_url_edit.php
Unescape View File

@ -159,3 +159,5 @@ $form->addElement('file','url_image_3','URL Image 3 (PNG)');
// Submit button
$form->addElement('style_submit_button', 'submit', $submit_name, 'class="add"');
$form->display();
Display::display_footer();

10
main/admin/add_sessions_to_promotion.php
Unescape View File

@ -93,7 +93,7 @@ if (isset($_POST['form_sent']) && $_POST['form_sent']) {
}
$promotion_data = $promotion->get($id);
$session_list = SessionManager::get_sessions_list(array(), array('name'));
$session_list = SessionManager::get_sessions_list(array(), array('name'));
$session_not_in_promotion = $session_in_promotion= array();
if (!empty($session_list)) {
@ -126,17 +126,19 @@ function search_sessions($needle, $type)
$needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$session_list = SessionManager::get_sessions_list(array('s.name LIKE' => "$needle%"));
$session_list = SessionManager::get_sessions_list(
array('s.name' => array('operator' => 'LIKE', 'value' => "$needle%"))
);
$return .= '<select id="session_not_in_promotion" name="session_not_in_promotion_name[]" multiple="multiple" size="15" style="width:360px;">';
foreach ($session_list as $row ) {
foreach ($session_list as $row) {
if (!in_array($row['id'], array_keys($session_in_promotion))) {
$return .= '<option value="'.$row['id'].'">'.$row['name'].'</option>';
}
}
$return .= '</select>';
$xajax_response -> addAssign('ajax_list_multiple','innerHTML',api_utf8_encode($return));
}
return $xajax_response;
}
$xajax->processRequests();

35
main/admin/add_sessions_to_usergroup.php
Unescape View File

@ -98,7 +98,7 @@ if (isset($_POST['form_sent']) && $_POST['form_sent']) {
$elements_posted = array();
}
if ($form_sent == 1) {
//added a parameter to send emails when registering a user
//added a parameter to send emails when registering a user
$usergroup->subscribe_sessions_to_usergroup($id, $elements_posted);
header('Location: usergroups.php');
exit;
@ -145,9 +145,13 @@ function search_sessions($needle,$type) {
$order_clause.
' LIMIT 11';*/
} else if ($type == 'searchbox') {
$session_list = SessionManager::get_sessions_list(array('s.name LIKE' => "%$needle%"));
$session_list = SessionManager::get_sessions_list(
array('s.name' => array('operator' => 'LIKE', 'value' => "%$needle%"))
);
} else {
$session_list = SessionManager::get_sessions_list(array('s.name LIKE' => "$needle%"));
$session_list = SessionManager::get_sessions_list(
array('s.name' => array('operator' => 'LIKE', 'value' => "$needle%"))
);
}
$i=0;
if ($type=='single') {
@ -189,13 +193,10 @@ if ($add_type == 'multiple') {
}
echo '<div class="actions">';
echo '<a href="usergroups.php">'.Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM).'</a>';
echo '<a href="usergroups.php">'.Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM).'</a>';
echo '<a href="javascript://" class="advanced_parameters" style="margin-top: 8px" onclick="display_advanced_search();"><span id="img_plus_and_minus">&nbsp;'.Display::return_icon('div_show.gif',get_lang('Show'),array('style'=>'vertical-align:middle')).' '.get_lang('AdvancedSearch').'</span></a>';
echo '</div>';
?>
<?php echo '<div id="advancedSearch" style="display: none">'. get_lang('SearchSessions'); ?> :
echo '<div id="advancedSearch" style="display: none">'. get_lang('SearchSessions'); ?> :
<input name="SearchSession" onchange = "xajax_search_sessions(this.value,'searchbox')" onkeyup="this.onchange()">
</div>
<form name="formulaire" method="post" action="<?php echo api_get_self(); ?>?id=<?php echo $id; if(!empty($_GET['add'])) echo '&add=true' ; ?>" style="margin:0px;" <?php if($ajax_search){echo ' onsubmit="valide();"';}?>>
@ -262,8 +263,8 @@ if(!empty($errorMsg)) {
<tr>
<td align="center">
<div id="content_source">
<?php
if (!($add_type=='multiple')) {
<?php
if (!($add_type=='multiple')) {
?>
<input type="text" id="user_to_add" onkeyup="xajax_search_users(this.value,'single')" />
<div id="ajax_list_users_single"></div>
@ -313,9 +314,7 @@ if(!empty($errorMsg)) {
</form>
<script type="text/javascript">
<!--
function moveItem(origin , destination){
function moveItem(origin , destination) {
for(var i = 0 ; i<origin.options.length ; i++) {
if(origin.options[i].selected) {
destination.options[destination.length] = new Option(origin.options[i].text,origin.options[i].value);
@ -325,11 +324,9 @@ function moveItem(origin , destination){
}
destination.selectedIndex = -1;
sortOptions(destination.options);
}
function sortOptions(options) {
newOptions = new Array();
for (i = 0 ; i<options.length ; i++)
newOptions[i] = options[i];
@ -338,7 +335,6 @@ function sortOptions(options) {
options.length = 0;
for(i = 0 ; i < newOptions.length ; i++)
options[i] = newOptions[i];
}
function mysort(a, b){
@ -358,10 +354,8 @@ function valide(){
document.forms.formulaire.submit();
}
function loadUsersInSelect(select){
function loadUsersInSelect(select) {
var xhr_object = null;
if(window.XMLHttpRequest) // Firefox
xhr_object = new XMLHttpRequest();
else if(window.ActiveXObject) // Internet Explorer
@ -370,10 +364,7 @@ function loadUsersInSelect(select){
alert("Votre navigateur ne supporte pas les objets XMLHTTPRequest...");
xhr_object.open("POST", "loadUsersInSelect.ajax.php");
xhr_object.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
nosessionUsers = makepost(document.getElementById('elements_not_in'));
sessionUsers = makepost(document.getElementById('elements_in'));
nosessionClasses = makepost(document.getElementById('origin_classes'));

46
main/admin/add_users_to_session.php
Unescape View File

@ -1,5 +1,6 @@
<?php
/* For licensing terms, see /license.txt */
/**
* @package chamilo.admin
*/
@ -82,12 +83,9 @@ function search_users($needle, $type)
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$needle = Database::escape_string($needle);
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
$showOfficialCode = false;
global $_configuration;
if (isset($_configuration['order_user_list_by_official_code']) &&
@ -117,7 +115,6 @@ function search_users($needle, $type)
$cond_user_id = ' AND user.user_id NOT IN('.implode(",",$user_ids).')';
}
}
switch ($type) {
case 'single':
// search users where username or firstname or lastname begins likes $needle
@ -128,14 +125,19 @@ function search_users($needle, $type)
username LIKE "'.$needle.'%" OR
firstname LIKE "'.$needle.'%" OR
lastname LIKE "'.$needle.'%"
) AND user.status<>6 AND user.status<>'.DRH.''.
) AND
user.status <> 6 AND
user.status <> '.DRH.''.
$order_clause.'
LIMIT 11';
break;
case 'multiple':
$sql = 'SELECT user.user_id, username, lastname, firstname, official_code
FROM '.$tbl_user.' user
WHERE '.(api_sort_by_first_name() ? 'firstname' : 'lastname').' LIKE "'.$needle.'%" AND user.status<>'.DRH.' AND user.status<>6 '.$cond_user_id.
WHERE
'.(api_sort_by_first_name() ? 'firstname' : 'lastname').' LIKE "'.$needle.'%" AND
user.status <> '.DRH.' AND
user.status <> 6 '.$cond_user_id.
$order_clause;
break;
case 'any_session':
@ -154,7 +156,7 @@ function search_users($needle, $type)
$tbl_user_rel_access_url= Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) {
switch($type) {
switch ($type) {
case 'single':
$sql = 'SELECT user.user_id, username, lastname, firstname, official_code
FROM '.$tbl_user.' user
@ -165,7 +167,8 @@ function search_users($needle, $type)
username LIKE "'.$needle.'%" OR
firstname LIKE "'.$needle.'%" OR
lastname LIKE "'.$needle.'%"
) AND user.status<>6 AND user.status<>'.DRH.' '.
) AND user.status<>6 AND
user.status<>'.DRH.' '.
$order_clause.
' LIMIT 11';
break;
@ -195,7 +198,7 @@ function search_users($needle, $type)
}
}
}
//echo Database::fixQuery($sql);
$rs = Database::query($sql);
$i = 0;
if ($type=='single') {
@ -219,19 +222,18 @@ function search_users($needle, $type)
global $nosessionUsersList;
$return .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($user = Database :: fetch_array($rs)) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].') '.$user['official_code'];
if ($showOfficialCode) {
$officialCode = !empty($user['official_code']) ? $user['official_code'].' - ' : '? - ';
$person_name = $officialCode.api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].')';
}
$return .= '<option value="'.$user['user_id'].'">'.$person_name.' </option>';
}
$return .= '</select>';
$xajax_response -> addAssign('ajax_list_users_multiple','innerHTML',api_utf8_encode($return));
}
}
return $xajax_response;
}
@ -284,11 +286,11 @@ function change_select(val) {
}
</script>';
$form_sent=0;
$errorMsg=$firstLetterUser=$firstLetterSession='';
$UserList=$SessionList=array();
$sessions=array();
$noPHP_SELF=true;
$form_sent = 0;
$errorMsg = $firstLetterUser = $firstLetterSession = '';
$UserList = $SessionList = array();
$sessions = array();
$noPHP_SELF = true;
if (isset($_POST['form_sent']) && $_POST['form_sent']) {
$form_sent = $_POST['form_sent'];
@ -330,7 +332,8 @@ if ($ajax_search) {
$sql = "SELECT user_id, lastname, firstname, username, id_session, official_code
FROM $tbl_user u
INNER JOIN $tbl_session_rel_user
ON $tbl_session_rel_user.id_user = u.user_id AND $tbl_session_rel_user.relation_type<>".SESSION_RELATION_TYPE_RRHH."
ON $tbl_session_rel_user.id_user = u.user_id AND
$tbl_session_rel_user.relation_type<>".SESSION_RELATION_TYPE_RRHH."
AND $tbl_session_rel_user.id_session = ".intval($id_session)."
WHERE u.status<>".DRH." AND u.status<>6
$order_clause";
@ -342,7 +345,8 @@ if ($ajax_search) {
$sql="SELECT u.user_id, lastname, firstname, username, id_session, official_code
FROM $tbl_user u
INNER JOIN $tbl_session_rel_user
ON $tbl_session_rel_user.id_user = u.user_id AND $tbl_session_rel_user.relation_type<>".SESSION_RELATION_TYPE_RRHH."
ON $tbl_session_rel_user.id_user = u.user_id AND
$tbl_session_rel_user.relation_type<>".SESSION_RELATION_TYPE_RRHH."
AND $tbl_session_rel_user.id_session = ".intval($id_session)."
INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id=u.user_id)
WHERE access_url_id = $access_url_id AND u.status<>".DRH." AND u.status<>6
@ -438,8 +442,8 @@ if ($ajax_search) {
}
}
$result = Database::query($sql);
$users = Database::store_result($result,'ASSOC');
$result = Database::query($sql);
$users = Database::store_result($result,'ASSOC');
foreach ($users as $uid => $user) {
if ($user['id_session'] != $id_session) {
$nosessionUsersList[$user['user_id']] = array(

96
main/admin/course_list.php
Unescape View File

@ -23,36 +23,56 @@ $sessionId = isset($_GET['session_id']) ? $_GET['session_id'] : null;
/**
* Get the number of courses which will be displayed
*/
function get_number_of_courses() {
function get_number_of_courses()
{
$course_table = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT COUNT(code) AS total_number_of_items FROM $course_table";
if ((api_is_platform_admin() || api_is_session_admin()) && api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1) {
if ((api_is_platform_admin() || api_is_session_admin()) &&
api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1
) {
$access_url_rel_course_table = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql.= " INNER JOIN $access_url_rel_course_table url_rel_course ON (code=url_rel_course.course_code)";
}
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string($_GET['keyword']);
$sql .= " WHERE (title LIKE '%".$keyword."%' OR code LIKE '%".$keyword."%' OR visual_code LIKE '%".$keyword."%')";
} elseif (isset ($_GET['keyword_code'])) {
$keyword_code = Database::escape_string($_GET['keyword_code']);
$keyword_title = Database::escape_string($_GET['keyword_title']);
$keyword_category = Database::escape_string($_GET['keyword_category']);
$keyword_language = Database::escape_string($_GET['keyword_language']);
$keyword_visibility = Database::escape_string($_GET['keyword_visibility']);
$keyword = Database::escape_string("%".$_GET['keyword']."%");
$sql .= " WHERE (
title LIKE '".$keyword."' OR
code LIKE '".$keyword."' OR
visual_code LIKE '".$keyword."'
)
";
} elseif (isset($_GET['keyword_code'])) {
$keyword_code = Database::escape_string("%".$_GET['keyword_code']."%");
$keyword_title = Database::escape_string("%".$_GET['keyword_title']."%");
$keyword_category = Database::escape_string("%".$_GET['keyword_category']."%");
$keyword_language = Database::escape_string("%".$_GET['keyword_language']."%");
$keyword_visibility = Database::escape_string("%".$_GET['keyword_visibility']."%");
$keyword_subscribe = Database::escape_string($_GET['keyword_subscribe']);
$keyword_unsubscribe = Database::escape_string($_GET['keyword_unsubscribe']);
$sql .= " WHERE (code LIKE '%".$keyword_code."%' OR visual_code LIKE '%".$keyword_code."%') AND title LIKE '%".$keyword_title."%' AND category_code LIKE '%".$keyword_category."%' AND course_language LIKE '%".$keyword_language."%' AND visibility LIKE '%".$keyword_visibility."%' AND subscribe LIKE '".$keyword_subscribe."'AND unsubscribe LIKE '".$keyword_unsubscribe."'";
$sql .= " WHERE
(code LIKE '".$keyword_code."' OR visual_code LIKE '".$keyword_code."') AND
title LIKE '".$keyword_title."' AND
category_code LIKE '".$keyword_category."' AND
course_language LIKE '".$keyword_language."' AND
visibility LIKE '".$keyword_visibility."' AND
subscribe LIKE '".$keyword_subscribe."' AND
unsubscribe LIKE '".$keyword_unsubscribe."'
";
}
// adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1) {
if ((api_is_platform_admin() || api_is_session_admin()) &&
api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1
) {
$sql.= " AND url_rel_course.access_url_id=".api_get_current_access_url_id();
}
$res = Database::query($sql);
$obj = Database::fetch_object($res);
return $obj->total_number_of_items;
}
@ -62,9 +82,11 @@ function get_number_of_courses() {
* @param int $number_of_items
* @param int $column
* @param string $direction
*
* @return array
*/
function get_course_data($from, $number_of_items, $column, $direction) {
function get_course_data($from, $number_of_items, $column, $direction)
{
$course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT code AS col0,
@ -80,35 +102,52 @@ function get_course_data($from, $number_of_items, $column, $direction) {
visual_code
FROM $course_table";
if ((api_is_platform_admin() || api_is_session_admin()) && api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1) {
if ((api_is_platform_admin() || api_is_session_admin()) &&
api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1
) {
$access_url_rel_course_table = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql.= " INNER JOIN $access_url_rel_course_table url_rel_course ON (code=url_rel_course.course_code)";
}
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " WHERE (title LIKE '%".$keyword."%' OR code LIKE '%".$keyword."%' OR visual_code LIKE '%".$keyword."%' ) ";
} elseif (isset ($_GET['keyword_code'])) {
$keyword_code = Database::escape_string($_GET['keyword_code']);
$keyword_title = Database::escape_string($_GET['keyword_title']);
$keyword_category = Database::escape_string($_GET['keyword_category']);
$keyword_language = Database::escape_string($_GET['keyword_language']);
$keyword_visibility = Database::escape_string($_GET['keyword_visibility']);
$keyword_subscribe = Database::escape_string($_GET['keyword_subscribe']);
$keyword_unsubscribe = Database::escape_string($_GET['keyword_unsubscribe']);
$sql .= " WHERE (code LIKE '%".$keyword_code."%' OR visual_code LIKE '%".$keyword_code."%') AND title LIKE '%".$keyword_title."%' AND category_code LIKE '%".$keyword_category."%' AND course_language LIKE '%".$keyword_language."%' AND visibility LIKE '%".$keyword_visibility."%' AND subscribe LIKE '".$keyword_subscribe."'AND unsubscribe LIKE '".$keyword_unsubscribe."'";
$keyword = Database::escape_string("%".trim($_GET['keyword'])."%");
$sql .= " WHERE (
title LIKE '".$keyword."' OR
code LIKE '".$keyword."' OR
visual_code LIKE '".$keyword."'
)
";
} elseif (isset($_GET['keyword_code'])) {
$keyword_code = Database::escape_string("%".$_GET['keyword_code']."%");
$keyword_title = Database::escape_string("%".$_GET['keyword_title']."%");
$keyword_category = Database::escape_string("%".$_GET['keyword_category']."%");
$keyword_language = Database::escape_string("%".$_GET['keyword_language']."%");
$keyword_visibility = Database::escape_string("%".$_GET['keyword_visibility']."%");
$keyword_subscribe = Database::escape_string($_GET['keyword_subscribe']);
$keyword_unsubscribe = Database::escape_string($_GET['keyword_unsubscribe']);
$sql .= " WHERE
(code LIKE '".$keyword_code."' OR visual_code LIKE '".$keyword_code."') AND
title LIKE '".$keyword_title."' AND
category_code LIKE '".$keyword_category."' AND
course_language LIKE '".$keyword_language."' AND
visibility LIKE '".$keyword_visibility."' AND
subscribe LIKE '".$keyword_subscribe."' AND
unsubscribe LIKE '".$keyword_unsubscribe."'";
}
// Adding the filter to see the user's only of the current access_url.
if ((api_is_platform_admin() || api_is_session_admin()) && api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1) {
if ((api_is_platform_admin() || api_is_session_admin()) &&
api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1
) {
$sql.= " AND url_rel_course.access_url_id=".api_get_current_access_url_id();
}
$sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items";
$sql .= " LIMIT $from, $number_of_items";
$res = Database::query($sql);
$courses = array ();
$courses = array();
while ($course = Database::fetch_array($res)) {
// Place colour icons in front of courses.
$show_visual_code = $course['visual_code'] != $course[2] ? Display::label($course['visual_code'], 'info') : null;
@ -118,6 +157,7 @@ function get_course_data($from, $number_of_items, $column, $direction) {
$course_rem = array($course[0], $course[1], $course[2], $course[3], $course[4], $course[5], $course[6], $course[7]);
$courses[] = $course_rem;
}
return $courses;
}

5
main/admin/course_request_accepted.php
Unescape View File

@ -92,8 +92,9 @@ function get_number_of_requests() {
/**
* Get course data to display
*/
function get_request_data($from, $number_of_items, $column, $direction) {
$keyword = Database::escape_string(trim($_GET['keyword']));
function get_request_data($from, $number_of_items, $column, $direction)
{
$keyword = isset($_GET['keyword']) ? Database::escape_string(trim($_GET['keyword'])) : null;
$course_request_table = Database :: get_main_table(TABLE_MAIN_COURSE_REQUEST);
$sql = "SELECT id AS col0,

14
main/admin/dashboard_add_courses_to_user.php
Unescape View File

@ -59,16 +59,17 @@ if (!api_is_platform_admin()) {
api_not_allowed(true);
}
function search_courses($needle,$type)
function search_courses($needle, $type)
{
global $_configuration, $tbl_course, $tbl_course_rel_user, $tbl_course_rel_access_url,$user_id;
global $_configuration, $tbl_course, $tbl_course_rel_access_url,$user_id;
$xajax_response = new XajaxResponse();
$return = '';
if(!empty($needle) && !empty($type)) {
if (!empty($needle) && !empty($type)) {
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$needle = Database::escape_string($needle);
$assigned_courses_to_hrm = CourseManager::get_courses_followed_by_drh($user_id);
$assigned_courses_code = array_keys($assigned_courses_to_hrm);
@ -190,9 +191,10 @@ if (count($assigned_courses_code) > 0) {
}
$needle = '%';
$firstLetter = null;
if (isset($_POST['firstLetterCourse'])) {
$needle = Database::escape_string($_POST['firstLetterCourse']);
$needle = "$needle%";
$firstLetter = $_POST['firstLetterCourse'];
$needle = Database::escape_string($firstLetter.'%');
}
if (api_is_multiple_url_enabled()) {
@ -249,7 +251,7 @@ if(!empty($msg)) {
<select name="firstLetterCourse" onchange = "xajax_search_courses(this.value,'multiple')">
<option value="%">--</option>
<?php
echo Display :: get_alphabet_options($_POST['firstLetterCourse']);
echo Display :: get_alphabet_options($firstLetter);
?>
</select>
</td>

12
main/admin/dashboard_add_sessions_to_user.php
Unescape View File

@ -59,7 +59,7 @@ if (!api_is_platform_admin() && !api_is_session_admin()) {
api_not_allowed(true);
}
function search_sessions($needle,$type)
function search_sessions($needle, $type)
{
global $_configuration, $tbl_session_rel_access_url, $tbl_session, $user_id;
@ -69,6 +69,7 @@ function search_sessions($needle,$type)
// xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_system_encoding();
$needle = api_convert_encoding($needle, $charset, 'utf-8');
$needle = Database::escape_string($needle);
$assigned_sessions_to_hrm = SessionManager::get_sessions_followed_by_drh($user_id);
$assigned_sessions_id = array_keys($assigned_sessions_to_hrm);
@ -93,6 +94,7 @@ function search_sessions($needle,$type)
$return .= '</select>';
$xajax_response->addAssign('ajax_list_sessions_multiple','innerHTML',api_utf8_encode($return));
}
return $xajax_response;
}
@ -192,8 +194,7 @@ if (count($assigned_sessions_id) > 0) {
$needle = '%';
if (!empty($firstLetterSession)) {
$needle = Database::escape_string($firstLetterSession);
$needle = "$needle%";
$needle = Database::escape_string($firstLetterSession.'%');
}
if (api_is_multiple_url_enabled()) {
@ -222,7 +223,8 @@ $result = Database::query($sql);
<tr>
<td width="45%" align="center"><b><?php echo get_lang('SessionsListInPlatform') ?> :</b></td>
<td width="10%">&nbsp;</td>
<td align="center" width="45%"><b>
<td align="center" width="45%">
<b>
<?php
if (UserManager::is_admin($user_id)) {
echo get_lang('AssignedSessionsListToPlatformAdministrator');
@ -235,7 +237,7 @@ $result = Database::query($sql);
: </b></td>
</tr>
<?php if($add_type == 'multiple') { ?>
<?php if ($add_type == 'multiple') { ?>
<tr><td width="45%" align="center">
<?php echo get_lang('FirstLetterSession');?> :
<select name="firstLetterSession" onchange = "xajax_search_sessions(this.value, 'multiple')">

74
main/admin/export_certificates.php
Unescape View File

@ -0,0 +1,74 @@
<?php
/* For licensing terms, see /license.txt */
/**
* @package chamilo.admin
*/
// Language files that need to be included.
$language_file = array('admin');
$cidReset = true;
require_once '../inc/global.inc.php';
require_once api_get_path(SYS_CODE_PATH).'gradebook/lib/be.inc.php';
require_once api_get_path(SYS_CODE_PATH).'gradebook/lib/gradebook_functions.inc.php';
Display::display_header(null);
$form = new FormValidator('export_certificate');
$courses = CourseManager::get_courses_list(0, 0, 'title');
$options = array();
foreach ($courses as $course) {
$options[$course['id']] = $course['title'];
}
$form->addElement('select', 'course', get_lang('Course'), $options);
$form->addElement('file', 'file', get_lang('File'));
$form->add_button('submit', get_lang('Submit'));
$form->display();
if ($form->validate()) {
$values = $form->getSubmitValues();
if (isset($_FILES['file']['tmp_name']) &&
!empty($_FILES['file']['tmp_name'])
) {
$users = Import::csv_reader($_FILES['file']['tmp_name']);
$courseId = $values['course'];
$courseInfo = api_get_course_info_by_id($courseId);
$courseCode = $courseInfo['code'];
$cats = Category:: load(
null,
null,
$courseCode,
null,
null,
0,
false
);
if (isset($cats[0])) {
/** @var Category $cat */
$userList = array();
foreach ($users as $user) {
$userInfo = api_get_user_info_from_official_code(
$user['official_code']
);
if (!empty($userInfo)) {
$userList[] = $userInfo;
}
}
Category::exportAllCertificates(
$cat->get_id(),
$userList
);
}
}
}
Display :: display_footer();

13
main/admin/session_course_edit.php
Unescape View File

@ -12,7 +12,7 @@ require_once '../inc/global.inc.php';
$id_session = intval($_GET['id_session']);
SessionManager::protect_session_edit($id_session);
$course_code = Database::escape_string($_GET['course_code']);
$course_code = $_GET['course_code'];
$formSent=0;
$errorMsg='';
@ -47,7 +47,7 @@ if (isset($_POST['formSent']) && $_POST['formSent']) {
// get all tutor by course_code in the session
$sql = "SELECT id_user FROM $tbl_session_rel_course_rel_user
WHERE id_session = '$id_session' AND course_code = '$course_code' AND status = 2";
WHERE id_session = '$id_session' AND course_code = '".Database::escape_string($course_code)."' AND status = 2";
$rs_coachs = Database::query($sql);
$coachs_course_session = array();
@ -70,7 +70,12 @@ if (isset($_POST['formSent']) && $_POST['formSent']) {
$array_intersect = array_diff($coachs_course_session,$id_coachs);
foreach ($array_intersect as $nocoach_user_id) {
$rs2 = SessionManager::set_coach_to_course_session($nocoach_user_id, $id_session, $course_code,true);
$rs2 = SessionManager::set_coach_to_course_session(
$nocoach_user_id,
$id_session,
$course_code,
true
);
}
header('Location: '.Security::remove_XSS($_GET['page']).'?id_session='.$id_session);
@ -79,7 +84,7 @@ if (isset($_POST['formSent']) && $_POST['formSent']) {
}
} else {
$sql = "SELECT id_user FROM $tbl_session_rel_course_rel_user
WHERE id_session = '$id_session' AND course_code = '$course_code' AND status = 2 ";
WHERE id_session = '$id_session' AND course_code = '".Database::escape_string($course_code)."' AND status = 2 ";
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {

128
main/admin/user_list.php
Unescape View File

@ -95,11 +95,11 @@ function active_user(element_div) {
}
}
function clear_course_list (div_course) {
function clear_course_list(div_course) {
$("div#"+div_course).html("&nbsp;");
$("div#"+div_course).hide("");
}
function clear_session_list (div_session) {
function clear_session_list(div_session) {
$("div#"+div_session).html("&nbsp;");
$("div#"+div_session).hide("");
}
@ -115,7 +115,6 @@ function display_advanced_search_form () {
}
$(document).ready(function() {
var select_val = $("#input_select_extra_data").val();
if ( document.getElementById(\'extra_data_text\')) {
@ -159,7 +158,6 @@ $this_section = SECTION_PLATFORM_ADMIN;
if ($action == 'login_as') {
$check = Security::check_token('get');
if (isset($_GET['user_id']) && api_can_login_as($_GET['user_id']) && $check) {
login_user($_GET['user_id']);
} else {
@ -174,7 +172,7 @@ api_protect_admin_script(true);
* Prepares the shared SQL query for the user table.
* See get_user_data() and get_number_of_users().
*
* @param boolean Whether to count, or get data
* @param boolean $is_count Whether to count, or get data
* @return string SQL query
*/
function prepare_user_sql_query($is_count) {
@ -187,16 +185,21 @@ function prepare_user_sql_query($is_count) {
} else {
$sql .= "SELECT u.user_id AS col0, u.official_code AS col2, ";
if (api_is_western_name_order())
if (api_is_western_name_order()) {
$sql .= "u.firstname AS col3, u.lastname AS col4, ";
else
} else {
$sql .= "u.lastname AS col3, u.firstname AS col4, ";
}
$sql .= "u.username AS col5, u.email AS col6, ".
"u.status AS col7, u.active AS col8, ".
"u.user_id AS col9, u.registration_date AS col10, ".
"u.expiration_date AS exp, u.password ".
"FROM $user_table u";
$sql .= " u.username AS col5,
u.email AS col6,
u.status AS col7,
u.active AS col8,
u.user_id AS col9,
u.registration_date AS col10,
u.expiration_date AS exp,
u.password
FROM $user_table u";
}
// adding the filter to see the user's only of the current access_url
@ -205,18 +208,29 @@ function prepare_user_sql_query($is_count) {
$sql.= " INNER JOIN $access_url_rel_user_table url_rel_user ON (u.user_id=url_rel_user.user_id)";
}
foreach ($_GET as $key => $value) {
/* Because this query uses LIKE very liberally we need to escape
* LIKE wildcards, concretely "_" and "%". This is only relevant
* for *LIKE* statements.
*
* See: http://stackoverflow.com/a/3683868 */
// Remove buggy whitespaces and escape for both SQL and LIKE.
if ($key == "keyword_status")
$$key = Database::escape_string(trim($value));
else
$$key = Database::escape_sql_wildcards(Database::escape_string(trim($value)));
$keywordList = array(
'keyword_firstname',
'keyword_lastname',
'keyword_username',
'keyword_email',
'keyword_officialcode',
'keyword_status',
'keyword_active',
'check_easy_passwords'
);
$keywordListValues = array();
$atLeastOne = false;
foreach ($keywordList as $keyword) {
$keywordListValues[$keyword] = null;
if (isset($_GET[$keyword]) && !empty($_GET[$keyword])) {
$keywordListValues[$keyword] = $_GET[$keyword];
$atLeastOne = true;
}
}
if ($atLeastOne == false) {
$keywordListValues = array();
}
if (isset($keyword_extra_data) && !empty($keyword_extra_data)) {
@ -225,40 +239,47 @@ function prepare_user_sql_query($is_count) {
$sql.= " INNER JOIN user_field_values ufv ON u.user_id=ufv.user_id AND ufv.field_id=$field_id ";
}
if (isset($keyword)) {
$sql .= " WHERE (".
"u.firstname LIKE '%". $keyword ."%' ".
"OR u.lastname LIKE '%". $keyword ."%' ".
"OR concat(u.firstname,' ',u.lastname) LIKE '%". $keyword ."%' ".
"OR concat(u.lastname,' ',u.firstname) LIKE '%". $keyword ."%' ".
"OR u.username LIKE '%". $keyword ."%' ".
"OR u.official_code LIKE '%". $keyword ."%' ".
"OR u.email LIKE '%". $keyword ."%')";
} elseif (isset($keyword_firstname)) {
if (isset($_GET['keyword']) && !empty($_GET['keyword'])) {
$keywordFiltered = Database::escape_string("%". $_GET['keyword'] ."%");
$sql .= " WHERE (
u.firstname LIKE '$keywordFiltered' OR
u.lastname LIKE '$keywordFiltered' OR
concat(u.firstname, ' ', u.lastname) LIKE '$keywordFiltered' OR
concat(u.lastname,' ',u.firstname) LIKE '$keywordFiltered' OR
u.username LIKE '$keywordFiltered' OR
u.official_code LIKE '$keywordFiltered' OR
u.email LIKE '$keywordFiltered'
)
";
} elseif (isset($keywordListValues) && !empty($keywordListValues)) {
$query_admin_table = '';
$keyword_admin = '';
if ($keyword_status == SESSIONADMIN) {
$keyword_status = '%';
if (isset($keywordListValues['keyword_status']) &&
$keywordListValues['keyword_status'] == PLATFORM_ADMIN
) {
$query_admin_table = " , $admin_table a ";
$keyword_admin = ' AND a.user_id = u.user_id ';
$keywordListValues['keyword_status'] = '%';
}
$keyword_extra_value = '';
if (isset($keyword_extra_data) && !empty($keyword_extra_data) &&
!empty($keyword_extra_data_text)) {
$keyword_extra_value = " AND ufv.field_value LIKE '%".trim($keyword_extra_data_text)."%' ";
}
$sql .= " $query_admin_table ".
"WHERE (u.firstname LIKE '%". $keyword_firstname ."%' ".
"AND u.lastname LIKE '%". $keyword_lastname ."%' ".
"AND u.username LIKE '%". $keyword_username ."%' ".
"AND u.email LIKE '%". $keyword_email ."%' ".
"AND u.official_code LIKE '%". $keyword_officialcode ."%' ".
"AND u.status LIKE '$keyword_status' ".
"$keyword_admin $keyword_extra_value";
$sql .= " $query_admin_table
WHERE (
u.firstname LIKE '". Database::escape_string("%".$keywordListValues['keyword_firstname']."%")."' AND
u.lastname LIKE '". Database::escape_string("%".$keywordListValues['keyword_lastname']."%")."' AND
u.username LIKE '". Database::escape_string("%".$keywordListValues['keyword_username']."%")."' AND
u.email LIKE '". Database::escape_string("%".$keywordListValues['keyword_email']."%")."' AND
u.official_code LIKE '". Database::escape_string("%".$keywordListValues['keyword_officialcode']."%")."' AND
u.status LIKE '".Database::escape_string($keywordListValues['keyword_status'])."'
$keyword_admin
$keyword_extra_value
";
if (isset($keyword_active) && !isset($keyword_inactive)) {
$sql .= " AND u.active='1'";
@ -270,7 +291,8 @@ function prepare_user_sql_query($is_count) {
// adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin())
&& api_get_multiple_access_url()) {
&& api_get_multiple_access_url()
) {
$sql .= " AND url_rel_user.access_url_id=".api_get_current_access_url_id();
}
@ -388,7 +410,7 @@ function login_user($user_id) {
* @see SortableTable#get_total_number_of_items()
*/
function get_number_of_users() {
$sql = prepare_user_sql_query (true);
$sql = prepare_user_sql_query(true);
$res = Database::query($sql);
$obj = Database::fetch_object($res);
@ -404,7 +426,7 @@ function get_number_of_users() {
* @see SortableTable#get_table_data($from)
*/
function get_user_data($from, $number_of_items, $column, $direction) {
$sql = prepare_user_sql_query (false);
$sql = prepare_user_sql_query(false);
$checkPassStrength = isset($_GET['check_easy_passwords']) && $_GET['check_easy_passwords'] == 1 ? true : false;
@ -732,7 +754,8 @@ $form->addElement(
$actions = '';
if (api_is_platform_admin()) {
$actions .= '<span style="float:right;">'.
'<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_add.php">'.Display::return_icon('new_user.png',get_lang('AddUsers'),'',ICON_SIZE_MEDIUM).'</a>'.
'<a href="'.api_get_path(WEB_CODE_PATH).'admin/user_add.php">'.
Display::return_icon('new_user.png',get_lang('AddUsers'),'',ICON_SIZE_MEDIUM).'</a>'.
'</span>';
}
$actions .= $form->return_form();
@ -790,8 +813,10 @@ $status_options['%'] = get_lang('All');
$status_options[STUDENT] = get_lang('Student');
$status_options[COURSEMANAGER] = get_lang('Teacher');
$status_options[DRH] = get_lang('Drh');
$status_options[SESSIONADMIN] = get_lang('Administrator');
$form->addElement('select','keyword_status',get_lang('Profile'),$status_options, array('style'=>'margin-left:17px'));
$status_options[SESSIONADMIN] = get_lang('SessionsAdmin');
$status_options[PLATFORM_ADMIN] = get_lang('Administrator');
$form->addElement('select','keyword_status',get_lang('Profile'), $status_options, array('style'=>'margin-left:17px'));
$form->addElement('html', '</td></tr>');
$form->addElement('html', '<tr><td>');
$active_group = array();
@ -881,7 +906,6 @@ if ($table->get_total_number_of_items() == 0) {
if (api_get_multiple_access_url() && isset($_REQUEST['keyword'])) {
$keyword = Database::escape_string($_REQUEST['keyword']);
//$conditions = array('firstname' => $keyword, 'lastname' => $keyword, 'username' => $keyword);
$conditions = array('username' => $keyword);
$user_list = UserManager::get_user_list($conditions, array(), false, ' OR ');
if (!empty($user_list)) {

38
main/attendance/attendance_controller.php
Unescape View File

@ -536,10 +536,46 @@ class AttendanceController
'pdf_teachers' => $teacherName,
'pdf_course_category' => $courseCategory['name'],
'format' => 'A4-L',
'orientation' => 'L'
'orientation' => 'L'
);
Export::export_html_to_pdf($content, $params);
exit;
}
/**
* Gets attendace base in the table:
* TABLE_STATISTIC_TRACK_E_COURSE_ACCESS
* @throws ViewException
*/
public function calendarLogins()
{
$form = new FormValidator(
'search',
'post',
api_get_self().'?'.api_get_cidreq().'&action=calendar_logins'
);
$form->addDateRangePicker('range', get_lang('Range'));
$form->add_button('submit', get_lang('submit'));
$table = null;
if ($form->validate()) {
$values = $form->getSubmitValues();
$startDate = api_get_utc_datetime($values['range_start']);
$endDate = api_get_utc_datetime($values['range_end']);
$attendance = new Attendance();
$table = $attendance->getAttendanceLogins($startDate, $endDate);
}
$data = array(
'form' => $form->return_form(),
'table' => $table
);
$this->view->set_data($data);
$this->view->set_layout('layout');
$this->view->set_template('calendar_logins');
$this->view->render();
}
}

7
main/attendance/attendance_list.php
Unescape View File

@ -16,7 +16,12 @@ if (api_is_allowed_to_edit(null, true)) {
$param_gradebook = '&gradebook='.Security::remove_XSS($_SESSION['gradebook']);
}
echo '<div class="actions">';
echo '<a href="index.php?'.api_get_cidreq().$param_gradebook.'&action=attendance_add">'.Display::return_icon('new_attendance_list.png',get_lang('CreateANewAttendance'),'',ICON_SIZE_MEDIUM).'</a>';
echo '<a href="index.php?'.api_get_cidreq().$param_gradebook.'&action=attendance_add">'.
Display::return_icon('new_attendance_list.png',get_lang('CreateANewAttendance'),'',ICON_SIZE_MEDIUM).'</a>';
echo '<a href="index.php?'.api_get_cidreq().$param_gradebook.'&action=calendar_logins">'.
Display::return_icon('attendance_list.png',get_lang('Logins'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';
}
$attendance = new Attendance();

11
main/attendance/calendar_logins.php
Unescape View File

@ -0,0 +1,11 @@
<?php
/* For licensing terms, see /license.txt */
// See AttendanceController::calendarLogins function
echo '<div class="actions">';
echo '<a href="index.php?'.api_get_cidreq().'&action=calendar_list='.$param_gradebook.'">'.
Display::return_icon('back.png',get_lang('AttendanceCalendar'),'',ICON_SIZE_MEDIUM).'</a>';
echo '</div>';
echo $form;
echo $table;

8
main/attendance/index.php
Unescape View File

@ -48,7 +48,8 @@ $actions = array(
'attendance_delete_select',
'attendance_restore',
'attendance_sheet_export_to_pdf',
'attendance_sheet_list_no_edit'
'attendance_sheet_list_no_edit',
'calendar_logins'
);
$actions_calendar = array(
@ -303,6 +304,11 @@ switch ($action) {
case 'calendar_list' :
$attendance_controller->attendance_calendar($action, $attendance_id, $calendar_id);
break;
case 'calendar_logins':
if (api_is_allowed_to_edit(null, true)) {
$attendance_controller->calendarLogins();
}
break;
default :
$attendance_controller->attendance_list();
}

19
main/coursecopy/classes/CourseArchiver.class.php
Unescape View File

@ -1,5 +1,4 @@
<?php
/* For licensing terms, see /license.txt */
require_once 'Course.class.php';
@ -22,7 +21,10 @@ class CourseArchiver
$dir = api_get_path(SYS_ARCHIVE_PATH);
if ($handle = @ opendir($dir)) {
while (($file = readdir($handle)) !== false) {
if ($file != "." && $file != ".." && strpos($file, 'CourseArchiver_') === 0 && is_dir($dir . '/' . $file)) {
if ($file != "." && $file != ".." &&
strpos($file, 'CourseArchiver_') === 0 &&
is_dir($dir . '/' . $file)
) {
rmdirr($dir . '/' . $file);
}
}
@ -152,15 +154,20 @@ class CourseArchiver
$course_code = $file_parts[1];
$file_parts = explode('.', $file_parts[2]);
$date = $file_parts[0];
$ext = $file_parts[1];
$ext = isset($file_parts[1]) ? $file_parts[1] : null;
if ($ext == 'zip' && ($user_id != null && $owner_id == $user_id || $user_id == null)) {
$date = substr($date, 0, 4) . '-' . substr($date, 4, 2) . '-' . substr($date, 6, 2) . ' ' . substr($date, 9, 2) . ':' . substr($date, 11, 2) . ':' . substr($date, 13, 2);
$backup_files[] = array('file' => $file, 'date' => $date, 'course_code' => $course_code);
$backup_files[] = array(
'file' => $file,
'date' => $date,
'course_code' => $course_code
);
}
}
}
closedir($dir);
}
return $backup_files;
}
@ -174,8 +181,10 @@ class CourseArchiver
$new_dir = api_get_path(SYS_ARCHIVE_PATH);
if (is_dir($new_dir) && is_writable($new_dir)) {
move_uploaded_file($file, api_get_path(SYS_ARCHIVE_PATH).$new_filename);
return $new_filename;
}
return false;
}
@ -218,7 +227,7 @@ class CourseArchiver
return new Course();
}
$course->backup_path = $unzip_dir;
return $course;
}
}

172
main/coursecopy/classes/CourseBuilder.class.php
Unescape View File

@ -29,13 +29,14 @@ require_once 'Work.class.php';
require_once api_get_path(SYS_CODE_PATH).'exercice/question.class.php';
/**
* Class which can build a course-object from a Chamilo-course.
* Class CourseBuilder
* Builds a course-object from a Chamilo-course.
* @author Bart Mollet <bart.mollet@hogent.be>
* @package chamilo.backup
*/
class CourseBuilder
{
/** Course */
/** @var Course */
public $course;
/* With this array you can filter the tools you want to be parsed by
@ -67,8 +68,10 @@ class CourseBuilder
/**
* Create a new CourseBuilder
* @param string $type
* @param null $course
*/
public function __construct($type='', $course = null)
public function __construct($type='', $course = null)
{
$_course = api_get_course_info();
@ -87,7 +90,6 @@ class CourseBuilder
}
/**
*
* @param array $array
*/
public function set_tools_to_build($array)
@ -121,7 +123,7 @@ class CourseBuilder
* @param bool true if you want to get the elements that exists in the course and
* in the session, (session_id = 0 or session_id = X)
*/
public function build($session_id = 0, $course_code = '', $with_base_content = false)
public function build($session_id = 0, $course_code = '', $with_base_content = false)
{
$table_link = Database :: get_course_table(TABLE_LINKED_RESOURCES);
$table_properties = Database :: get_course_table(TABLE_ITEM_PROPERTY);
@ -467,7 +469,7 @@ class CourseBuilder
//select only quizzes with active = 0 or 1 (not -1 which is for deleted quizzes)
} else {
$sql = "SELECT * FROM $table_qui WHERE c_id = $course_id AND active >=0 AND session_id = 0";
//select only quizzes with active = 0 or 1 (not -1 which is for deleted quizzes)
//select only quizzes with active = 0 or 1 (not -1 which is for deleted quizzes)
}
$db_result = Database::query($sql);
@ -747,11 +749,11 @@ class CourseBuilder
$db_result = Database::query($sql);
while ($obj = Database::fetch_object($db_result)) {
$survey = new Survey($obj->survey_id, $obj->code,$obj->title,
$obj->subtitle, $obj->author, $obj->lang,
$obj->avail_from, $obj->avail_till, $obj->is_shared,
$obj->template, $obj->intro, $obj->surveythanks,
$obj->creation_date, $obj->invited, $obj->answered,
$obj->invite_mail, $obj->reminder_mail);
$obj->subtitle, $obj->author, $obj->lang,
$obj->avail_from, $obj->avail_till, $obj->is_shared,
$obj->template, $obj->intro, $obj->surveythanks,
$obj->creation_date, $obj->invited, $obj->answered,
$obj->invite_mail, $obj->reminder_mail);
$sql = 'SELECT * FROM '.$table_question.' WHERE c_id = '.$course_id.' AND survey_id = '.$obj->survey_id;
$db_result2 = Database::query($sql);
while ($obj2 = Database::fetch_object($db_result2)){
@ -925,75 +927,75 @@ class CourseBuilder
$db_result = Database::query($sql);
if ($db_result)
while ($obj = Database::fetch_object($db_result)) {
$items = array();
$sql_items = "SELECT * FROM ".$table_item." WHERE c_id = '$course_id' AND lp_id = ".$obj->id;
$db_items = Database::query($sql_items);
while ($obj_item = Database::fetch_object($db_items)) {
$item['id'] = $obj_item->id;
$item['item_type'] = $obj_item->item_type;
$item['ref'] = $obj_item->ref;
$item['title'] = $obj_item->title;
$item['description'] = $obj_item->description;
$item['path'] = $obj_item->path;
$item['min_score'] = $obj_item->min_score;
$item['max_score'] = $obj_item->max_score;
$item['mastery_score'] = $obj_item->mastery_score;
$item['parent_item_id'] = $obj_item->parent_item_id;
$item['previous_item_id'] = $obj_item->previous_item_id;
$item['next_item_id'] = $obj_item->next_item_id;
$item['display_order'] = $obj_item->display_order;
$item['prerequisite'] = $obj_item->prerequisite;
$item['parameters'] = $obj_item->parameters;
$item['launch_data'] = $obj_item->launch_data;
$item['audio'] = $obj_item->audio;
$items[] = $item;
}
while ($obj = Database::fetch_object($db_result)) {
$items = array();
$sql_items = "SELECT * FROM ".$table_item." WHERE c_id = '$course_id' AND lp_id = ".$obj->id;
$db_items = Database::query($sql_items);
while ($obj_item = Database::fetch_object($db_items)) {
$item['id'] = $obj_item->id;
$item['item_type'] = $obj_item->item_type;
$item['ref'] = $obj_item->ref;
$item['title'] = $obj_item->title;
$item['description'] = $obj_item->description;
$item['path'] = $obj_item->path;
$item['min_score'] = $obj_item->min_score;
$item['max_score'] = $obj_item->max_score;
$item['mastery_score'] = $obj_item->mastery_score;
$item['parent_item_id'] = $obj_item->parent_item_id;
$item['previous_item_id'] = $obj_item->previous_item_id;
$item['next_item_id'] = $obj_item->next_item_id;
$item['display_order'] = $obj_item->display_order;
$item['prerequisite'] = $obj_item->prerequisite;
$item['parameters'] = $obj_item->parameters;
$item['launch_data'] = $obj_item->launch_data;
$item['audio'] = $obj_item->audio;
$items[] = $item;
}
$sql_tool = "SELECT id FROM $table_tool
$sql_tool = "SELECT id FROM $table_tool
WHERE
c_id = $course_id AND
(link LIKE '%lp_controller.php%lp_id=".$obj->id."%' AND image='scormbuilder.gif') AND
visibility = '1' ";
$db_tool = Database::query($sql_tool);
$db_tool = Database::query($sql_tool);
if (Database::num_rows($db_tool)) {
$visibility = '1';
} else {
$visibility = '0';
}
if (Database::num_rows($db_tool)) {
$visibility = '1';
} else {
$visibility = '0';
}
$lp = new CourseCopyLearnpath(
$obj->id,
$obj->lp_type,
$obj->name,
$obj->path,
$obj->ref,
$obj->description,
$obj->content_local,
$obj->default_encoding,
$obj->default_view_mod,
$obj->prevent_reinit,
$obj->force_commit,
$obj->content_maker,
$obj->display_order,
$obj->js_lib,
$obj->content_license,
$obj->debug,
$visibility,
$obj->author,
$obj->preview_image,
$obj->use_max_score,
$obj->autolunch,
$obj->created_on,
$obj->modified_on,
$obj->publicated_on,
$obj->expired_on,
$obj->session_id,
$items
);
$this->course->add_resource($lp);
}
$lp = new CourseCopyLearnpath(
$obj->id,
$obj->lp_type,
$obj->name,
$obj->path,
$obj->ref,
$obj->description,
$obj->content_local,
$obj->default_encoding,
$obj->default_view_mod,
$obj->prevent_reinit,
$obj->force_commit,
$obj->content_maker,
$obj->display_order,
$obj->js_lib,
$obj->content_license,
$obj->debug,
$visibility,
$obj->author,
$obj->preview_image,
$obj->use_max_score,
$obj->autolunch,
$obj->created_on,
$obj->modified_on,
$obj->publicated_on,
$obj->expired_on,
$obj->session_id,
$items
);
$this->course->add_resource($lp);
}
// Save scorm directory (previously build_scorm_documents())
$i = 1;
@ -1092,7 +1094,7 @@ class CourseBuilder
$course_id = $course_info['real_id'];
if (!empty($session_id) && !empty($course_code)) {
$session_id = intval($session_id);
$session_id = intval($session_id);
if ($with_base_content) {
$session_condition = api_get_session_condition($session_id, true, true);
} else {
@ -1111,8 +1113,8 @@ class CourseBuilder
}
/**
* Build the Surveys
*/
* Build the Surveys
*/
public function build_thematic($session_id = 0, $course_code = '', $with_base_content = false, $id_list = array())
{
$table_thematic = Database :: get_course_table(TABLE_THEMATIC);
@ -1149,7 +1151,7 @@ class CourseBuilder
//$thematic_plan_complete_list[$item['ref']] = $item;
}
}
if (count($thematic_plan_id_list) > 0) {
if (count($thematic_plan_id_list) > 0) {
$sql = "SELECT tp.*
FROM $table_thematic_plan tp
INNER JOIN $table_thematic t ON (t.id=tp.thematic_id)
@ -1169,8 +1171,8 @@ class CourseBuilder
}
/**
* Build the attendances
*/
* Build the attendances
*/
public function build_attendance($session_id = 0, $course_code = '', $with_base_content = false, $id_list = array())
{
$table_attendance = Database :: get_course_table(TABLE_ATTENDANCE);
@ -1196,21 +1198,23 @@ class CourseBuilder
/**
* Build the works (or "student publications", or "assignments")
*
* @param int $session_id
* @param string $course_code
* @param bool $with_base_content
* @param array $id_list
*/
public function build_works($session_id = 0, $course_code = '', $with_base_content = false, $id_list = array())
{
$table_work = Database :: get_course_table(TABLE_STUDENT_PUBLICATION);
//$table_work_assignment = Database :: get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);
$course_id = api_get_course_int_id();
$sessionCondition = api_get_session_condition($session_id, true, $with_base_content);
$sql = "SELECT * FROM $table_work
WHERE
c_id = $course_id
c_id = $course_id
$sessionCondition AND
filetype = \'folder\' AND
filetype = 'folder' AND
parent_id = 0 AND
active = 1";
$db_result = Database::query($sql);

44
main/coursecopy/classes/CourseCopyLearnpath.class.php
Unescape View File

@ -1,11 +1,13 @@
<?php
/* For licensing terms, see /license.txt */
/**
* A learnpath
* Class CourseCopyLearnpath
* @author Bart Mollet <bart.mollet@hogent.be>
* @package chamilo.backup
*/
class CourseCopyLearnpath extends Resource {
class CourseCopyLearnpath extends Resource
{
/**
* Type of learnpath (can be dokeos (1), scorm (2), aicc (3))
*/
@ -106,9 +108,35 @@ class CourseCopyLearnpath extends Resource {
* @param string $visibility
* @param array $items
*/
function CourseCopyLearnpath($id,$type,$name, $path,$ref,$description,$content_local,$default_encoding,$default_view_mode,$prevent_reinit,$force_commit,
$content_maker, $display_order,$js_lib,$content_license,$debug, $visibility, $author, $preview_image,
$use_max_score, $autolunch, $created_on, $modified_on, $publicated_on, $expired_on, $session_id, $items) {
public function CourseCopyLearnpath(
$id,
$type,
$name,
$path,
$ref,
$description,
$content_local,
$default_encoding,
$default_view_mode,
$prevent_reinit,
$force_commit,
$content_maker,
$display_order,
$js_lib,
$content_license,
$debug,
$visibility,
$author,
$preview_image,
$use_max_score,
$autolunch,
$created_on,
$modified_on,
$publicated_on,
$expired_on,
$session_id,
$items
) {
parent::Resource($id,RESOURCE_LEARNPATH);
$this->lp_type = $type;
$this->name = $name;
@ -147,6 +175,7 @@ class CourseCopyLearnpath extends Resource {
{
return $this->items;
}
/**
* Check if a given resource is used as an item in this chapter
*/
@ -154,13 +183,14 @@ class CourseCopyLearnpath extends Resource {
{
foreach ($this->items as $item) {
if ($item['id'] == $resource->get_id() &&
isset($item['type']) && $item['type'] == $resource->get_type()
) {
isset($item['type']) && $item['type'] == $resource->get_type()
) {
return true;
}
}
return false;
}
/**
* Show this learnpath
*/

3
main/coursecopy/classes/CourseCopyTestCategory.php
Unescape View File

@ -34,7 +34,8 @@ class CourseCopyTestcategory extends Resource
/**
* Show the test_category title, used in the partial recycle_course.php form
*/
function show() {
function show()
{
parent::show();
echo $this->title;
}

11
main/coursecopy/classes/CourseDescription.class.php
Unescape View File

@ -21,24 +21,27 @@ class CourseDescription extends Resource
/**
* The description type
*/
var $description_type;
var $description_type;
/**
* Create a new course description
* @param int $id
* @param string $title
* @param string $content
*/
function __construct($id,$title,$content,$description_type) {
function __construct($id,$title,$content,$description_type)
{
parent::Resource($id,RESOURCE_COURSEDESCRIPTION);
$this->title = $title;
$this->content = $content;
$this->description_type = $description_type;
}
/**
* Show this Event
*/
function show() {
function show()
{
parent::show();
echo $this->title;
}
}
}

4
main/coursecopy/copy_course_session.php
Unescape View File

@ -90,7 +90,7 @@ function make_select_session_list($name, $sessions, $attr = array())
function display_form()
{
$html = '';
$sessions = SessionManager::get_sessions_list(null, array('name ASC'));
$sessions = SessionManager::get_sessions_list(array(), array('name', 'ASC'));
// Actions
$html .= '<div class="actions">';
@ -166,7 +166,7 @@ function search_courses($id_session, $type)
// Build select for destination sessions where is not included current session from select origin
if (!empty($id_session)) {
$sessions = SessionManager::get_sessions_list(null, array('name ASC'));
$sessions = SessionManager::get_sessions_list(array(), array('name', 'ASC'));
$select_destination .= '<select name="sessions_list_destination" width="380px" onchange = "javascript: xajax_search_courses(this.value,\'destination\');">';
$select_destination .= '<option value = "0">-- '.get_lang('SelectASession').' --</option>';

7
main/document/slideshow.php
Unescape View File

@ -48,6 +48,7 @@ if (isset($_SESSION['image_files_only'])) {
}
// Calculating the current slide, next slide, previous slide and the number of slides
$slide = null;
if ($slide_id != 'all') {
$slide = $slide_id ? $slide_id : 0;
$previous_slide = $slide - 1;
@ -64,9 +65,11 @@ function MM_openBrWindow(theURL,winName,features) { //v2.0
<?php
if ($slide_id != 'all') {
$image = $sys_course_path.$_course['path'].'/document'.$folder.$image_files_only[$slide];
$image = null;
if (isset($image_files_only[$slide])) {
$image = $sys_course_path . $_course['path'] . '/document' . $folder . $image_files_only[$slide];
}
if (file_exists($image)) {
echo '<div class="actions-pagination">';
// Back forward buttons

14
main/document/upload.php
Unescape View File

@ -284,7 +284,7 @@ if (api_get_setting('search_enabled') == 'true') {
$form->addElement('radio', 'if_exists', get_lang('UplWhatIfFileExists'), get_lang('UplDoNothing'), 'nothing');
$form->addElement('radio', 'if_exists', '', get_lang('UplOverwriteLong'), 'overwrite');
$form->addElement('radio', 'if_exists', '', get_lang('UplRenameLong'), 'rename', array('checked="checked"'));
$form->addElement('radio', 'if_exists', '', get_lang('UplRenameLong'), 'rename');
// Close the java script and avoid the footer up
$form->addElement('html', '</div>');
@ -292,7 +292,17 @@ $form->addElement('html', '</div>');
$form->addElement('style_submit_button', 'submitDocument', get_lang('SendDocument'), 'class="upload"');
$form->add_real_progress_bar('DocumentUpload', 'file');
$defaults = array('index_document' => 'checked="checked"');
$fileExistsOption = api_get_configuration_value('document_if_file_exists_option');
$defaultFileExistsOption = 'rename';
if (!empty($fileExistsOption)) {
$defaultFileExistsOption = $fileExistsOption;
}
$defaults = array(
'index_document' => 'checked="checked"',
'if_exists' => $defaultFileExistsOption
);
$form->setDefaults($defaults);

6
main/dropbox/index.php
Unescape View File

@ -5,7 +5,7 @@
require_once 'dropbox_init.inc.php';
// get the last time the user accessed the tool
if ($_SESSION[$_course['id']]['last_access'][TOOL_DROPBOX] == '') {
if (isset($_SESSION[$_course['id']]) && $_SESSION[$_course['id']]['last_access'][TOOL_DROPBOX] == '') {
$last_access = get_last_tool_access(TOOL_DROPBOX);
$_SESSION[$_course['id']]['last_access'][TOOL_DROPBOX] = $last_access;
} else {
@ -181,9 +181,11 @@ if (isset($_GET['error']) AND !empty($_GET['error'])) {
Display :: display_normal_message(get_lang($_GET['error']));
}
$dropbox_data_sent = array();
$movelist = array();
$dropbox_data_recieved = array();
if ($action != 'add') {
// Getting all the categories in the dropbox for the given user
$dropbox_categories = get_dropbox_categories();
// Greating the arrays with the categories for the received files and for the sent files

10
main/exercice/exercice.php
Unescape View File

@ -405,7 +405,9 @@ if (Database :: num_rows($result_total)) {
//get HotPotatoes files (active and inactive)
if ($is_allowedToEdit) {
$sql = "SELECT * FROM $TBL_DOCUMENT
WHERE c_id = $courseId AND path LIKE '".Database :: escape_string($uploadPath)."/%/%'";
WHERE
c_id = $courseId AND
path LIKE '".Database :: escape_string($uploadPath.'/%/%')."'";
$res = Database::query($sql);
$hp_count = Database :: num_rows($res);
} else {
@ -413,7 +415,7 @@ if ($is_allowedToEdit) {
WHERE
d.id = ip.ref AND
ip.tool = '".TOOL_DOCUMENT."' AND
d.path LIKE '".Database :: escape_string($uploadPath)."/%/%' AND
d.path LIKE '".Database :: escape_string($uploadPath.'/%/%')."' AND
ip.visibility ='1' AND
d.c_id = ".$courseId." AND
ip.c_id = ".$courseId;
@ -920,7 +922,7 @@ if ($is_allowedToEdit) {
d.id = ip.ref AND
ip.tool = '".TOOL_DOCUMENT."' AND
(d.path LIKE '%htm%') AND
d.path LIKE '".Database :: escape_string($uploadPath)."/%/%'
d.path LIKE '".Database :: escape_string($uploadPath.'/%/%')."'
LIMIT ".$from.",".$limit; // only .htm or .html files listed
} else {
$sql = "SELECT d.path as path, d.comment as comment, ip.visibility as visibility
@ -931,7 +933,7 @@ if ($is_allowedToEdit) {
d.id = ip.ref AND
ip.tool = '".TOOL_DOCUMENT."' AND
(d.path LIKE '%htm%') AND
d.path LIKE '".Database :: escape_string($uploadPath)."/%/%' AND
d.path LIKE '".Database :: escape_string($uploadPath.'/%/%')."' AND
ip.visibility='1'
LIMIT ".$from.",".$limit;
}

6
main/exercice/exercise.lib.php
Unescape View File

@ -1379,7 +1379,9 @@ function get_exam_results_data(
$teacher_id_list[] = $teacher['user_id'];
}
//Simple exercises
$list_info = array();
// Simple exercises
if (empty($hotpotatoe_where)) {
$column = !empty($column) ? Database::escape_string($column) : null;
$from = intval($from);
@ -1407,7 +1409,7 @@ function get_exam_results_data(
$lp_list_obj = new learnpathList(api_get_user_id());
$lp_list = $lp_list_obj->get_flat_list();
$list_info = array();
if (is_array($results)) {
$users_array_id = array();

34
main/exercice/exercise_show.php
Unescape View File

@ -72,6 +72,7 @@ if (api_is_course_session_coach(
}
}
$maxEditors = isset($_configuration['exercise_max_fckeditors_in_page']) ? $_configuration['exercise_max_fckeditors_in_page'] : 0;
$is_allowedToEdit = api_is_allowed_to_edit(null, true) || $is_courseTutor || api_is_session_admin() || api_is_drh();
//Getting results from the exe_id. This variable also contain all the information about the exercise
@ -128,6 +129,8 @@ if ($origin != 'learnpath') {
}
?>
<script>
var maxEditors = '<?php echo intval($maxEditors); ?>';
function showfck(sid,marksid) {
document.getElementById(sid).style.display='block';
document.getElementById(marksid).style.display='block';
@ -153,8 +156,12 @@ function getFCK(vals,marksid) {
var oHidden = document.createElement("input");
oHidden.type = "hidden";
oHidden.name = "comments_"+ids[k];
oEditor = FCKeditorAPI.GetInstance(oHidden.name) ;
oHidden.value = oEditor.GetXHTML(true);
if (maxEditors == 0) {
oEditor = FCKeditorAPI.GetInstance(oHidden.name) ;
oHidden.value = oEditor.GetXHTML(true);
} else {
oHidden.value = $("textarea[name='" + oHidden.name + "']").val();
}
f.appendChild(oHidden);
}
}
@ -283,6 +290,11 @@ $counter = 1;
$exercise_content = null;
$category_list = array();
$useAdvancedEditor = true;
if (count($questionList) > $maxEditors) {
$useAdvancedEditor = false;
}
foreach ($questionList as $questionId) {
$choice = $exerciseResult[$questionId];
@ -534,7 +546,23 @@ foreach ($questionList as $questionId) {
$renderer->setElementTemplate('<div align="left">{element}</div>');
$comnt = get_comments($id, $questionId);
$default = array('comments_'.$questionId => $comnt);
$feedback_form->addElement('html_editor', 'comments_'.$questionId, null, null, array('ToolbarSet' => 'TestAnswerFeedback', 'Width' => '100%', 'Height' => '120'));
if ($useAdvancedEditor) {
$feedback_form->addElement(
'html_editor',
'comments_' . $questionId,
null,
null,
array(
'ToolbarSet' => 'TestAnswerFeedback',
'Width' => '100%',
'Height' => '120'
)
);
} else {
$feedback_form->addElement('textarea', 'comments_' . $questionId);
}
$feedback_form->addElement('html','<br>');
$feedback_form->setDefaults($default);
$feedback_form->display();

9
main/forum/forumfunction.inc.php
Unescape View File

@ -182,6 +182,7 @@ function handle_forum_and_forumcategories($lp_id = null)
$return_message = delete_forum_forumcategory_thread($get_content, $get_id);
Display::display_confirmation_message($return_message, false);
}
// Change visibility of a forum or a forum category.
if ($action_forum_cat == 'invisible' || $action_forum_cat == 'visible') {
$return_message = change_visibility($get_content, $get_id, $action_forum_cat);
@ -527,7 +528,7 @@ function store_forumcategory($values)
$table_categories = Database::get_course_table(TABLE_FORUM_CATEGORY);
// Find the max cat_order. The new forum category is added at the end => max cat_order + &
$sql = "SELECT MAX(cat_order) as sort_max FROM ".Database::escape_string($table_categories)."
$sql = "SELECT MAX(cat_order) as sort_max FROM ".$table_categories."
WHERE c_id = $course_id";
$result = Database::query($sql);
$row = Database::fetch_array($result);
@ -1023,9 +1024,9 @@ function display_up_down_icon($content, $id, $list)
/**
* This function changes the visibility in the database (item_property)
*
* @param $content what is it that we want to make (in)visible: forum category, forum, thread, post
* @param $id the id of the content we want to make invisible
* @param $target_visibility what is the current status of the visibility (0 = invisible, 1 = visible)
* @param string $content what is it that we want to make (in)visible: forum category, forum, thread, post
* @param int $id the id of the content we want to make invisible
* @param string $target_visibility what is the current status of the visibility (0 = invisible, 1 = visible)
*
* @todo change the get parameter so that it matches the tool constants.
* @todo check if api_item_property_update returns true or false => returnmessage depends on it.

16
main/gradebook/gradebook_add_cat.php
Unescape View File

@ -57,7 +57,7 @@ $(document).ready(function () {
});
function check_skills() {
//selecting only selected users
// selecting only selected users
$("#skills option:selected").each(function() {
var skill_id = $(this).val();
if (skill_id != "" ) {
@ -76,7 +76,7 @@ function check_skills() {
}
});
}
},
}
});
}
});
@ -98,7 +98,6 @@ if ($_in_course) {
}
$catadd->set_course_code(api_get_course_id());
$form = new CatForm(
CatForm :: TYPE_ADD,
$catadd,
@ -140,14 +139,17 @@ if ($form->validate()) {
}
$cat->set_visible($visible);
$result = $cat->add();
header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?addcat=&selectcat=' . $cat->get_parent_id());
header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?addcat=&selectcat=' . $cat->get_parent_id().'&'.api_get_cidreq());
exit;
}
if ( !$_in_course ) {
$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.$get_select_cat,'name' => get_lang('Gradebook'));
if (!$_in_course) {
$interbreadcrumb[] = array (
'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.$get_select_cat.'&'.api_get_cidreq(),
'name' => get_lang('Gradebook')
);
}
$interbreadcrumb[]= array ( 'url' =>'index.php','name' => get_lang('ToolGradebook'));
$interbreadcrumb[]= array( 'url' =>'index.php','name' => get_lang('ToolGradebook'));
Display :: display_header(get_lang('NewCategory'));
$display_form = true;

30
main/gradebook/gradebook_add_eval.php
Unescape View File

@ -1,6 +1,6 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Script
* @package chamilo.gradebook
@ -29,7 +29,14 @@ if (isset($_GET['selectcat']) && (!empty($_GET['selectcat']))) {
$evaladd->set_category_id(0);
}
$form = new EvalForm(EvalForm :: TYPE_ADD, $evaladd, null, 'add_eval_form', null, api_get_self() . '?selectcat=' . $select_cat);
$form = new EvalForm(
EvalForm :: TYPE_ADD,
$evaladd,
null,
'add_eval_form',
null,
api_get_self() . '?selectcat=' . $select_cat.'&'.api_get_cidreq()
);
if ($form->validate()) {
$values = $form->exportValues();
@ -51,7 +58,6 @@ if ($form->validate()) {
//$values['weight'] = $values['weight_mask']/$global_weight*$parent_cat[0]->get_weight();
$values['weight'] = $values['weight_mask'];
$eval->set_weight($values['weight']);
$eval->set_max($values['max']);
@ -68,32 +74,30 @@ if ($form->validate()) {
//header('Location: gradebook_add_user.php?selecteval=' . $eval->get_id());
exit;
} else {
header('Location: ' . Security::remove_XSS($_SESSION['gradebook_dest']) . '?selectcat=' . $eval->get_category_id());
header('Location: ' . Security::remove_XSS($_SESSION['gradebook_dest']) . '?selectcat=' . $eval->get_category_id().'&'.api_get_cidreq());
exit;
}
} else {
$val_addresult = isset($values['addresult']) ? $values['addresult'] : null;
if ($val_addresult == 1) {
header('Location: gradebook_add_result.php?selecteval=' . $eval->get_id());
header('Location: gradebook_add_result.php?selecteval=' . $eval->get_id().'&'.api_get_cidreq());
exit;
} else {
header('Location: ' . Security::remove_XSS($_SESSION['gradebook_dest']) . '?selectcat=' . $eval->get_category_id());
header('Location: ' . Security::remove_XSS($_SESSION['gradebook_dest']) . '?selectcat=' . $eval->get_category_id().'&'.api_get_cidreq());
exit;
}
}
}
$interbreadcrumb[] = array(
'url' => Security::remove_XSS($_SESSION['gradebook_dest']) . '?selectcat=' . $select_cat,
'name' => get_lang('Gradebook'
));
'url' => Security::remove_XSS($_SESSION['gradebook_dest']) . '?selectcat=' . $select_cat.'&'.api_get_cidreq(),
'name' => get_lang('Gradebook'))
;
$this_section = SECTION_COURSES;
$htmlHeadXtra[] = '<script type="text/javascript">
$(document).ready( function() {
$("#hid_category_id").change(function(){
$("#hid_category_id").change(function() {
$("#hid_category_id option:selected").each(function () {
var cat_id = $(this).val();
$.ajax({
@ -103,7 +107,7 @@ $(document).ready( function() {
if (return_value != 0 ) {
$("#max_weight").html(return_value);
}
},
}
});
});
});

27
main/gradebook/gradebook_add_link.php
Unescape View File

@ -34,7 +34,7 @@ if ($session_id == 0) {
$all_categories = Category::load_session_categories(null, $session_id);
}
$category = Category :: load($_GET['selectcat']);
$url = api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&newtypeselected='.$typeSelected.'&course_code='.api_get_course_id();
$url = api_get_self().'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&newtypeselected='.$typeSelected.'&course_code='.api_get_course_id().'&'.api_get_cidreq();
$typeform = new LinkForm(LinkForm :: TYPE_CREATE, $category[0], null, 'create_link', null, $url, $typeSelected);
// if user selected a link type
@ -87,8 +87,10 @@ if (isset($typeSelected) && $typeSelected != '0') {
$link->set_visible(empty($addvalues['visible']) ? 0 : 1);
// Update view_properties
if (isset($typeSelected) && 5 == $typeSelected && (isset($addvalues['select_link']) && $addvalues['select_link'] <> "")) {
if (isset($typeSelected) &&
5 == $typeSelected &&
(isset($addvalues['select_link']) && $addvalues['select_link'] <> "")
) {
$sql1 = 'SELECT thread_title from '.$tbl_forum_thread.'
WHERE c_id = '.$course_info['real_id'].' AND thread_id='.$addvalues['select_link'];
$res1 = Database::query($sql1);
@ -100,32 +102,35 @@ if (isset($typeSelected) && $typeSelected != '0') {
$row = Database::fetch_row($res_l);
if ($row[0] == 0) {
$link->add();
$sql = 'UPDATE '.$tbl_forum_thread.' SET thread_qualify_max='.$addvalues['weight'].',thread_weight='.$addvalues['weight'].',thread_title_qualify="'.$rowtit[0].'"
$sql = 'UPDATE '.$tbl_forum_thread.' SET
thread_qualify_max='.$addvalues['weight'].',
thread_weight='.$addvalues['weight'].',
thread_title_qualify="'.$rowtit[0].'"
WHERE thread_id='.$addvalues['select_link'].' AND c_id = '.$course_info['real_id'].' ';
Database::query($sql);
}
}
$link->add();
$addvalue_result = !empty($addvalues['addresult']) ? $addvalues['addresult'] : array();
if ($addvalue_result == 1) {
header('Location: gradebook_add_result.php?selecteval='.$link->get_ref_id());
header('Location: gradebook_add_result.php?selecteval='.$link->get_ref_id().'&'.api_get_cidreq());
exit;
} else {
header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?linkadded=&selectcat='.Security::remove_XSS($_GET['selectcat']));
header('Location: '.Security::remove_XSS($_SESSION['gradebook_dest']).'?linkadded=&selectcat='.Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq());
exit;
}
}
}
$interbreadcrumb[] = array('url' => $_SESSION['gradebook_dest'].'?selectcat='.Security::remove_XSS($_GET['selectcat']), 'name' => get_lang('Gradebook'));
$interbreadcrumb[] = array(
'url' => $_SESSION['gradebook_dest'].'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq(),
'name' => get_lang('Gradebook')
);
$this_section = SECTION_COURSES;
$htmlHeadXtra[] = '<script>
$(document).ready( function() {
$("#hide_category_id").change(function() {
$("#hide_category_id option:selected").each(function () {
var cat_id = $(this).val();
@ -136,7 +141,7 @@ $(document).ready( function() {
if (return_value != 0 ) {
$("#max_weight").html(return_value);
}
},
}
});
});
});

20
main/gradebook/gradebook_add_link_select_course.php
Unescape View File

@ -1,5 +1,6 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Script
* @package chamilo.gradebook
@ -18,25 +19,30 @@ api_block_anonymous_users();
block_students();
$catadd = new Category();
$catadd->set_user_id($_user['user_id']);
$catadd->set_user_id(api_get_user_id());
$catadd->set_parent_id($_GET['selectcat']);
$catcourse = Category :: load ($_GET['selectcat']);
//$catadd->set_course_code($catcourse[0]->get_course_code());
$form = new CatForm(CatForm :: TYPE_SELECT_COURSE, $catadd, 'add_cat_form', null, api_get_self().'?selectcat=' . Security::remove_XSS($_GET['selectcat']));
$form = new CatForm(
CatForm :: TYPE_SELECT_COURSE,
$catadd,
'add_cat_form',
null,
api_get_self() . '?selectcat=' . Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq()
);
if ($form->validate()) {
$values = $form->exportValues();
$cat = new Category();
$cat->set_course_code($values['select_course']);
$cat->set_name($values['name']);
header('location: gradebook_add_link.php?selectcat=' .Security::remove_XSS($_GET['selectcat']).'&course_code='.Security::remove_XSS($values['select_course']));
header('location: gradebook_add_link.php?selectcat=' .Security::remove_XSS($_GET['selectcat']).'&course_code='.Security::remove_XSS($values['select_course']).'&'.api_get_cidreq());
exit;
}
$interbreadcrumb[] = array (
'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.Security::remove_XSS($_GET['selectcat']),
'name' => get_lang('Gradebook'
));
'url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?selectcat='.Security::remove_XSS($_GET['selectcat']).'&'.api_get_cidreq(),
'name' => get_lang('Gradebook')
);
Display :: display_header(get_lang('NewCategory'));
$form->display();
Display :: display_footer();

18
main/gradebook/gradebook_add_result.php
Unescape View File

@ -24,13 +24,20 @@ $resultadd = new Result();
$resultadd->set_evaluation_id($_GET['selecteval']);
$evaluation = Evaluation :: load($_GET['selecteval']);
$category = !empty($_GET['selectcat']) ? $_GET['selectcat'] : "";
$add_result_form = new EvalForm(EvalForm :: TYPE_RESULT_ADD, $evaluation[0], $resultadd, 'add_result_form', null, api_get_self() . '?selectcat=' . Security::remove_XSS($category) . '&selecteval=' . Security::remove_XSS($_GET['selecteval']));
$add_result_form = new EvalForm(
EvalForm :: TYPE_RESULT_ADD,
$evaluation[0],
$resultadd,
'add_result_form',
null,
api_get_self() . '?selectcat=' . Security::remove_XSS($category) . '&selecteval=' . Security::remove_XSS($_GET['selecteval']).'&'.api_get_cidreq()
);
$table = $add_result_form->toHtml();
if ($add_result_form->validate()) {
$values = $add_result_form->exportValues();
$nr_users = $values['nr_users'];
if ($nr_users == '0') {
header('Location: gradebook_view_result.php?addresultnostudents=&selecteval=' . Security::remove_XSS($_GET['selecteval']));
header('Location: gradebook_view_result.php?addresultnostudents=&selecteval=' . Security::remove_XSS($_GET['selecteval']).'&'.api_get_cidreq());
exit;
}
$scores = ($values['score']);
@ -43,10 +50,13 @@ if ($add_result_form->validate()) {
$res->add();
next($scores);
}
header('Location: gradebook_view_result.php?addresult=&selecteval=' . Security::remove_XSS($_GET['selecteval']));
header('Location: gradebook_view_result.php?addresult=&selecteval=' . Security::remove_XSS($_GET['selecteval']).'&'.api_get_cidreq());
exit;
}
$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']),'name' => get_lang('Gradebook'));
$interbreadcrumb[] = array(
'url' => Security::remove_XSS($_SESSION['gradebook_dest']),
'name' => get_lang('Gradebook')
);
Display :: display_header(get_lang('AddResult'));
DisplayGradebook :: display_header_result ($evaluation[0], null, 0,0);
echo $table;

107
main/gradebook/gradebook_display_certificate.php
Unescape View File

@ -1,5 +1,6 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Script
* @package chamilo.gradebook
@ -34,69 +35,36 @@ if (!api_is_allowed_to_edit()) {
$cat_id = isset($_GET['cat_id']) ? (int)$_GET['cat_id'] : null;
$action = isset($_GET['action']) && $_GET['action'] ? $_GET['action'] : null;
$filterOfficialCode = isset($_POST['filter']) ? Security::remove_XSS($_POST['filter']) : null;
$filterOfficialCodeGet = isset($_GET['filter']) ? Security::remove_XSS($_GET['filter']) : null;
switch ($action) {
case 'export_all_certificates':
$params['orientation'] = 'landscape';
$params['left'] = 0;
$params['right'] = 0;
$params['top'] = 0;
$params['bottom'] = 0;
$page_format = $params['orientation'] == 'landscape' ? 'A4-L' : 'A4';
$pdf = new PDF($page_format, $params['orientation'], $params);
$certificate_list = get_list_users_certificates($cat_id);
$certificate_path_list = array();
if (!empty($certificate_list)) {
foreach ($certificate_list as $index=>$value) {
$list_certificate = get_list_gradebook_certificates_by_user_id($value['user_id'], $cat_id);
foreach ($list_certificate as $value_certificate) {
$certificate_obj = new Certificate($value_certificate['id']);
$certificate_obj->generate(array('hide_print_button' => true));
if ($certificate_obj->html_file_is_generated()) {
$certificate_path_list[]= $certificate_obj->html_file;
}
}
}
}
if (!empty($certificate_path_list)) {
// Print certificates (without the common header/footer/watermark
// stuff) and return as one multiple-pages PDF
$pdf->html_to_pdf($certificate_path_list, get_lang('Certificates'), null, false, false);
$userList = array();
if (!empty($filterOfficialCodeGet)) {
$userList = UserManager::getUsersByOfficialCode($filterOfficialCodeGet);
}
Category::exportAllCertificates($cat_id, $userList);
break;
case 'generate_all_certificates':
$user_list = CourseManager::get_user_list_from_course_code(api_get_course_id(), api_get_session_id());
if (!empty($user_list)) {
foreach ($user_list as $user_info) {
Category::register_user_certificate($cat_id, $user_info['user_id']);
}
}
Category::generateCertificatesInUserList($cat_id, $user_list);
break;
case 'delete_all_certificates':
$certificate_list = get_list_users_certificates($cat_id);
if (!empty($certificate_list)) {
foreach ($certificate_list as $index=>$value) {
$list_certificate = get_list_gradebook_certificates_by_user_id($value['user_id'], $cat_id);
foreach ($list_certificate as $value_certificate) {
$certificate_obj = new Certificate($value_certificate['id']);
$certificate_obj->delete(true);
}
}
}
Category::deleteAllCertificates($cat_id);
break;
}
$course_code = api_get_course_id();
$interbreadcrumb[] = array ('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?', 'name' => get_lang('Gradebook'));
$interbreadcrumb[] = array ('url' => '#','name' => get_lang('GradebookListOfStudentsCertificates'));
$interbreadcrumb[] = array('url' => Security::remove_XSS($_SESSION['gradebook_dest']).'?', 'name' => get_lang('Gradebook'));
$interbreadcrumb[] = array('url' => '#','name' => get_lang('GradebookListOfStudentsCertificates'));
$this_section = SECTION_COURSES;
Display::display_header('');
if ($_GET['action'] == 'delete') {
if (isset($_GET['action']) && $_GET['action'] == 'delete') {
$check = Security::check_token('get');
if ($check) {
$certificate = new Certificate($_GET['certificate_id']);
@ -104,7 +72,7 @@ if ($_GET['action'] == 'delete') {
Security::clear_token();
if ($result ==true) {
Display::display_confirmation_message(get_lang('CertificateRemoved'));
} else {
} else {
Display::display_error_message(get_lang('CertificateNotRemoved'));
}
}
@ -155,22 +123,59 @@ if (!empty($cats)) {
}
}
$certificate_list = get_list_users_certificates($cat_id);
$filter = api_get_configuration_value('certificate_filter_by_official_code');
$userList = array();
$filterForm = null;
$certificate_list = array();
if ($filter) {
echo '<br />';
$options = UserManager::getOfficialCodeGrouped();
$options =array_merge(array('all' => get_lang('All')), $options);
$form = new FormValidator(
'official_code_filter',
'POST',
api_get_self().'?'.api_get_cidreq().'&cat_id='.$cat_id
);
$form->addElement('select', 'filter', get_lang('OfficialCode'), $options);
$form->add_button('submit', get_lang('Submit'));
$filterForm = '<br />'.$form->return_form();
if ($form->validate()) {
$officialCode = $form->getSubmitValue('filter');
if ($officialCode == 'all') {
$certificate_list = get_list_users_certificates($cat_id);
} else {
$userList = UserManager::getUsersByOfficialCode($officialCode);
if (!empty($userList)) {
$certificate_list = get_list_users_certificates(
$cat_id,
$userList
);
}
}
} else {
$certificate_list = get_list_users_certificates($cat_id);
}
} else {
$certificate_list = get_list_users_certificates($cat_id);
}
echo '<div class="btn-group">';
$url = api_get_self().'?action=generate_all_certificates'.'&'.api_get_cidReq().'&cat_id='.$cat_id;
$url = api_get_self().'?action=generate_all_certificates'.'&'.api_get_cidReq().'&cat_id='.$cat_id.'&filter='.$filterOfficialCode;
echo Display::url(get_lang('GenerateCertificates'), $url, array('class' => 'btn'));
$url = api_get_self().'?action=delete_all_certificates'.'&'.api_get_cidReq().'&cat_id='.$cat_id;
$url = api_get_self().'?action=delete_all_certificates'.'&'.api_get_cidReq().'&cat_id='.$cat_id.'&filter='.$filterOfficialCode;
echo Display::url(get_lang('DeleteAllCertificates'), $url, array('class' => 'btn'));
if (count($certificate_list) > 0) {
$url = api_get_self().'?action=export_all_certificates'.'&'.api_get_cidReq().'&cat_id='.$cat_id;
$url = api_get_self().'?action=export_all_certificates'.'&'.api_get_cidReq().'&cat_id='.$cat_id.'&filter='.$filterOfficialCode;
echo Display::url(get_lang('ExportAllCertificatesToPDF'), $url, array('class' => 'btn'));
}
echo '</div>';
if (count($certificate_list)==0) {
echo $filterForm;
if (count($certificate_list) == 0 ) {
echo Display::display_warning_message(get_lang('NoResultsAvailable'));
} else {

11
main/gradebook/gradebook_edit_all.php
Unescape View File

@ -57,7 +57,6 @@ $course_id = get_course_id_by_link_id($my_selectcat);
$table_link = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$table_evaluation = Database::get_main_table(TABLE_MAIN_GRADEBOOK_EVALUATION);
$tbl_forum_thread = Database :: get_course_table(TABLE_FORUM_THREAD);
$tbl_work = Database :: get_course_table(TABLE_STUDENT_PUBLICATION);
$tbl_attendance = Database :: get_course_table(TABLE_ATTENDANCE);
@ -77,7 +76,7 @@ if ($submitted==1) {
require_once 'lib/be/evaluation.class.php';
$eval_log = new Evaluation();
}
if(isset($_POST['link'])){
if (isset($_POST['link'])) {
require_once 'lib/be/abstractlink.class.php';
//$eval_link_log = new AbstractLink();
}
@ -170,7 +169,7 @@ if ($my_api_cidreq=='') {
}
?>
<div class="actions">
<a href="<?php echo Security::remove_XSS($_SESSION['gradebook_dest']).'?id_session='.api_get_session_id().'&amp;'.$my_api_cidreq ?>&selectcat=<?php echo $my_selectcat ?>">
<a href="<?php echo Security::remove_XSS($_SESSION['gradebook_dest']).'?'.$my_api_cidreq ?>&selectcat=<?php echo $my_selectcat ?>">
<?php echo Display::return_icon('back.png',get_lang('FolderView'),'',ICON_SIZE_MEDIUM); ?>
</a>
</div>
@ -178,7 +177,7 @@ if ($my_api_cidreq=='') {
$warning_message = sprintf(get_lang('TotalWeightMustBeX'), $masked_total);
Display::display_normal_message($warning_message, false);
?>
<form method="post" action="gradebook_edit_all.php?id_session=<?php echo $_SESSION['id_session'].'&amp;'.$my_api_cidreq ?>&selectcat=<?php echo $my_selectcat?>">
<form method="post" action="gradebook_edit_all.php?<?php echo $my_api_cidreq ?>&selectcat=<?php echo $my_selectcat?>">
<table class="data_table">
<tr class="row_odd">
<th style="width: 35px;"><?php echo get_lang('Type'); ?></th>
@ -189,7 +188,9 @@ Display::display_normal_message($warning_message, false);
</table>
<input type="hidden" name="submitted" value="1" />
<br />
<button class="save" type="submit" name="name" value="<?php echo get_lang('Save') ?>"><?php echo get_lang('SaveScoringRules') ?></button>
<button class="save" type="submit" name="name" value="<?php echo get_lang('Save') ?>">
<?php echo get_lang('SaveScoringRules') ?>
</button>
</form>
<?php
Display :: display_footer();

4
main/gradebook/index.php
Unescape View File

@ -9,7 +9,7 @@ $language_file = array('gradebook', 'exercice');
// $cidReset : This is the main difference with gradebook.php, here we say,
// basically, that we are inside a course, and many things depend from that
$cidReset= false;
//$cidReset = false;
$_in_course = true;
require_once '../inc/global.inc.php';
$current_course_tool = TOOL_GRADEBOOK;
@ -702,7 +702,7 @@ if (isset($_GET['studentoverview'])) {
}
unset($cats);
}
$cats = Category :: load ($category, null, null, null, null, null, false);
$cats = Category::load($category, null, null, null, null, null, false);
//with this fix the teacher only can view 1 gradebook
if (api_is_platform_admin()) {

44
main/gradebook/lib/be/abstractlink.class.php
Unescape View File

@ -300,9 +300,9 @@ abstract class AbstractLink implements GradebookItem
/**
* Update the properties of this link in the database
*/
public function save() {
public function save()
{
$this->save_linked_data();
$tbl_grade_links = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$sql = "UPDATE $tbl_grade_links SET
type = ".intval($this->get_type()).",
@ -322,7 +322,7 @@ abstract class AbstractLink implements GradebookItem
/**
* @param int $idevaluation
*/
public function add_link_log($idevaluation)
public static function add_link_log($idevaluation)
{
$tbl_grade_linkeval_log = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINKEVAL_LOG);
$dateobject=AbstractLink::load ($idevaluation,null,null,null,null);
@ -345,7 +345,8 @@ abstract class AbstractLink implements GradebookItem
/**
* Delete this link from the database
*/
public function delete() {
public function delete()
{
$this->delete_linked_data();
$tbl_grade_links = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$sql = 'DELETE FROM '.$tbl_grade_links.' WHERE id = '.intval($this->id);
@ -361,7 +362,6 @@ abstract class AbstractLink implements GradebookItem
public function get_target_categories()
{
// links can only be moved to categories inside this course
$targets = array();
$level = 0;
@ -416,22 +416,26 @@ abstract class AbstractLink implements GradebookItem
$foundlinks[] = $link;
}
}
return $foundlinks;
}
// Other methods implementing GradebookItem
/**
* @return string
*/
public function get_item_type()
{
return 'L';
}
public function get_icon_name() {
/**
* @return string
*/
public function get_icon_name()
{
return 'link';
}
// ABSTRACT FUNCTIONS - to be implemented by subclass
abstract function has_results();
abstract function get_link();
abstract function is_valid_link();
@ -469,19 +473,31 @@ abstract class AbstractLink implements GradebookItem
{
}
/**
*
*/
public function delete_linked_data()
{
}
public function set_name ($name)
/**
* @param $name
*/
public function set_name($name)
{
}
public function set_description ($description)
/**
* @param $description
*/
public function set_description($description)
{
}
public function set_max ($max)
/**
* @param $max
*/
public function set_max($max)
{
}
@ -495,7 +511,7 @@ abstract class AbstractLink implements GradebookItem
* @param int locked 1 or unlocked 0
*
* */
function lock($locked)
public function lock($locked)
{
$table = Database::get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$sql = "UPDATE $table SET locked = '".intval($locked)."' WHERE id='".$this->id."'";

137
main/gradebook/lib/be/category.class.php
Unescape View File

@ -10,7 +10,6 @@ require_once api_get_path(LIBRARY_PATH).'grade_model.lib.php';
* Defines a gradebook Category object
* @package chamilo.gradebook
*/
class Category implements GradebookItem
{
private $id;
@ -30,8 +29,6 @@ class Category implements GradebookItem
{
}
// GETTERS AND SETTERS
public function get_id()
{
return $this->id;
@ -206,8 +203,9 @@ class Category implements GradebookItem
if (!empty($session_id)) {
$tbl_grade_categories = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$sql = 'SELECT id, course_code FROM '.$tbl_grade_categories. '
WHERE session_id = '.$session_id;
$sql = 'SELECT id, course_code
FROM '.$tbl_grade_categories. '
WHERE session_id = '.$session_id;
$result_session = Database::query($sql);
if (Database::num_rows($result_session) > 0) {
$categoryList = array();
@ -219,6 +217,7 @@ class Category implements GradebookItem
//$allSubCategories = Category::load(null,null,null, $parent_id, null, $session_id, null);
}
}
return $categoryList;
}
}
@ -226,13 +225,13 @@ class Category implements GradebookItem
/**
* Retrieve categories and return them as an array of Category objects
* @param int category id
* @param int user id (category owner)
* @param string course code
* @param int parent category
* @param bool visible
* @param int session id (in case we are in a session)
* @param bool Whether to show all "session" categories (true) or hide them (false) in case there is no session id
* @param int $id category id
* @param int $user_id (category owner)
* @param string $course_code
* @param int $parent_id parent category
* @param bool $visible
* @param int $session_id (in case we are in a session)
* @param bool $order_by Whether to show all "session" categories (true) or hide them (false) in case there is no session id
*/
public static function load(
$id = null,
@ -256,7 +255,6 @@ class Category implements GradebookItem
$sql = 'SELECT * FROM '.$tbl_grade_categories;
$paramcount = 0;
if (isset($id)) {
$id = Database::escape_string($id);
$sql.= ' WHERE id = '.intval($id);
$paramcount ++;
}
@ -273,7 +271,6 @@ class Category implements GradebookItem
}
if (isset($course_code)) {
$course_code = Database::escape_string($course_code);
if ($paramcount != 0) {
$sql .= ' AND';
} else {
@ -303,7 +300,6 @@ class Category implements GradebookItem
}
if (isset($parent_id)) {
$parent_id = Database::escape_string($parent_id);
if ($paramcount != 0) {
$sql .= ' AND ';
} else {
@ -314,7 +310,6 @@ class Category implements GradebookItem
}
if (isset($visible)) {
$visible = Database::escape_string($visible);
if ($paramcount != 0) {
$sql .= ' AND';
} else {
@ -1459,12 +1454,11 @@ class Category implements GradebookItem
public function getCategories($catId)
{
$tblGradeCategories = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_CATEGORY);
$courseInfo = api_get_course_info(api_get_course_id());
$courseCode = $courseInfo['code'];
$sql='SELECT * FROM '.$tblGradeCategories.' WHERE parent_id = '.intval($catId);
$result = Database::query($sql);
$allcats = Category::create_category_objects_from_sql_result($result);
return $allcats;
}
@ -1617,10 +1611,17 @@ class Category implements GradebookItem
// A student always sees only the teacher's repartition
$scoretotal_display = $scoredisplay->display_score($scoretotal, SCORE_DIV_PERCENT);
if (isset($certificate_min_score) && $item_total_value >= $certificate_min_score) {
if (isset($certificate_min_score) &&
$item_total_value >= $certificate_min_score
) {
$my_certificate = get_certificate_by_user_id($cats_course[0]->get_id(), $user_id);
if (empty($my_certificate)) {
register_user_info_about_certificate($category_id, $user_id, $my_score_in_gradebook, api_get_utc_datetime());
register_user_info_about_certificate(
$category_id,
$user_id,
$my_score_in_gradebook,
api_get_utc_datetime()
);
$my_certificate = get_certificate_by_user_id($cats_course[0]->get_id(), $user_id);
}
$html = array();
@ -1630,14 +1631,12 @@ class Category implements GradebookItem
if (!empty($fileWasGenerated)) {
$url = api_get_path(WEB_PATH) . 'certificates/index.php?id=' . $my_certificate['id'];
$certificates = Display::url(
Display::return_icon(
'certificate_download.png',
get_lang('DownloadCertificate'),
array(),
ICON_SIZE_MEDIUM
).'&nbsp;'.get_lang('DownloadCertificate'),
'&nbsp;'.get_lang('DownloadCertificate'),
$url,
array('target' => '_blank')
array(
'target' => '_blank',
'class' => 'btn'
)
);
$exportToPDF = Display::url(
Display::return_icon(
@ -1659,4 +1658,88 @@ class Category implements GradebookItem
return false;
}
}
/**
* @param int $catId
* @param array $userList
*/
public static function generateCertificatesInUserList($catId, $userList)
{
if (!empty($userList)) {
foreach ($userList as $userInfo) {
self::register_user_certificate($catId, $userInfo['user_id']);
}
}
}
/**
* @param int $catId
* @param array $userList
*/
public static function exportAllCertificates(
$catId,
$userList = array()
) {
$orientation = api_get_configuration_value('certificate_pdf_orientation');
$params['orientation'] = 'landscape';
if (!empty($orientation)) {
$params['orientation'] = $orientation;
}
$params['left'] = 0;
$params['right'] = 0;
$params['top'] = 0;
$params['bottom'] = 0;
$page_format = $params['orientation'] == 'landscape' ? 'A4-L' : 'A4';
$pdf = new PDF($page_format, $params['orientation'], $params);
$certificate_list = get_list_users_certificates($catId, $userList);
$certificate_path_list = array();
if (!empty($certificate_list)) {
foreach ($certificate_list as $index=>$value) {
$list_certificate = get_list_gradebook_certificates_by_user_id(
$value['user_id'],
$catId
);
foreach ($list_certificate as $value_certificate) {
$certificate_obj = new Certificate($value_certificate['id']);
$certificate_obj->generate(array('hide_print_button' => true));
if ($certificate_obj->html_file_is_generated()) {
$certificate_path_list[]= $certificate_obj->html_file;
}
}
}
}
if (!empty($certificate_path_list)) {
// Print certificates (without the common header/footer/watermark
// stuff) and return as one multiple-pages PDF
$pdf->html_to_pdf(
$certificate_path_list,
get_lang('Certificates'),
null,
false,
false
);
}
}
/**
* @param int $catId
*/
public static function deleteAllCertificates($catId)
{
$certificate_list = get_list_users_certificates($catId);
if (!empty($certificate_list)) {
foreach ($certificate_list as $index=>$value) {
$list_certificate = get_list_gradebook_certificates_by_user_id($value['user_id'], $catId);
foreach ($list_certificate as $value_certificate) {
$certificate_obj = new Certificate($value_certificate['id']);
$certificate_obj->delete(true);
}
}
}
}
}

2
main/gradebook/lib/fe/displaygradebook.php
Unescape View File

@ -455,7 +455,7 @@ class DisplayGradebook
if (!empty($certificateLinkInfo) && isset($certificateLinkInfo['certificate_link'])) {
$certificateLink .= '<span style="float:right"> ' . $certificateLinkInfo['certificate_link']."</span>";
}
$scoreinfo .= '<h2>' . get_lang('Total') . ' : ' . $scorecourse_display . $certificateLink. '</h2>';
$scoreinfo .= '<h4>' . get_lang('Total') . ' : ' . $scorecourse_display . $certificateLink. '</h4>';
}
Display :: display_normal_message($scoreinfo, false);

290
main/gradebook/lib/fe/gradebooktable.class.php
Unescape View File

@ -20,10 +20,15 @@ class GradebookTable extends SortableTable
/**
* Constructor
* @param Category $currentcat
* @param array $cats
* @param array $evals
* @param array $links
* @param null $addparams
*/
public function GradebookTable($currentcat, $cats = array(), $evals = array(), $links = array(), $addparams = null)
{
parent::__construct ('gradebooklist', null, null, (api_is_allowed_to_edit()?1:0));
parent::__construct('gradebooklist', null, null, (api_is_allowed_to_edit()?1:0));
$this->evals_links = array_merge($evals, $links);
$this->currentcat = $currentcat;
$this->cats = $cats;
@ -40,7 +45,6 @@ class GradebookTable extends SortableTable
$this->set_header($column++, get_lang('Type'), '', 'width="35px"');
$this->set_header($column++, get_lang('Name'), false);
$this->set_header($column++, get_lang('Description'), false);
if (api_is_allowed_to_edit(null, true)) {
@ -60,18 +64,18 @@ class GradebookTable extends SortableTable
}
// Deactivates the odd/even alt rows in order that the +/- buttons work see #4047
$this->odd_even_rows_enabled = false;
// Admins get an edit column.
if (api_is_allowed_to_edit(null, true)) {
$this->set_header($column++, get_lang('Modify'), false, 'width="195px"');
// Actions on multiple selected documents.
$this->set_form_actions(array (
'setvisible' => get_lang('SetVisible'),
'setinvisible' => get_lang('SetInvisible'),
'deleted' => get_lang('DeleteSelected')
));
$this->set_form_actions(array(
'setvisible' => get_lang('SetVisible'),
'setinvisible' => get_lang('SetInvisible'),
'deleted' => get_lang('DeleteSelected')
)
);
} else {
if (empty($_GET['selectcat']) && !api_is_allowed_to_edit()) {
$this->set_header($column++, get_lang('Certificates'), false);
@ -87,14 +91,14 @@ class GradebookTable extends SortableTable
return $this->datagen;
}
/**
* Function used by SortableTable to get total number of items in the table
/**
* Function used by SortableTable to get total number of items in the table
* @return int
*/
*/
public function get_total_number_of_items()
{
return $this->datagen->get_total_items_count();
}
return $this->datagen->get_total_items_count();
}
/**
* Function used by SortableTable to generate the data to display
@ -142,19 +146,21 @@ class GradebookTable extends SortableTable
}
// Status of user in course.
$user_id = api_get_user_id();
$course_code = api_get_course_id();
$session_id = api_get_session_id();
$status_user = api_get_status_of_user_in_course($user_id, $course_code);
$data_array = $this->datagen->get_data($sorting, $from, $this->per_page);
$user_id = api_get_user_id();
$course_code = api_get_course_id();
$session_id = api_get_session_id();
$status_user = api_get_status_of_user_in_course($user_id, $course_code);
$data_array = $this->datagen->get_data(
$sorting,
$from,
$this->per_page
);
// generate the data to display
$sortable_data = array();
$weight_total_links = 0;
$main_categories = array();
$main_cat = Category::load(null, null, $course_code, null, null, $session_id, false);
$total_categories_weight = 0;
$scoredisplay = ScoreDisplay :: instance();
@ -204,6 +210,7 @@ class GradebookTable extends SortableTable
true
);
// Weight
if (api_is_allowed_to_edit(null, true)) {
$row[] = $invisibility_span_open .Display::tag('h4', $average).$invisibility_span_close;
} else {
@ -258,14 +265,11 @@ class GradebookTable extends SortableTable
$sortable_data[] = $row;
// Loading children
if (get_class($item) == 'Category') {
$stud_id = api_get_user_id();
$course_code = api_get_course_id();
$session_id = api_get_session_id();
$parent_id = $item->get_id();
$stud_id = api_get_user_id();
$course_code = api_get_course_id();
$session_id = api_get_session_id();
$parent_id = $item->get_id();
$cats = Category::load($parent_id, null, null, null, null, null);
if (isset($cats[0])) {
@ -275,13 +279,11 @@ class GradebookTable extends SortableTable
$sub_cat_info = new GradebookDataGenerator($allcat, $alleval, $alllink);
$data_array = $sub_cat_info->get_data($sorting, $from, $this->per_page);
$total_weight = 0;
// Links.
foreach ($data_array as $data) {
$row = array();
$row = array();
$item = $data[0];
//if the item is invisible, wrap it in a span with class invisible
@ -341,7 +343,6 @@ class GradebookTable extends SortableTable
}
}
$row['child_of'] = $parent_id;
$sortable_data[] = $row;
}
@ -406,7 +407,8 @@ class GradebookTable extends SortableTable
$weight_total_links > $weight_category
) {
$warning_message = sprintf(get_lang('TotalWeightMustBeX'), $weight_category);
$modify_icons = '<a class="right_link" href="gradebook_edit_cat.php?editcat='.$id_cat.'&cidReq='.$course_code.'">'.Display::return_icon('edit.png', $warning_message, array(), ICON_SIZE_SMALL).'</a>';
$modify_icons = '<a class="right_link" href="gradebook_edit_cat.php?editcat='.$id_cat.'&cidReq='.$course_code.'">'.
Display::return_icon('edit.png', $warning_message, array(), ICON_SIZE_SMALL).'</a>';
$warning_message .= $modify_icons;
Display::display_warning_message($warning_message, false);
}
@ -493,7 +495,7 @@ class GradebookTable extends SortableTable
*/
private function build_course_code ($item)
{
return $item->get_course_code();
return $item->get_course_code();
}
/**
@ -502,18 +504,18 @@ class GradebookTable extends SortableTable
*/
private function build_id_column ($item)
{
switch ($item->get_item_type()) {
// category
case 'C' :
return 'CATE' . $item->get_id();
// evaluation
case 'E' :
return 'EVAL' . $item->get_id();
// link
case 'L' :
return 'LINK' . $item->get_id();
}
}
switch ($item->get_item_type()) {
// category
case 'C' :
return 'CATE' . $item->get_id();
// evaluation
case 'E' :
return 'EVAL' . $item->get_id();
// link
case 'L' :
return 'LINK' . $item->get_id();
}
}
/**
* @param $item
@ -522,95 +524,95 @@ class GradebookTable extends SortableTable
*/
private function build_type_column ($item, $attributes = array())
{
return build_type_icon_tag($item->get_icon_name(), $attributes);
}
/**
* Generate name column
* @param unknown_type $item
* @return string
*/
private function build_name_link($item)
return build_type_icon_tag($item->get_icon_name(), $attributes);
}
/**
* Generate name column
* @param unknown_type $item
* @return string
*/
private function build_name_link($item)
{
$view = isset($_GET['view']) ? Security::remove_XSS($_GET['view']) : null;
switch ($item->get_item_type()) {
// category
case 'C' :
$prms_uri='?selectcat=' . $item->get_id() . '&amp;view='.$view;
if (isset($_GET['isStudentView'])) {
if ( isset($is_student) || ( isset($_SESSION['studentview']) && $_SESSION['studentview']=='studentview') ) {
$prms_uri=$prms_uri.'&amp;isStudentView='.Security::remove_XSS($_GET['isStudentView']);
}
}
$cat = new Category();
$show_message=$cat->show_message_resource_delete($item->get_course_code());
return '&nbsp;<a href="'.Security::remove_XSS($_SESSION['gradebook_dest']).$prms_uri.'">'
. $item->get_name()
. '</a>'
. ($item->is_course() ? ' &nbsp;[' . $item->get_course_code() . ']'.$show_message : '');
// evaluation
case 'E' :
$cat = new Category();
$course_id = Database::get_course_by_category($_GET['selectcat']);
$show_message = $cat->show_message_resource_delete($course_id);
// course/platform admin can go to the view_results page
if (api_is_allowed_to_edit() && $show_message===false) {
if ($item->get_type() == 'presence') {
return '&nbsp;'
. '<a href="gradebook_view_result.php?cidReq='.$course_id.'&amp;selecteval=' . $item->get_id() . '">'
. $item->get_name()
. '</a>';
} else {
return '&nbsp;'
. '<a href="gradebook_view_result.php?cidReq='.$course_id.'&amp;selecteval=' . $item->get_id() . '">'
. $item->get_name()
. '</a>&nbsp;'.Display::label(get_lang('Evaluation'));
}
} elseif (ScoreDisplay :: instance()->is_custom() && $show_message===false) {
// students can go to the statistics page (if custom display enabled)
return '&nbsp;'
. '<a href="gradebook_statistics.php?selecteval=' . $item->get_id() . '">'
. $item->get_name()
. '</a>';
} elseif ($show_message===false && !api_is_allowed_to_edit() && !(ScoreDisplay :: instance()->is_custom())) {
return '&nbsp;'
. '<a href="gradebook_statistics.php?selecteval=' . $item->get_id() . '">'
. $item->get_name()
. '</a>';
} else {
return '['.get_lang('Evaluation').']&nbsp;&nbsp;'.$item->get_name().$show_message;
}
// link
case 'L' :
$cat = new Category();
$course_id = Database::get_course_by_category($_GET['selectcat']);
$show_message = $cat->show_message_resource_delete($course_id);
$url = $item->get_link();
if (isset($url) && $show_message===false) {
$text = '&nbsp;<a href="' . $item->get_link() . '">'
. $item->get_name()
. '</a>';
} else {
$text = $item->get_name();
}
$text .= "&nbsp;".Display::label($item->get_type_name(), 'info').$show_message;
$cc = $this->currentcat->get_course_code();
if (empty($cc)) {
$text .= '&nbsp;[<a href="'.api_get_path(REL_COURSE_PATH).$item->get_course_code().'/">'.$item->get_course_code().'</a>]';
}
return $text;
}
}
switch ($item->get_item_type()) {
// category
case 'C' :
$prms_uri='?selectcat=' . $item->get_id() . '&amp;view='.$view;
if (isset($_GET['isStudentView'])) {
if ( isset($is_student) || ( isset($_SESSION['studentview']) && $_SESSION['studentview']=='studentview') ) {
$prms_uri=$prms_uri.'&amp;isStudentView='.Security::remove_XSS($_GET['isStudentView']);
}
}
$cat = new Category();
$show_message=$cat->show_message_resource_delete($item->get_course_code());
return '&nbsp;<a href="'.Security::remove_XSS($_SESSION['gradebook_dest']).$prms_uri.'">'
. $item->get_name()
. '</a>'
. ($item->is_course() ? ' &nbsp;[' . $item->get_course_code() . ']'.$show_message : '');
// evaluation
case 'E' :
$cat = new Category();
$course_id = Database::get_course_by_category($_GET['selectcat']);
$show_message = $cat->show_message_resource_delete($course_id);
// course/platform admin can go to the view_results page
if (api_is_allowed_to_edit() && $show_message===false) {
if ($item->get_type() == 'presence') {
return '&nbsp;'
. '<a href="gradebook_view_result.php?cidReq='.$course_id.'&amp;selecteval=' . $item->get_id() . '">'
. $item->get_name()
. '</a>';
} else {
return '&nbsp;'
. '<a href="gradebook_view_result.php?cidReq='.$course_id.'&amp;selecteval=' . $item->get_id() . '">'
. $item->get_name()
. '</a>&nbsp;'.Display::label(get_lang('Evaluation'));
}
} elseif (ScoreDisplay :: instance()->is_custom() && $show_message===false) {
// students can go to the statistics page (if custom display enabled)
return '&nbsp;'
. '<a href="gradebook_statistics.php?selecteval=' . $item->get_id() . '">'
. $item->get_name()
. '</a>';
} elseif ($show_message===false && !api_is_allowed_to_edit() && !(ScoreDisplay :: instance()->is_custom())) {
return '&nbsp;'
. '<a href="gradebook_statistics.php?selecteval=' . $item->get_id() . '">'
. $item->get_name()
. '</a>';
} else {
return '['.get_lang('Evaluation').']&nbsp;&nbsp;'.$item->get_name().$show_message;
}
// link
case 'L' :
$cat = new Category();
$course_id = Database::get_course_by_category($_GET['selectcat']);
$show_message = $cat->show_message_resource_delete($course_id);
$url = $item->get_link();
if (isset($url) && $show_message===false) {
$text = '&nbsp;<a href="' . $item->get_link() . '">'
. $item->get_name()
. '</a>';
} else {
$text = $item->get_name();
}
$text .= "&nbsp;".Display::label($item->get_type_name(), 'info').$show_message;
$cc = $this->currentcat->get_course_code();
if (empty($cc)) {
$text .= '&nbsp;[<a href="'.api_get_path(REL_COURSE_PATH).$item->get_course_code().'/">'.$item->get_course_code().'</a>]';
}
return $text;
}
}
/**
* @param $item
@ -618,16 +620,16 @@ class GradebookTable extends SortableTable
*/
private function build_edit_column($item)
{
switch ($item->get_item_type()) {
// category
case 'C' :
return build_edit_icons_cat($item, $this->currentcat);
// evaluation
case 'E' :
return build_edit_icons_eval($item, $this->currentcat->get_id());
// link
case 'L' :
return build_edit_icons_link($item, $this->currentcat->get_id());
}
}
switch ($item->get_item_type()) {
// category
case 'C' :
return build_edit_icons_cat($item, $this->currentcat);
// evaluation
case 'E' :
return build_edit_icons_eval($item, $this->currentcat->get_id());
// link
case 'L' :
return build_edit_icons_link($item, $this->currentcat->get_id());
}
}
}

3
main/gradebook/lib/gradebook_data_generator.class.php
Unescape View File

@ -57,6 +57,7 @@ class GradebookDataGenerator
/**
* Get total number of items (rows)
* @return int
*/
public function get_total_items_count()
{
@ -196,7 +197,7 @@ class GradebookDataGenerator
} else {
$date = $item1->get_date();
if (!empty($date)) {
$timestamp1 = api_strtotime($date, 'UTC');
$timestamp1 = api_strtotime($date, 'UTC');
} else {
$timestamp1 = null;
}

73
main/gradebook/lib/gradebook_functions.inc.php
Unescape View File

@ -199,8 +199,8 @@ function get_icon_file_name($type)
/**
* Builds the course or platform admin icons to edit a category
* @param object $cat category object
* @param int $selectcat id of selected category
* @param Category $cat category
* @param Category $selectcat id of selected category
*/
function build_edit_icons_cat($cat, $selectcat)
{
@ -213,24 +213,25 @@ function build_edit_icons_cat($cat, $selectcat)
$visibility_icon = ($cat->is_visible() == 0) ? 'invisible' : 'visible';
$visibility_command = ($cat->is_visible() == 0) ? 'set_visible' : 'set_invisible';
$modify_icons .= '<a class="view_children" data-cat-id="' . $cat->get_id() . '" href="javascript:void(0);">' . Display::return_icon('view_more_stats.gif', get_lang('Show'), '', ICON_SIZE_SMALL) . '</a>';
$modify_icons .= '<a class="view_children" data-cat-id="' . $cat->get_id() . '" href="javascript:void(0);">' .
Display::return_icon('view_more_stats.gif', get_lang('Show'), '', ICON_SIZE_SMALL) . '</a>';
if (api_is_allowed_to_edit(null, true)) {
//Locking button
// Locking button
if (api_get_setting('gradebook_locking_enabled') == 'true') {
if ($cat->is_locked()) {
if (api_is_platform_admin()) {
$modify_icons .= '&nbsp;<a onclick="javascript:if (!confirm(\'' . addslashes(get_lang('ConfirmToUnlockElement')) . '\')) return false;" href="' . api_get_self() . '?' . api_get_cidreq() . '&category_id=' . $cat->get_id() . '&action=unlock">' .
Display::return_icon('lock.png', get_lang('UnLockEvaluation'), '', ICON_SIZE_SMALL) . '</a>';
Display::return_icon('lock.png', get_lang('UnLockEvaluation'), '', ICON_SIZE_SMALL) . '</a>';
} else {
$modify_icons .= '&nbsp;<a href="#">' . Display::return_icon('lock_na.png', get_lang('GradebookLockedAlert'), '', ICON_SIZE_SMALL) . '</a>';
}
$modify_icons .= '&nbsp;<a href="gradebook_flatview.php?export_pdf=category&selectcat=' . $cat->get_id() . '" >' . Display::return_icon('pdf.png', get_lang('ExportToPDF'), '', ICON_SIZE_SMALL) . '</a>';
} else {
$modify_icons .= '&nbsp;<a onclick="javascript:if (!confirm(\'' . addslashes(get_lang('ConfirmToLockElement')) . '\')) return false;" href="' . api_get_self() . '?' . api_get_cidreq() . '&category_id=' . $cat->get_id() . '&action=lock">' .
Display::return_icon('unlock.png', get_lang('LockEvaluation'), '', ICON_SIZE_SMALL) . '</a>';
Display::return_icon('unlock.png', get_lang('LockEvaluation'), '', ICON_SIZE_SMALL) . '</a>';
$modify_icons .= '&nbsp;<a href="#" >' . Display::return_icon('pdf_na.png', get_lang('ExportToPDF'), '', ICON_SIZE_SMALL) . '</a>';
//$modify_icons .= '&nbsp;<a href="gradebook_flatview.php?export_pdf=category&selectcat=' . $cat->get_id() . '" >'.Display::return_icon('pdf.png', get_lang('ExportToPDF'),'',ICON_SIZE_SMALL).'</a>';
}
@ -240,9 +241,7 @@ function build_edit_icons_cat($cat, $selectcat)
if ($cat->is_locked() && !api_is_platform_admin()) {
$modify_icons .= Display::return_icon('edit_na.png', get_lang('Modify'), '', ICON_SIZE_SMALL);
} else {
$modify_icons .= '<a href="gradebook_edit_cat.php?' .
'editcat=' . $cat->get_id() . '&cidReq=' .
$cat->get_course_code() . '">' .
$modify_icons .= '<a href="gradebook_edit_cat.php?' .'editcat=' . $cat->get_id() . '&cidReq=' .$cat->get_course_code() . '">' .
Display::return_icon(
'edit.png',
get_lang('Modify'),
@ -252,26 +251,21 @@ function build_edit_icons_cat($cat, $selectcat)
}
}
$modify_icons .= '<a href="gradebook_edit_all.php?selectcat=' .
$cat->get_id() . '&cidReq=' . $cat->get_course_code() . '">' .
$modify_icons .= '<a href="gradebook_edit_all.php?selectcat=' .$cat->get_id() . '&cidReq=' . $cat->get_course_code() . '">' .
Display::return_icon(
'percentage.png',
get_lang('EditAllWeights'),
'',
ICON_SIZE_SMALL
) . '</a>';
$modify_icons .= '<a href="gradebook_flatview.php?selectcat=' .
$cat->get_id() . '&cidReq=' . $cat->get_course_code() . '">' .
$modify_icons .= '<a href="gradebook_flatview.php?selectcat=' .$cat->get_id() . '&cidReq=' . $cat->get_course_code() . '">' .
Display::return_icon(
'stats.png',
get_lang('FlatView'),
'',
ICON_SIZE_SMALL
) . '</a>';
$modify_icons .= '&nbsp;<a href="' . api_get_self() .
'?visiblecat=' . $cat->get_id() . '&' .
$visibility_command . '=&selectcat=' . $selectcat .
'&cidReq=' . $cat->get_course_code() . '">' .
$modify_icons .= '&nbsp;<a href="' . api_get_self() .'?visiblecat=' . $cat->get_id() . '&' .$visibility_command . '=&selectcat=' . $selectcat .'&cidReq=' . $cat->get_course_code() . '">' .
Display::return_icon(
$visibility_icon . '.png',
get_lang('Visible'),
@ -289,7 +283,8 @@ function build_edit_icons_cat($cat, $selectcat)
if ($cat->is_locked() && !api_is_platform_admin()) {
$modify_icons .= Display::return_icon('delete_na.png', get_lang('DeleteAll'), '', ICON_SIZE_SMALL);
} else {
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?deletecat=' . $cat->get_id() . '&amp;selectcat=' . $selectcat . '&amp;cidReq=' . $cat->get_course_code() . '" onclick="return confirmation();">' . Display::return_icon('delete.png', get_lang('DeleteAll'), '', ICON_SIZE_SMALL) . '</a>';
$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?deletecat=' . $cat->get_id() . '&amp;selectcat=' . $selectcat . '&amp;cidReq=' . $cat->get_course_code() . '" onclick="return confirmation();">' .
Display::return_icon('delete.png', get_lang('DeleteAll'), '', ICON_SIZE_SMALL) . '</a>';
}
}
@ -368,7 +363,7 @@ function build_edit_icons_link($link, $selectcat)
$modify_icons = Display::return_icon('edit_na.png', get_lang('Modify'), '', ICON_SIZE_SMALL);
} else {
$modify_icons = '<a href="gradebook_edit_link.php?editlink=' . $link->get_id() . '&amp;cidReq=' . $link->get_course_code() . '">' .
Display::return_icon('edit.png', get_lang('Modify'), '', ICON_SIZE_SMALL) . '</a>';
Display::return_icon('edit.png', get_lang('Modify'), '', ICON_SIZE_SMALL) . '</a>';
}
//$modify_icons .= '&nbsp;<a href="' . api_get_self() . '?movelink=' . $link->get_id() . '&selectcat=' . $selectcat . '"><img src="../img/deplacer_fichier.gif" border="0" title="' . get_lang('Move') . '" alt="" /></a>';
@ -622,8 +617,8 @@ function register_user_info_about_certificate($cat_id, $user_id, $score_certific
/**
* Get date of user certificate
* @param int The category id
* @param int The user id
* @param int $cat_id The category id
* @param int $user_id The user id
* @return Datetime The date when you obtained the certificate
*/
function get_certificate_by_user_id($cat_id, $user_id)
@ -638,10 +633,11 @@ function get_certificate_by_user_id($cat_id, $user_id)
/**
* Get list of users certificates
* @param int The category id
* @param int $cat_id The category id
* @param array $userList Only users in this list
* @return array
*/
function get_list_users_certificates($cat_id = null)
function get_list_users_certificates($cat_id = null, $userList = array())
{
$table_certificate = Database::get_main_table(TABLE_MAIN_GRADEBOOK_CERTIFICATE);
$table_user = Database::get_main_table(TABLE_MAIN_USER);
@ -651,19 +647,26 @@ function get_list_users_certificates($cat_id = null)
if (!is_null($cat_id) && $cat_id > 0) {
$sql.=' WHERE cat_id=' . Database::escape_string($cat_id);
}
if (!empty($userList)) {
$userList = array_map('intval', $userList);
$userListCondition = implode("','", $userList);
$sql .= " AND u.user_id IN ('$userListCondition')";
}
$sql.=' ORDER BY u.firstname';
$rs = Database::query($sql);
$list_users = array();
while ($row = Database::fetch_array($rs)) {
$list_users[] = $row;
}
return $list_users;
}
/**
* Gets the certificate list by user id
* @param int The user id
* @param int The category id
* @param int $user_id The user id
* @param int $cat_id The category id
* @return array
*/
function get_list_gradebook_certificates_by_user_id($user_id, $cat_id = null)
@ -684,6 +687,13 @@ function get_list_gradebook_certificates_by_user_id($user_id, $cat_id = null)
return $list_certificate;
}
/**
* @param $user_id
* @param $course_code
* @param bool $is_preview
* @param bool $hide_print_button
* @return array
*/
function get_user_certificate_content($user_id, $course_code, $is_preview = false, $hide_print_button = false)
{
// Generate document HTML
@ -724,6 +734,11 @@ function get_user_certificate_content($user_id, $course_code, $is_preview = fals
);
}
/**
* @param null $course_code
* @param int $gradebook_model_id
* @return mixed
*/
function create_default_course_gradebook($course_code = null, $gradebook_model_id = 0)
{
if (api_is_allowed_to_edit(true, true)) {
@ -772,9 +787,13 @@ function create_default_course_gradebook($course_code = null, $gradebook_model_i
$category_id = $row['id'];
}
}
return $category_id;
}
/**
* @param FormValidator $form
*/
function load_gradebook_select_in_tool($form)
{
$course_code = api_get_course_id();
@ -929,6 +948,10 @@ function export_pdf_flatview($flatviewtable, $cat, $users, $alleval, $alllinks,
exit;
}
/**
* @param array $list_values
* @return string
*/
function score_badges($list_values)
{
$counter = 1;

2
main/inc/ajax/course.ajax.php
Unescape View File

@ -104,8 +104,6 @@ switch ($action) {
case 'search_course_by_session':
if (api_is_platform_admin()) {
$results = SessionManager::get_course_list_by_session_id($_GET['session_id'], $_GET['q']);
//$results = SessionManager::get_sessions_list(array('s.name LIKE' => "%".$_REQUEST['q']."%"));
$results2 = array();
if (!empty($results)) {
foreach ($results as $item) {

10
main/inc/ajax/document.ajax.php
Unescape View File

@ -25,7 +25,13 @@ switch ($action) {
exit;
}
$ifExists = isset($_POST['if_exists']) ? $_POST['if_exists'] : 'overwrite';
$fileExistsOption = api_get_configuration_value('document_if_file_exists_option');
$defaultFileExistsOption = 'rename';
if (!empty($fileExistsOption)) {
$defaultFileExistsOption = $fileExistsOption;
}
//$ifExists = isset($_POST['if_exists']) ? $_POST['if_exists'] : $defaultFileExistsOption;
if (!empty($_FILES)) {
require_once api_get_path(LIBRARY_PATH).'fileDisplay.lib.php';
@ -36,7 +42,7 @@ switch ($action) {
$file['name'],
'', // comment
0,
$ifExists,
$defaultFileExistsOption,
false,
false
);

17
main/inc/ajax/model.ajax.php
Unescape View File

@ -214,7 +214,6 @@ switch ($action) {
case 'get_work_student':
require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php';
$count = getWorkListStudent(0, $limit, $sidx, $sord, $whereCondition, true);
break;
case 'get_work_user_list_all':
require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php';
@ -258,7 +257,7 @@ switch ($action) {
}
break;
case 'get_work_student_list_overview':
if (!api_is_allowed_to_edit()) {
if (!(api_is_allowed_to_edit() || api_is_coach())) {
return 0;
}
require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php';
@ -468,11 +467,15 @@ switch ($action) {
}
}
if (!in_array($sidx, array('training_hours'))) {
//$sidx = 'training_hours';
}
$result = CourseManager::get_user_list_from_course_code(
null,
null,
"LIMIT $start, $limit",
" $sidx $sord",
null, //" $sidx $sord",
null,
null,
true,
@ -510,7 +513,9 @@ switch ($action) {
$column_names[] = $extra['3'];
}
}
if (!in_array($sidx, array('title'))) {
$sidx = 'title';
}
$result = CourseManager::get_user_list_from_course_code(
null,
null,
@ -588,7 +593,6 @@ switch ($action) {
'actions'
);
} else {
$columns = array(
'type',
'firstname',
@ -677,13 +681,14 @@ switch ($action) {
$result = get_exam_results_hotpotatoes_data($start, $limit, $sidx, $sord, $hotpot_path, $whereCondition);
break;
case 'get_work_student_list_overview':
if (!api_is_allowed_to_edit()) {
if (!(api_is_allowed_to_edit() || api_is_coach())) {
return array();
}
require_once api_get_path(SYS_CODE_PATH).'work/work.lib.php';
$columns = array(
'student', 'works'
);
$result = getWorkUserListData(
$workId,
api_get_course_id(),

17
main/inc/ajax/session.ajax.php
Unescape View File

@ -26,9 +26,8 @@ switch ($action) {
break;
case 'search_session':
if (api_is_platform_admin()) {
//$results = SessionManager::get_sessions_list(array('s.name LIKE' => "%".$_REQUEST['q']."%"));
$results = SessionManager::get_sessions_list(
array('s.name LIKE' => "%".$_REQUEST['q']."%")
array('s.name' => array('operator' => 'LIKE', 'value' => "%".$_REQUEST['q']."%"))
);
$results2 = array();
if (!empty($results)) {
@ -52,7 +51,12 @@ switch ($action) {
break;
case 'search_session_all':
if (api_is_platform_admin()) {
$results = SessionManager::get_sessions_list(array('s.name LIKE' => "%".$_REQUEST['q']."%", 'c.id ='=>$_REQUEST['course_id']));
$results = SessionManager::get_sessions_list(
array(
's.name' => array('operator' => 'like', 'value' => "%".$_REQUEST['q']."%"),
'c.id' => array('operator' => '=', 'value' => $_REQUEST['course_id'])
)
);
$results2 = array();
if (!empty($results)) {
foreach ($results as $item) {
@ -76,7 +80,12 @@ switch ($action) {
break;
case 'search_session_by_course':
if (api_is_platform_admin()) {
$results = SessionManager::get_sessions_list(array('s.name LIKE' => "%".$_REQUEST['q']."%", 'c.id ='=>$_REQUEST['course_id']));
$results = SessionManager::get_sessions_list(
array(
's.name' => array('operator' => 'like', 'value' => "%".$_REQUEST['q']."%"),
'c.id' => array('operator' => '=', 'value' => $_REQUEST['course_id'])
)
);
$results2 = array();
if (!empty($results)) {
foreach ($results as $item) {

7
main/inc/lib/CoursesAndSessionsCatalog.class.php
Unescape View File

@ -1,5 +1,9 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Class CoursesAndSessionsCatalog
*/
class CoursesAndSessionsCatalog
{
@ -7,6 +11,7 @@ class CoursesAndSessionsCatalog
* Check the configuration for the courses and sessions catalog
* @global array $_configuration Configuration
* @param int $value The value to check
*
* @return boolean Whether the configuration is $value
*/
public static function is($value = CATALOG_COURSES)
@ -25,6 +30,7 @@ class CoursesAndSessionsCatalog
/**
* Check whether to display the sessions list
* @global array $_configuration Configuration
*
* @return boolean whether to display
*/
public static function showSessions()
@ -47,6 +53,7 @@ class CoursesAndSessionsCatalog
/**
* Check whether to display the courses list
* @global array $_configuration Configuration
*
* @return boolean whether to display
*/
public static function showCourses()

76
main/inc/lib/add_courses_to_session_functions.lib.php
Unescape View File

@ -1,31 +1,27 @@
<?php
/* For licensing terms, see /license.txt */
/**
* Definition of the AddCourseToSession class
* @package chamilo.library
*/
/**
* Init
*/
require_once dirname(__FILE__).'/xajax/xajax.inc.php';
//require_once (api_get_path(SYS_CODE_PATH).'admin/add_courses_to_session.php');
/**
* AddCourseToSession class
* Class AddCourseToSession
*/
class AddCourseToSession {
/**
* Searches a course, given a search string and a type of search box
* @param string Search string
* @param string Type of search box ('single' or anything else)
* @return string XajaxResponse
* @assert () !== null
* @assert ('abc', 'single') !== null
* @assert ('abc', 'multiple') !== null
*/
public function search_courses($needle,$type) {
class AddCourseToSession
{
/**
* Searches a course, given a search string and a type of search box
* @param string $needle Search string
* @param string $type Type of search box ('single' or anything else)
* @return string XajaxResponse
* @assert () !== null
* @assert ('abc', 'single') !== null
* @assert ('abc', 'multiple') !== null
*/
public static function search_courses($needle, $type)
{
global $tbl_course, $tbl_session_rel_course, $id_session;
$course_title = null;
$xajax_response = new XajaxResponse();
$return = '';
if(!empty($needle) && !empty($type)) {
@ -35,9 +31,10 @@ class AddCourseToSession {
$cond_course_code = '';
if (!empty($id_session)) {
$id_session = Database::escape_string($id_session);
$id_session = Database::escape_string($id_session);
// check course_code from session_rel_course table
$sql = 'SELECT course_code FROM '.$tbl_session_rel_course.' WHERE id_session ="'.(int)$id_session.'"';
$sql = 'SELECT course_code FROM '.$tbl_session_rel_course.'
WHERE id_session ="'.(int)$id_session.'"';
$res = Database::query($sql);
$course_codes = '';
if (Database::num_rows($res) > 0) {
@ -51,19 +48,21 @@ class AddCourseToSession {
}
if ($type=='single') {
// search users where username or firstname or lastname begins likes $needle
$sql = 'SELECT course.code, course.visual_code, course.title, session_rel_course.id_session
// search users where username or firstname or lastname begins likes $needle
$sql = 'SELECT course.code, course.visual_code, course.title, session_rel_course.id_session
FROM '.$tbl_course.' course
LEFT JOIN '.$tbl_session_rel_course.' session_rel_course
ON course.code = session_rel_course.course_code
AND session_rel_course.id_session = '.intval($id_session).'
WHERE course.visual_code LIKE "'.$needle.'%"
OR course.title LIKE "'.$needle.'%"';
WHERE
course.visual_code LIKE "'.$needle.'%" OR
course.title LIKE "'.$needle.'%"';
} else {
$sql = 'SELECT course.code, course.visual_code, course.title
FROM '.$tbl_course.' course
WHERE course.visual_code LIKE "'.$needle.'%" '.$cond_course_code.' ORDER BY course.code ';
$sql = 'SELECT course.code, course.visual_code, course.title
FROM '.$tbl_course.' course
WHERE
course.visual_code LIKE "'.$needle.'%" '.$cond_course_code.'
ORDER BY course.code ';
}
global $_configuration;
@ -79,13 +78,18 @@ class AddCourseToSession {
ON course.code = session_rel_course.course_code
AND session_rel_course.id_session = '.intval($id_session).'
INNER JOIN '.$tbl_course_rel_access_url.' url_course ON (url_course.course_code=course.code)
WHERE access_url_id = '.$access_url_id.' AND (course.visual_code LIKE "'.$needle.'%"
OR course.title LIKE "'.$needle.'%" )';
WHERE
access_url_id = '.$access_url_id.' AND
(course.visual_code LIKE "'.$needle.'%" OR
course.title LIKE "'.$needle.'%" )';
} else {
$sql = 'SELECT course.code, course.visual_code, course.title
FROM '.$tbl_course.' course, '.$tbl_course_rel_access_url.' url_course
WHERE url_course.course_code=course.code AND access_url_id = '.$access_url_id.'
AND course.visual_code LIKE "'.$needle.'%" '.$cond_course_code.' ORDER BY course.code ';
WHERE
url_course.course_code=course.code AND
access_url_id = '.$access_url_id.' AND
course.visual_code LIKE "'.$needle.'%" '.$cond_course_code.'
ORDER BY course.code ';
}
}
}
@ -99,11 +103,8 @@ class AddCourseToSession {
$course_title=str_replace("'","\'",$course_title);
$return .= '<a href="javascript: void(0);" onclick="javascript: add_course_to_session(\''.$course['code'].'\',\''.$course_title.' ('.$course['visual_code'].')'.'\')">'.$course['title'].' ('.$course['visual_code'].')</a><br />';
}
$xajax_response -> addAssign('ajax_list_courses_single','innerHTML',api_utf8_encode($return));
} else {
$return .= '<select id="origin" name="NoSessionCoursesList[]" multiple="multiple" size="20" style="width:340px;">';
while($course = Database :: fetch_array($rs)) {
$course_list[] = $course['code'];
@ -116,6 +117,7 @@ class AddCourseToSession {
}
}
$_SESSION['course_list'] = $course_list;
return $xajax_response;
}
}

97
main/inc/lib/attendance.lib.php
Unescape View File

@ -1483,4 +1483,101 @@ class Attendance
{
return $this->attendance_weight;
}
/**
* @param string $startDate in UTC time
* @param string $endDate in UTC time
*
* @return string
*/
public function getAttendanceLogins($startDate, $endDate)
{
$sessionId = api_get_session_id();
$courseCode = api_get_course_id();
if (!empty($sessionId)) {
$users = CourseManager:: get_user_list_from_course_code(
$courseCode,
$sessionId,
'',
'lastname'
);
} else {
$users = CourseManager:: get_user_list_from_course_code(
$courseCode,
0,
'',
'lastname'
);
}
$dateTimeStartOriginal = new DateTime($startDate);
$dateTimeStart = new DateTime($startDate);
$dateTimeEnd= new DateTime($endDate);
$interval = $dateTimeStart->diff($dateTimeEnd);
$days = intval($interval->format('%a'));
$dateList = array($dateTimeStart->format('Y-m-d'));
$headers = array(
get_lang('User'),
$dateTimeStart->format('Y-m-d')
);
for ($i = 0; $i < $days; $i++) {
$dateTimeStart = $dateTimeStart->add(new DateInterval('P1D'));
$date = $dateTimeStart->format('Y-m-d');
$dateList[] = $date;
$headers[] = $date;
}
$accessData = CourseManager::getCourseAccessPerCourseAndSession(
$courseCode,
$sessionId,
$dateTimeStartOriginal->format('Y-m-d H:i:s'),
$dateTimeEnd->format('Y-m-d H:i:s')
);
$results = array();
if (!empty($accessData)) {
foreach ($accessData as $data) {
$onlyDate = substr($data['login_course_date'], 0, 10);
$results[$data['user_id']][$onlyDate] = true;
}
}
$table = new HTML_Table(array('class' => 'data_table'));
$row = 0;
$column = 0;
foreach ($headers as $header) {
$table->setHeaderContents($row, $column, $header);
$column++;
}
$row = 1;
foreach ($users as $user) {
$table->setCellContents(
$row,
0,
$user['lastname'].' '.$user['firstname'].' ('.$user['username'].')'
);
$row ++;
}
$column = 1;
$row = 1;
foreach ($users as $user) {
foreach ($dateList as $date) {
$status = null;
if (isset($results[$user['user_id']]) &&
isset($results[$user['user_id']][$date])
) {
$status = 'X';
}
$table->setCellContents($row, $column, $status);
$column++;
}
$row++;
$column = 1;
}
return $table->toHtml();
}
}

48
main/inc/lib/auth.lib.php
Unescape View File

@ -5,6 +5,7 @@ require_once api_get_path(LIBRARY_PATH).'tracking.lib.php';
require_once api_get_path(LIBRARY_PATH).'course_category.lib.php';
/**
* Class Auth
* Auth can be used to instantiate objects or as a library to manage courses
* This file contains a class used like library provides functions for auth tool.
* It's also used like model to courses_controller (MVC pattern)
@ -19,7 +20,6 @@ class Auth
*/
public function __construct()
{
}
/**
@ -35,8 +35,13 @@ class Auth
$TABLE_COURSE_FIELD_VALUE = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
// get course list auto-register
$sql = "SELECT course_code FROM $TABLE_COURSE_FIELD_VALUE tcfv INNER JOIN $TABLE_COURSE_FIELD tcf ON " .
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$sql = "SELECT course_code FROM $TABLE_COURSE_FIELD_VALUE tcfv
INNER JOIN $TABLE_COURSE_FIELD tcf
ON tcfv.field_id = tcf.id
WHERE
tcf.field_variable = 'special_course' AND
tcfv.field_value = 1
";
$special_course_result = Database::query($sql);
if (Database::num_rows($special_course_result) > 0) {
@ -476,25 +481,36 @@ class Auth
}
$search_term_safe = Database::escape_string($search_term);
$sql_find = "SELECT * FROM $TABLECOURS WHERE (code LIKE '%" .
$search_term_safe . "%' OR title LIKE '%" . $search_term_safe .
"%' OR tutor_name LIKE '%" . $search_term_safe . "%')" .
$without_special_courses . "ORDER BY title, visual_code ASC " .
$limitFilter;
$sql_find = "SELECT * FROM $TABLECOURS
WHERE (
code LIKE '%".$search_term_safe . "%' OR
title LIKE '%" . $search_term_safe ."%' OR
tutor_name LIKE '%" . $search_term_safe . "%'
)
$without_special_courses
ORDER BY title, visual_code ASC
$limitFilter
";
global $_configuration;
if ($_configuration['multiple_access_urls']) {
$url_access_id = api_get_current_access_url_id();
if ($url_access_id != -1) {
$tbl_url_rel_course = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql_find = "SELECT * FROM $TABLECOURS as course INNER JOIN" .
$tbl_url_rel_course . "as url_rel_course ON
(url_rel_course.course_code=course.code) WHERE access_url_id = " .
$url_access_id . "AND (code LIKE '%" . $search_term_safe . "%'
OR title LIKE '%" . $search_term_safe . "%'
OR tutor_name LIKE '%" . $search_term_safe . "%' )
$without_special_courses ORDER BY title, visual_code ASC " .
$limitFilter;
$sql_find = "SELECT *
FROM $TABLECOURS as course
INNER JOIN $tbl_url_rel_course as url_rel_course
ON (url_rel_course.course_code=course.code)
WHERE
access_url_id = $url_access_id AND (
code LIKE '%" . $search_term_safe . "%' OR
title LIKE '%" . $search_term_safe . "%' OR
tutor_name LIKE '%" . $search_term_safe . "%'
)
$without_special_courses
ORDER BY title, visual_code ASC
$limitFilter
";
}
}
$result_find = Database::query($sql_find);

457
main/inc/lib/course.lib.php
Unescape View File

@ -1382,7 +1382,6 @@ class CourseManager
// if the $order_by does not contain 'ORDER BY' we have to check if it is a valid field that can be sorted on
if (!strstr($order_by,'ORDER BY')) {
$order_by = Database::escape_string($order_by);
if (!empty($order_by)) {
$order_by = 'ORDER BY '.$order_by;
} else {
@ -1415,7 +1414,6 @@ class CourseManager
if (SessionManager::orderCourseIsEnabled()) {
//$order_by = "ORDER BY position";
}
} else {
if ($return_count) {
$sql = " SELECT COUNT(*) as count";
@ -1424,9 +1422,21 @@ class CourseManager
}
} else {
if (empty($course_code)) {
$sql = 'SELECT DISTINCT course.title, course.code, course_rel_user.status as status_rel, user.user_id, course_rel_user.role, course_rel_user.tutor_id, user.* ';
$sql = 'SELECT DISTINCT
course.title,
course.code,
course_rel_user.status as status_rel,
user.user_id,
course_rel_user.role,
course_rel_user.tutor_id,
user.* ';
} else {
$sql = 'SELECT DISTINCT course_rel_user.status as status_rel, user.user_id, course_rel_user.role, course_rel_user.tutor_id, user.* ';
$sql = 'SELECT DISTINCT
course_rel_user.status as status_rel,
user.user_id,
course_rel_user.role,
course_rel_user.tutor_id,
user.* ';
}
}
@ -1490,6 +1500,7 @@ class CourseManager
}
$sql .= ' '.$order_by.' '.$limit;
$rs = Database::query($sql);
$users = array();
@ -1739,8 +1750,8 @@ class CourseManager
* @param string $course_code
* @param boolean $with_session
* @param integer $session_id
* @param date $date_from
* @param date $date_to
* @param string $date_from
* @param string $date_to
* @return array with user id
*/
public static function get_student_list_from_course_code(
@ -1995,7 +2006,10 @@ class CourseManager
FROM ".Database::get_main_table(TABLE_MAIN_COURSE)." course
LEFT JOIN ".Database::get_main_table(TABLE_MAIN_COURSE_USER)." course_user
ON course.code = course_user.course_code
WHERE course.target_course_code = '$course_code' AND course_user.user_id = '$user_id' AND course_user.relation_type<>".COURSE_RELATION_TYPE_RRHH." ";
WHERE
course.target_course_code = '$course_code' AND
course_user.user_id = '$user_id' AND
course_user.relation_type<>".COURSE_RELATION_TYPE_RRHH." ";
$sql_result = Database::query($sql);
while ($result = Database::fetch_array($sql_result)) {
@ -2175,13 +2189,12 @@ class CourseManager
$table_stats_links = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LINKS);
$table_stats_uploads = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_UPLOADS);
$code = Database::escape_string($code);
$sql = "SELECT * FROM $table_course WHERE code='".$code."'";
$codeFiltered = Database::escape_string($code);
$sql = "SELECT * FROM $table_course WHERE code='".$codeFiltered."'";
$res = Database::query($sql);
if (Database::num_rows($res) == 0) {
return;
}
$this_course = Database::fetch_array($res);
$count = 0;
if (api_is_multiple_url_enabled()) {
require_once api_get_path(LIBRARY_PATH).'urlmanager.lib.php';
@ -2193,177 +2206,183 @@ class CourseManager
$count = UrlManager::getcountUrlRelCourse($code);
}
if ($count == 0) {
self::create_database_dump($code);
if (!self::is_virtual_course_from_system_code($code)) {
// If this is not a virtual course, look for virtual courses that depend on this one, if any
$virtual_courses = self::get_virtual_courses_linked_to_real_course($code);
foreach ($virtual_courses as $index => $virtual_course) {
// Unsubscribe all classes from the virtual course
/*$sql = "DELETE FROM $table_course_class WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);*/
// Unsubscribe all users from the virtual course
$sql = "DELETE FROM $table_course_user WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);
// Delete the course from the sessions tables
$sql = "DELETE FROM $table_session_course WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_session_course_user WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);
// Delete the course from the survey tables
$sql = "DELETE FROM $table_course_survey WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);
/*$sql = "DELETE FROM $table_course_survey_user WHERE db_name='".$virtual_course['db_name']."'";
Database::query($sql);
$sql = "DELETE FROM $table_course_survey_reminder WHERE db_name='".$virtual_course['db_name']."'";
Database::query($sql);*/
// Delete the course from the stats tables
$sql = "DELETE FROM $table_stats_hotpots WHERE exe_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_attempt WHERE course_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_exercises WHERE exe_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_access WHERE access_cours_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_lastaccess WHERE access_cours_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_course_access WHERE course_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_online WHERE course = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_default WHERE default_cours_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_downloads WHERE down_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_links WHERE links_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_uploads WHERE upload_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
self::create_database_dump($code);
if (!self::is_virtual_course_from_system_code($code)) {
// If this is not a virtual course, look for virtual courses that depend on this one, if any
$virtual_courses = self::get_virtual_courses_linked_to_real_course($code);
foreach ($virtual_courses as $index => $virtual_course) {
// Unsubscribe all classes from the virtual course
/*$sql = "DELETE FROM $table_course_class WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);*/
// Unsubscribe all users from the virtual course
$sql = "DELETE FROM $table_course_user WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);
// Delete the course from the sessions tables
$sql = "DELETE FROM $table_session_course WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_session_course_user WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);
// Delete the course from the survey tables
$sql = "DELETE FROM $table_course_survey WHERE course_code='".$virtual_course['code']."'";
Database::query($sql);
/*$sql = "DELETE FROM $table_course_survey_user WHERE db_name='".$virtual_course['db_name']."'";
Database::query($sql);
$sql = "DELETE FROM $table_course_survey_reminder WHERE db_name='".$virtual_course['db_name']."'";
Database::query($sql);*/
// Delete the course from the course table
$sql = "DELETE FROM $table_course WHERE code='".$virtual_course['code']."'";
Database::query($sql);
}
// Delete the course from the stats tables
$sql = "SELECT * FROM $table_course WHERE code='".$code."'";
$res = Database::query($sql);
$course = Database::fetch_array($res);
$course_tables = get_course_tables();
$sql = "DELETE FROM $table_stats_hotpots WHERE exe_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_attempt WHERE course_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_exercises WHERE exe_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_access WHERE access_cours_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_lastaccess WHERE access_cours_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_course_access WHERE course_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_online WHERE course = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_default WHERE default_cours_code = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_downloads WHERE down_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_links WHERE links_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_uploads WHERE upload_cours_id = '".$virtual_course['code']."'";
Database::query($sql);
//Cleaning c_x tables
if (!empty($course['id'])) {
foreach($course_tables as $table) {
$table = Database::get_course_table($table);
$sql = "DELETE FROM $table WHERE c_id = {$course['id']} ";
// Delete the course from the course table
$sql = "DELETE FROM $table_course WHERE code='".$virtual_course['code']."'";
Database::query($sql);
}
}
$course_dir = api_get_path(SYS_COURSE_PATH).$course['directory'];
$archive_dir = api_get_path(SYS_ARCHIVE_PATH).$course['directory'].'_'.time();
if (is_dir($course_dir)) {
rename($course_dir, $archive_dir);
}
}
// Unsubscribe all classes from the course
/*$sql = "DELETE FROM $table_course_class WHERE course_code='".$code."'";
Database::query($sql);*/
// Unsubscribe all users from the course
$sql = "DELETE FROM $table_course_user WHERE course_code='".$code."'";
Database::query($sql);
// Delete the course from the sessions tables
$sql = "DELETE FROM $table_session_course WHERE course_code='".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_session_course_user WHERE course_code='".$code."'";
Database::query($sql);
// Delete from Course - URL
$sql = "DELETE FROM $table_course_rel_url WHERE course_code = '".$code."'";
Database::query($sql);
$sql = "SELECT * FROM $table_course WHERE code='".$codeFiltered."'";
$res = Database::query($sql);
$course = Database::fetch_array($res);
$course_tables = get_course_tables();
//Cleaning c_x tables
if (!empty($course['id'])) {
foreach($course_tables as $table) {
$table = Database::get_course_table($table);
$sql = "DELETE FROM $table WHERE c_id = {$course['id']} ";
Database::query($sql);
}
}
$course_dir = api_get_path(SYS_COURSE_PATH).$course['directory'];
$archive_dir = api_get_path(SYS_ARCHIVE_PATH).$course['directory'].'_'.time();
if (is_dir($course_dir)) {
rename($course_dir, $archive_dir);
}
}
$sql = 'SELECT survey_id FROM '.$table_course_survey.' WHERE course_code="'.$code.'"';
$result_surveys = Database::query($sql);
while($surveys = Database::fetch_array($result_surveys)) {
$survey_id = $surveys[0];
$sql = 'DELETE FROM '.$table_course_survey_question.' WHERE survey_id="'.$survey_id.'"';
// Unsubscribe all classes from the course
/*$sql = "DELETE FROM $table_course_class WHERE course_code='".$code."'";
Database::query($sql);*/
// Unsubscribe all users from the course
$sql = "DELETE FROM $table_course_user WHERE course_code='".$codeFiltered."'";
Database::query($sql);
$sql = 'DELETE FROM '.$table_course_survey_question_option.' WHERE survey_id="'.$survey_id.'"';
// Delete the course from the sessions tables
$sql = "DELETE FROM $table_session_course WHERE course_code='".$codeFiltered."'";
Database::query($sql);
$sql = 'DELETE FROM '.$table_course_survey.' WHERE survey_id="'.$survey_id.'"';
$sql = "DELETE FROM $table_session_course_user WHERE course_code='".$codeFiltered."'";
Database::query($sql);
}
// Delete the course from the stats tables
$sql = "DELETE FROM $table_stats_hotpots WHERE exe_cours_id = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_attempt WHERE course_code = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_exercises WHERE exe_cours_id = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_access WHERE access_cours_code = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_lastaccess WHERE access_cours_code = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_course_access WHERE course_code = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_online WHERE course = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_default WHERE default_cours_code = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_downloads WHERE down_cours_id = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_links WHERE links_cours_id = '".$code."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_uploads WHERE upload_cours_id = '".$code."'";
Database::query($sql);
// Delete from Course - URL
$sql = "DELETE FROM $table_course_rel_url WHERE course_code = '".$codeFiltered."'";
Database::query($sql);
// Delete the course from the database
$sql = "DELETE FROM $table_course WHERE code='".$code."'";
Database::query($sql);
$sql = 'SELECT survey_id FROM '.$table_course_survey.' WHERE course_code="'.$codeFiltered.'"';
$result_surveys = Database::query($sql);
while($surveys = Database::fetch_array($result_surveys)) {
$survey_id = $surveys[0];
$sql = 'DELETE FROM '.$table_course_survey_question.' WHERE survey_id="'.$survey_id.'"';
Database::query($sql);
$sql = 'DELETE FROM '.$table_course_survey_question_option.' WHERE survey_id="'.$survey_id.'"';
Database::query($sql);
$sql = 'DELETE FROM '.$table_course_survey.' WHERE survey_id="'.$survey_id.'"';
Database::query($sql);
}
// delete extra course fields
$t_cf = Database::get_main_table(TABLE_MAIN_COURSE_FIELD);
$t_cfv = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
// Delete the course from the stats tables
$sql = "SELECT distinct field_id FROM $t_cfv WHERE course_code = '$code'";
$res_field_ids = @Database::query($sql);
$sql = "DELETE FROM $table_stats_hotpots WHERE exe_cours_id = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_attempt WHERE course_code = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_exercises WHERE exe_cours_id = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_access WHERE access_cours_code = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_lastaccess WHERE access_cours_code = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_course_access WHERE course_code = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_online WHERE course = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_default WHERE default_cours_code = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_downloads WHERE down_cours_id = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_links WHERE links_cours_id = '".$codeFiltered."'";
Database::query($sql);
$sql = "DELETE FROM $table_stats_uploads WHERE upload_cours_id = '".$codeFiltered."'";
Database::query($sql);
while($row_field_id = Database::fetch_row($res_field_ids)){
$field_ids[] = $row_field_id[0];
}
// Delete the course from the database
$sql = "DELETE FROM $table_course WHERE code='".$codeFiltered."'";
Database::query($sql);
//delete from table_course_field_value from a given course_code
// delete extra course fields
$t_cf = Database::get_main_table(TABLE_MAIN_COURSE_FIELD);
$t_cfv = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
$sql_course_field_value = "DELETE FROM $t_cfv WHERE course_code = '$code'";
@Database::query($sql_course_field_value);
$sql = "SELECT distinct field_id FROM $t_cfv WHERE course_code = '$codeFiltered'";
$res_field_ids = Database::query($sql);
$field_ids = array();
while($row_field_id = Database::fetch_row($res_field_ids)){
$field_ids[] = $row_field_id[0];
}
$sql = "SELECT distinct field_id FROM $t_cfv";
$res_field_all_ids = @Database::query($sql);
// Delete from table_course_field_value from a given course_code
$sql_course_field_value = "DELETE FROM $t_cfv WHERE course_code = '$codeFiltered'";
Database::query($sql_course_field_value);
while($row_field_all_id = Database::fetch_row($res_field_all_ids)){
$field_all_ids[] = $row_field_all_id[0];
}
$sql = "SELECT distinct field_id FROM $t_cfv";
$res_field_all_ids = Database::query($sql);
$field_all_ids = array();
while($row_field_all_id = Database::fetch_row($res_field_all_ids)) {
$field_all_ids[] = $row_field_all_id[0];
}
if (is_array($field_ids) && count($field_ids) > 0) {
foreach ($field_ids as $field_id) {
// check if field id is used into table field value
if (is_array($field_all_ids)) {
if (in_array($field_id, $field_all_ids)) {
continue;
} else {
$sql_course_field = "DELETE FROM $t_cf WHERE id = '$field_id'";
Database::query($sql_course_field);
if (is_array($field_ids) && count($field_ids) > 0) {
foreach ($field_ids as $field_id) {
// check if field id is used into table field value
if (is_array($field_all_ids)) {
if (in_array($field_id, $field_all_ids)) {
continue;
} else {
$sql_course_field = "DELETE FROM $t_cf WHERE id = '$field_id'";
Database::query($sql_course_field);
}
}
}
}
}
// Add event to system log
$user_id = api_get_user_id();
event_system(LOG_COURSE_DELETE, LOG_COURSE_CODE, $code, api_get_utc_datetime(), $user_id, $code);
// Add event to system log
$user_id = api_get_user_id();
event_system(
LOG_COURSE_DELETE,
LOG_COURSE_CODE,
$code,
api_get_utc_datetime(),
$user_id,
$code
);
}
}
@ -2884,8 +2903,8 @@ class CourseManager
*/
public static function update_course_extra_field_value($course_code, $fname, $fvalue = '')
{
$t_cfv = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
$t_cf = Database::get_main_table(TABLE_MAIN_COURSE_FIELD);
$t_cfv = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
$t_cf = Database::get_main_table(TABLE_MAIN_COURSE_FIELD);
$fname = Database::escape_string($fname);
$course_code = Database::escape_string($course_code);
$fvalues = '';
@ -3180,7 +3199,8 @@ class CourseManager
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
while ($row = Database::fetch_array($result)) {
$sql = "DELETE FROM $tbl_course_rel_user WHERE course_code = '{$row['course_code']}' AND user_id = $hr_manager_id AND relation_type=".COURSE_RELATION_TYPE_RRHH." ";
$sql = "DELETE FROM $tbl_course_rel_user
WHERE course_code = '{$row['course_code']}' AND user_id = $hr_manager_id AND relation_type=".COURSE_RELATION_TYPE_RRHH." ";
Database::query($sql);
}
}
@ -3189,7 +3209,8 @@ class CourseManager
if (is_array($courses_list)) {
foreach ($courses_list as $course_code) {
$course_code = Database::escape_string($course_code);
$insert_sql = "INSERT IGNORE INTO $tbl_course_rel_user(course_code, user_id, status, relation_type) VALUES('$course_code', $hr_manager_id, '".DRH."', '".COURSE_RELATION_TYPE_RRHH."')";
$insert_sql = "INSERT IGNORE INTO $tbl_course_rel_user(course_code, user_id, status, relation_type)
VALUES('$course_code', $hr_manager_id, '".DRH."', '".COURSE_RELATION_TYPE_RRHH."')";
Database::query($insert_sql);
if (Database::affected_rows()) {
$affected_rows++;
@ -3349,23 +3370,28 @@ class CourseManager
/**
* check if a course is special (autoregister)
* @param string course code
* @param string $course_code
*/
public static function is_special_course($course_code)
{
$tbl_course_field_value = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
$tbl_course_field = Database::get_main_table(TABLE_MAIN_COURSE_FIELD);
$tbl_course_field_value = Database::get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
$tbl_course_field = Database::get_main_table(TABLE_MAIN_COURSE_FIELD);
$is_special = false;
$course_code = Database::escape_string($course_code);
$sql = "SELECT course_code
FROM $tbl_course_field_value tcfv
INNER JOIN $tbl_course_field tcf ON tcfv.field_id = tcf.id
WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 AND course_code='$course_code'";
WHERE
tcf.field_variable = 'special_course' AND
tcfv.field_value = 1 AND
course_code='$course_code'";
$result = Database::query($sql);
$num_rows = Database::num_rows($result);
if ($num_rows > 0){
$is_special = true;
}
return $is_special;
}
@ -3894,20 +3920,20 @@ class CourseManager
*/
public static function get_logged_user_course_html($course, $session_id = 0, $class = 'courses', $session_accessible = true, $load_dirs = false)
{
global $nosession, $nbDigestEntries, $digest, $thisCourseSysCode, $orderKey;
global $nosession;
$user_id = api_get_user_id();
$course_info = api_get_course_info($course['code']);
$status_course = CourseManager::get_user_in_course_status($user_id, $course_info['code']);
$course_info['status'] = empty($session_id) ? $status_course : STUDENT;
$course_info['id_session'] = $session_id;
if (!$nosession) {
global $now, $date_start, $date_end;
}
if (empty($date_start) or empty($date_end)) {
$sess = SessionManager::get_sessions_list(array('s.id = ' => $course_info['id_session']));
$sess = SessionManager::get_sessions_list(
array('s.id' => array('operator' => '=', 'value' => $course_info['id_session']))
);
$date_start = $sess[$course_info['id_session']]['date_start'];
$date_end = $sess[$course_info['id_session']]['date_end'];
}
@ -3917,17 +3943,21 @@ class CourseManager
}
// Table definitions
$main_user_table = Database :: get_main_table(TABLE_MAIN_USER);
$tbl_session = Database :: get_main_table(TABLE_MAIN_SESSION);
$tbl_session_category = Database :: get_main_table(TABLE_MAIN_SESSION_CATEGORY);
$main_user_table = Database :: get_main_table(TABLE_MAIN_USER);
$tbl_session = Database :: get_main_table(TABLE_MAIN_SESSION);
$tbl_session_category = Database :: get_main_table(TABLE_MAIN_SESSION_CATEGORY);
$course_access_settings = CourseManager::get_access_settings($course_info['code']);
$course_visibility = $course_access_settings['visibility'];
$course_access_settings = CourseManager::get_access_settings($course_info['code']);
$course_visibility = $course_access_settings['visibility'];
if ($course_visibility == COURSE_VISIBILITY_HIDDEN) {
return '';
}
$user_in_course_status = CourseManager::get_user_in_course_status(api_get_user_id(), $course_info['code']);
$user_in_course_status = CourseManager::get_user_in_course_status(
api_get_user_id(),
$course_info['code']
);
$is_coach = api_is_coach($course_info['id_session'], $course['code']);
@ -3935,8 +3965,11 @@ class CourseManager
// Show a hyperlink to the course, unless the course is closed and user is not course admin.
$session_url = '';
$session_title = '';
if ($session_accessible) {
if ($course_visibility != COURSE_VISIBILITY_CLOSED || $user_in_course_status == COURSEMANAGER) {
if ($course_visibility != COURSE_VISIBILITY_CLOSED ||
$user_in_course_status == COURSEMANAGER
) {
if (!$nosession) {
if (empty($course_info['id_session'])) {
$course_info['id_session'] = 0;
@ -3985,10 +4018,11 @@ class CourseManager
$params['link'] = $session_url;
$params['title'] = $session_title;
$params['right_actions'] = '';
if ($course_visibility != COURSE_VISIBILITY_CLOSED && $course_visibility != COURSE_VISIBILITY_HIDDEN) {
if ($course_visibility != COURSE_VISIBILITY_CLOSED &&
$course_visibility != COURSE_VISIBILITY_HIDDEN
) {
if ($load_dirs) {
$params['right_actions'] .= '<a id="document_preview_'.$course_info['real_id'].'_'.$course_info['id_session'].'" class="document_preview" href="javascript:void(0);">'.Display::return_icon('folder.png', get_lang('Documents'), array('align' => 'absmiddle'),ICON_SIZE_SMALL).'</a>';
$params['right_actions'] .= Display::div('', array('id' => 'document_result_'.$course_info['real_id'].'_'.$course_info['id_session'], 'class'=>'document_preview_container'));
@ -4000,9 +4034,19 @@ class CourseManager
}
if (api_get_setting('display_teacher_in_courselist') == 'true') {
$teacher_list = null;
if (!$nosession) {
$teacher_list = CourseManager::get_teacher_list_from_course_code_to_string($course_info['code'], self::USER_SEPARATOR, true);
$course_coachs = CourseManager::get_coachs_from_course_to_string($course_info['id_session'], $course['code'], self::USER_SEPARATOR, true);
$teacher_list = CourseManager::get_teacher_list_from_course_code_to_string(
$course_info['code'],
self::USER_SEPARATOR,
true
);
$course_coachs = CourseManager::get_coachs_from_course_to_string(
$course_info['id_session'],
$course['code'],
self::USER_SEPARATOR,
true
);
if ($course_info['status'] == COURSEMANAGER || ($course_info['status'] == STUDENT && empty($course_info['id_session'])) || empty($course_info['status'])) {
$params['teachers'] = $teacher_list;
@ -4722,6 +4766,9 @@ class CourseManager
if (!empty($specialCourseList)) {
$withoutSpecialCourses = ' AND c.code NOT IN ("'.implode('","',$specialCourseList).'")';
}
$visibilityCondition = null;
if (isset($_configuration['course_catalog_hide_private'])) {
if ($_configuration['course_catalog_hide_private'] == true) {
$courseInfo = api_get_course_info();
@ -4731,7 +4778,14 @@ class CourseManager
}
if (!empty($accessUrlId) && $accessUrlId == intval($accessUrlId)) {
$sql = "SELECT count(id) FROM $tableCourse c, $tableCourseRelAccessUrl u
WHERE c.code = u.course_code AND u.access_url_id = $accessUrlId AND c.visibility != 0 AND c.visibility != 4 $withoutSpecialCourses $visibilityCondition";
WHERE
c.code = u.course_code AND
u.access_url_id = $accessUrlId AND
c.visibility != 0 AND
c.visibility != 4
$withoutSpecialCourses
$visibilityCondition
";
}
$res = Database::query($sql);
$row = Database::fetch_row($res);
@ -5012,6 +5066,10 @@ class CourseManager
public static function getCourseAccessPerSessionAndUser($sessionId, $userId, $limit = null)
{
$table = Database :: get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
$sessionId = intval($sessionId);
$userId = intval($userId);
$sql = "SELECT * FROM $table
WHERE session_id = $sessionId AND user_id = $userId";
@ -5024,6 +5082,38 @@ class CourseManager
return Database::store_result($result);
}
/**
* Get information from the track_e_course_access table
* @param string $courseCode
* @param int $sessionId
* @param string $startDate
* @param string $endDate
* @return array
*/
public static function getCourseAccessPerCourseAndSession(
$courseCode,
$sessionId,
$startDate,
$endDate
) {
$table = Database :: get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
$courseCode = Database::escape_string($courseCode);
$sessionId = intval($sessionId);
$startDate = Database::escape_string($startDate);
$endDate = Database::escape_string($endDate);
$sql = "SELECT * FROM $table
WHERE
course_code = $courseCode AND
session_id = $sessionId AND
login_course_date BETWEEN $startDate AND $endDate
";
$result = Database::query($sql);
return Database::store_result($result);
}
/**
* Get login information from the track_e_course_access table, for any
* course in the given session
@ -5033,6 +5123,9 @@ class CourseManager
*/
public static function getFirstCourseAccessPerSessionAndUser($sessionId, $userId)
{
$sessionId = intval($sessionId);
$userId = intval($userId);
$table = Database :: get_main_table(TABLE_STATISTIC_TRACK_E_COURSE_ACCESS);
$sql = "SELECT * FROM $table
WHERE session_id = $sessionId AND user_id = $userId

44
main/inc/lib/course_category.lib.php
Unescape View File

@ -18,7 +18,7 @@ function isMultipleUrlSupport()
function getCategoryById($categoryId)
{
$tbl_category = Database::get_main_table(TABLE_MAIN_CATEGORY);
$categoryId = Database::escape_string($categoryId);
$categoryId = intval($categoryId);
$sql = "SELECT * FROM $tbl_category WHERE id = '$categoryId'";
$result = Database::query($sql);
if (Database::num_rows($result)) {
@ -503,7 +503,7 @@ function browseCourseCategories()
* @return int
*/
function countCoursesInCategory($category_code="", $searchTerm = '')
{
{
global $_configuration;
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
$TABLE_COURSE_FIELD = Database :: get_main_table(TABLE_MAIN_COURSE_FIELD);
@ -556,9 +556,14 @@ function countCoursesInCategory($category_code="", $searchTerm = '')
}
$sql = "SELECT * FROM $tbl_course
WHERE visibility != '0' AND visibility != '4'".
$categoryFilter . $searchFilter .
$without_special_courses . $visibilityCondition;
WHERE
visibility != '0' AND
visibility != '4'
$categoryFilter
$searchFilter
$without_special_courses
$visibilityCondition
";
// Showing only the courses of the current portal access_url_id.
if (api_is_multiple_url_enabled()) {
@ -566,11 +571,17 @@ function countCoursesInCategory($category_code="", $searchTerm = '')
if ($url_access_id != -1) {
$tbl_url_rel_course = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
$sql = "SELECT * FROM $tbl_course as course
INNER JOIN $tbl_url_rel_course as url_rel_course
ON (url_rel_course.course_code=course.code)
WHERE access_url_id = $url_access_id AND course.visibility != '0'
AND course.visibility != '4' AND category_code" . "='" . $category_code . "'" .
$searchTerm . $without_special_courses. $visibilityCondition;
INNER JOIN $tbl_url_rel_course as url_rel_course
ON (url_rel_course.course_code=course.code)
WHERE
access_url_id = $url_access_id AND
course.visibility != '0' AND
course.visibility != '4' AND
category_code = '$category_code'
$searchTerm
$without_special_courses
$visibilityCondition
";
}
}
@ -585,7 +596,7 @@ function countCoursesInCategory($category_code="", $searchTerm = '')
* @return array
*/
function browseCoursesInCategory($category_code, $random_value = null, $limit = array())
{
{
global $_configuration;
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
$TABLE_COURSE_FIELD = Database::get_main_table(TABLE_MAIN_COURSE_FIELD);
@ -609,6 +620,7 @@ function browseCoursesInCategory($category_code, $random_value = null, $limit =
if (!empty($special_course_list)) {
$without_special_courses = ' AND course.code NOT IN (' . implode(',', $special_course_list) . ')';
}
$visibilityCondition = null;
if (isset($_configuration['course_catalog_hide_private'])) {
if ($_configuration['course_catalog_hide_private'] == true) {
$courseInfo = api_get_course_info();
@ -960,10 +972,10 @@ function getCataloguePagination($pageCurrent, $pageLength, $pageTotal)
$categoryCode = null,
$hiddenLinks = null,
$action = null
)
{
$action = isset($action) ? Security::remove_XSS($action) :
Security::remove_XSS($_REQUEST['action']);
) {
$action = isset($action) ? Security::remove_XSS($action) : Security::remove_XSS($_REQUEST['action']);
$searchTerm = isset($_REQUEST['search_term']) ? Security::remove_XSS($_REQUEST['search_term']) : null;
// Start URL with params
$pageUrl = api_get_self() .
'?action=' . $action .
@ -982,7 +994,7 @@ function getCataloguePagination($pageCurrent, $pageLength, $pageTotal)
case 'subscribe' :
// for search
$pageUrl .=
'&search_term=' . $_REQUEST['search_term'] .
'&search_term=' . $searchTerm .
'&search_course=1' .
'&sec_token=' . $_SESSION['sec_token'];
break;

107
main/inc/lib/database.lib.php
Unescape View File

@ -455,21 +455,29 @@ class Database
* @param string The string to escape
* @return string The escaped string
*/
public static function escape_sql_wildcards($in_txt) {
public static function escape_sql_wildcards($in_txt)
{
$out_txt = api_preg_replace("/_/", "\_", $in_txt);
$out_txt = api_preg_replace("/%/", "\%", $out_txt);
return $out_txt;
}
/**
* Escapes a string to insert into the database as text
* @param string The string to escape
* @param resource $connection (optional) The database server connection, for detailed description see the method query().
* @return string The escaped string
* @param string $string The string to escape
* @param resource $connection (optional) The database server connection, for detailed description see the method query().
* @param bool $addFix
* @return string he escaped string
* @author Yannick Warnier <yannick.warnier@dokeos.com>
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
*/
public static function escape_string($string, $connection = null) {
public static function escape_string($string, $connection = null, $addFix = true)
{
// Fixes security problem when there's no "" or '' between a variable.
if ($addFix) {
$string = "__@$string@__";
}
return get_magic_quotes_gpc()
? (self::use_default_connection($connection)
? mysql_real_escape_string(stripslashes($string))
@ -479,6 +487,7 @@ class Database
: mysql_real_escape_string($string, $connection));
}
/**
* Gets the array from a SQL result (as returned by Database::query) - help achieving database independence
* @param resource The result from a call to sql_query (e.g. Database::query)
@ -486,8 +495,9 @@ class Database
* @return array Array of results as returned by php
* @author Yannick Warnier <yannick.warnier@beeznest.com>
*/
public static function fetch_array($result, $option = 'BOTH') {
if ($result === false) { return array(); }
public static function fetch_array($result, $option = 'BOTH')
{
if ($result === false) { return array(); }
return $option == 'ASSOC' ? mysql_fetch_array($result, MYSQL_ASSOC) : ($option == 'NUM' ? mysql_fetch_array($result, MYSQL_NUM) : mysql_fetch_array($result));
}
@ -674,6 +684,35 @@ class Database
return self::num_rows($resource) > 0 ? (!empty($field) ? mysql_result($resource, $row, $field) : mysql_result($resource, $row)) : null;
}
/**
* Removes "__@" prefix and @__ suffix added by Database::escape_string()
* @param string $query
* @return mixed
*/
public static function fixQuery($query)
{
// LIKE condition
$query = str_replace("'%__@", "'%", $query);
$query = str_replace("@__%'", "%'", $query);
$query = str_replace('@__%"', "%'", $query);
$query = str_replace('"%__@', "'%", $query);
// Fixing doubles
$query = str_replace("__@__@", "__@", $query);
$query = str_replace("@__@__", "@__", $query);
$query = str_replace("'__@", "'", $query);
$query = str_replace('"__@', "'", $query);
$query = str_replace("__@", "'", $query);
$query = str_replace("@__'", "'", $query);
$query = str_replace('@__"', "'", $query);
$query = str_replace("@__", "'", $query);
return $query;
}
/**
* This method returns a resource
* Documentation has been added by Arthur Portugal
@ -681,12 +720,14 @@ class Database
* @author Olivier Brouckaert
* @param string $query The SQL query
* @param resource $connection (optional) The database server (MySQL) connection.
* If it is not specified, the connection opened by mysql_connect() is assumed.
* If no connection is found, the server will try to create one as if mysql_connect() was called with no arguments.
* If no connection is found or established, an E_WARNING level error is generated.
* If it is not specified, the connection opened by mysql_connect() is assumed.
* If no connection is found, the server will try to create one as if mysql_connect() was called with no arguments.
* If no connection is found or established, an E_WARNING level error is generated.
* @param string $file (optional) On error it shows the file in which the error has been trigerred (use the "magic" constant __FILE__ as input parameter)
* @param string $line (optional) On error it shows the line in which the error has been trigerred (use the "magic" constant __LINE__ as input parameter)
*
* @return resource The returned result from the query
*
* Note: The parameter $connection could be skipped. Here are examples of this method usage:
* Database::query($query);
* $result = Database::query($query);
@ -698,7 +739,8 @@ class Database
* Database::query($query, $connection, __FILE__, __LINE__);
* $result = Database::query($query, $connection, __FILE__, __LINE__);
*/
public static function query($query, $connection = null, $file = null, $line = null) {
public static function query($query, $connection = null, $file = null, $line = null)
{
$use_default_connection = self::use_default_connection($connection);
if ($use_default_connection) {
// Let us do parameter shifting, thus the method would be similar
@ -707,10 +749,11 @@ class Database
$file = $connection;
$connection = null;
}
//@todo remove this before the stable release
//Check if the table contains a c_ (means a course id)
if (api_get_setting('server_type')==='test' && strpos($query, 'c_')) {
$query = self::fixQuery($query);
// Check if the table contains a c_ (means a course id)
if (api_get_setting('server_type') === 'test' && strpos($query, 'c_')) {
//Check if the table contains inner joins
if (
strpos($query, 'assoc_handle') === false &&
@ -1179,13 +1222,11 @@ class Database
* @example array('where'=> array('type = ? AND category = ?' => array('setting', 'Plugins'))
* @example array('where'=> array('name = "Julio" AND lastname = "montoya"'))
*/
public static function select($columns, $table_name, $conditions = array(), $type_result = 'all', $option = 'ASSOC')
{
$conditions = self::parse_conditions($conditions);
//@todo we could do a describe here to check the columns ...
$clean_columns = '';
if (is_array($columns)) {
$clean_columns = implode(',', $columns);
} else {
@ -1199,7 +1240,7 @@ class Database
$sql = "SELECT $clean_columns FROM $table_name $conditions";
$result = self::query($sql);
$array = array();
//if (self::num_rows($result) > 0 ) {
if ($type_result == 'all') {
while ($row = self::fetch_array($result, $option)) {
if (isset($row['id'])) {
@ -1216,11 +1257,12 @@ class Database
/**
* Parses WHERE/ORDER conditions i.e array('where'=>array('id = ?' =>'4'), 'order'=>'id DESC'))
* @todo known issues, it doesn't work when using LIKE conditions example: array('where'=>array('course_code LIKE "?%"'))
* @param array
* @todo lot of stuff to do here
* @todo known issues, it doesn't work when using
* LIKE conditions example: array('where'=>array('course_code LIKE "?%"'))
* @param array $conditions
*/
static function parse_conditions($conditions) {
public static function parse_conditions($conditions)
{
if (empty($conditions)) {
return '';
}
@ -1232,7 +1274,6 @@ class Database
$type_condition = strtolower($type_condition);
switch ($type_condition) {
case 'where':
foreach ($condition_data as $condition => $value_array) {
if (is_array($value_array)) {
$clean_values = array();
@ -1254,14 +1295,13 @@ class Database
$condition = str_replace("%s","'%s'", $condition);
$condition = str_replace("@-@","@%s@", $condition);
//Treat conditons as string
// Treat conditions as string
$condition = vsprintf($condition, $clean_values);
$condition = str_replace('@percentage@','%', $condition); //replace "%"
$where_return .= $condition;
}
}
if (!empty($where_return)) {
$return_value = " WHERE $where_return" ;
}
@ -1271,7 +1311,7 @@ class Database
if (!empty($order_array)) {
// 'order' => 'id desc, name desc'
$order_array = self::escape_string($order_array);
$order_array = self::escape_string($order_array, null, false);
$new_order_array = explode(',', $order_array);
$temp_value = array();
@ -1301,7 +1341,6 @@ class Database
break;
case 'limit':
$limit_array = explode(',', $condition_data);
if (!empty($limit_array)) {
if (count($limit_array) > 1) {
$return_value .= ' LIMIT '.intval($limit_array[0]).' , '.intval($limit_array[1]);
@ -1312,23 +1351,29 @@ class Database
break;
}
}
return $return_value;
}
public static function parse_where_conditions($coditions) {
return self::parse_conditions(array('where'=>$coditions));
/**
* @param array $conditions
* @return string
*/
public static function parse_where_conditions($conditions)
{
return self::parse_conditions(array('where'=>$conditions));
}
/**
* Experimental useful database update
* @todo lot of stuff to do here
*/
public static function delete($table_name, $where_conditions, $show_query = false) {
$result = false;
public static function delete($table_name, $where_conditions, $show_query = false)
{
$where_return = self::parse_where_conditions($where_conditions);
$sql = "DELETE FROM $table_name $where_return ";
if ($show_query) { echo $sql; echo '<br />'; }
$result = self::query($sql);
self::query($sql);
$affected_rows = self::affected_rows();
//@todo should return affected_rows for
return $affected_rows;

12
main/inc/lib/display.lib.php
Unescape View File

@ -67,7 +67,6 @@ class Display
preg_match('/main\/([^*\/]+)/', $currentURL, $matches);
$toolList = self::toolList();
if (!empty($matches)) {
foreach ($matches as $match) {
if (in_array($match, $toolList)) {
$help = explode('_', $match);
@ -599,8 +598,6 @@ class Display
return '<a href="'.api_get_path(WEB_PATH).'index.php">'.$name.'</a>';
}
/**
* Prints an <option>-list with all letters (A-Z).
* @param char $selected_letter The letter that should be selected
@ -1758,7 +1755,8 @@ class Display
* @param string $type
* @return string
*/
public static function label($content, $type = null) {
public static function label($content, $type = null)
{
$class = '';
switch ($type) {
case 'success':
@ -1791,7 +1789,8 @@ class Display
* @param array $items
* @return null|string
*/
public static function actions($items) {
public static function actions($items)
{
$html = null;
if (!empty($items)) {
$html = '<div class="new_actions"><ul class="nav nav-pills">';
@ -1856,7 +1855,8 @@ class Display
/**
* @todo use twig
*/
public static function group_button($title, $elements) {
public static function group_button($title, $elements)
{
$html = '<div class="btn-toolbar">
<div class="btn-group">
<button class="btn dropdown-toggle" data-toggle="dropdown">'.$title.' <span class="caret"></span></button>

42
main/inc/lib/document.lib.php
Unescape View File

@ -531,7 +531,7 @@ class DocumentManager
// Escape underscores in the path so they don't act as a wildcard
$originalPath = $path;
$path = Database::escape_string(str_replace('_', '\_', $path));
$path = str_replace('_', '\_', $path);
$to_value = Database::escape_string($to_value);
$visibility_bit = ' <> 2';
@ -579,8 +579,8 @@ class DocumentManager
last.c_id = {$_course['real_id']}
)
WHERE
docs.path LIKE '" . $path . $added_slash . "%' AND
docs.path NOT LIKE '" . $path . $added_slash . "%/%' AND
docs.path LIKE '" . Database::escape_string($path . $added_slash.'%'). "' AND
docs.path NOT LIKE '" . Database::escape_string($path . $added_slash.'%/%')."' AND
docs.path NOT LIKE '%_DELETED_%' AND
$to_field = $to_value AND
last.visibility
@ -588,6 +588,7 @@ class DocumentManager
$condition_session
$sharedCondition
";
$result = Database::query($sql);
$doc_list = array();
@ -726,6 +727,7 @@ class DocumentManager
$_course['code'],
api_get_session_id()
);
$sharedCondition = null;
if (!empty($students)) {
@ -849,7 +851,7 @@ class DocumentManager
FROM $TABLE_ITEMPROPERTY AS last, $TABLE_DOCUMENT AS docs
WHERE
docs.id = last.ref AND
docs.path LIKE '" . Database::escape_string($row['path']) . "/%' AND
docs.path LIKE '" . Database::escape_string($row['path'].'/%') . "' AND
docs.filetype = 'folder' AND
last.tool = '" . TOOL_DOCUMENT . "' AND
last.to_group_id = " . $to_group_id . " AND
@ -1523,7 +1525,6 @@ class DocumentManager
$course_id = $course['real_id'];
//note the extra / at the end of doc_path to match every path in the document table that is part of the document path
$doc_path = Database::escape_string($doc_path);
$session_id = intval($session_id);
$condition = "AND id_session IN ('$session_id', '0') ";
@ -1548,6 +1549,7 @@ class DocumentManager
omega.jpg
theta.jpg
*/
if (strpos($doc_path, 'HotPotatoes_files') && preg_match("/\.t\.html$/", $doc_path)) {
$doc_path = substr($doc_path, 0, strlen($doc_path) - 7 - strlen(api_get_user_id()));
}
@ -1556,10 +1558,15 @@ class DocumentManager
$file_type = 'file';
}
$sql = "SELECT visibility FROM $docTable d INNER JOIN $propTable ip
ON (d.id = ip.ref AND d.c_id = $course_id AND ip.c_id = $course_id)
WHERE ip.tool = '" . TOOL_DOCUMENT . "' $condition AND
filetype = '$file_type' AND locate(concat(path,'/'),'" . $doc_path . "/')=1";
$sql = "SELECT visibility
FROM $docTable d
INNER JOIN $propTable ip
ON (d.id = ip.ref AND d.c_id = $course_id AND ip.c_id = $course_id)
WHERE
ip.tool = '" . TOOL_DOCUMENT . "' $condition AND
filetype = '$file_type' AND
locate(concat(path,'/'), '" . Database::escape_string($doc_path.'/'). "')=1
";
$result = Database::query($sql);
$is_visible = false;
@ -3195,7 +3202,6 @@ class DocumentManager
}
$overwrite_url = Security::remove_XSS($overwrite_url);
$user_id = api_get_user_id();
$user_in_course = false;
@ -3232,11 +3238,6 @@ class DocumentManager
$tbl_doc = Database::get_course_table(TABLE_DOCUMENT);
$tbl_item_prop = Database::get_course_table(TABLE_ITEM_PROPERTY);
$path = '/';
$path = Database::escape_string(str_replace('_', '\_', $path));
$added_slash = ($path == '/') ? '' : '/';
$condition_session = " AND (id_session = '$session_id' OR id_session = '0' )";
$add_folder_filter = null;
@ -3258,18 +3259,18 @@ class DocumentManager
//$showOnlyFoldersCondition = " AND docs.filetype = 'folder' ";
}
$folderCondition = " AND docs.path LIKE '" . $path . $added_slash . "%' ";
$folderCondition = " AND docs.path LIKE '/%' ";
if ($folderId !== false) {
$parentData = self::get_document_data_by_id($folderId, $course_info['code']);
if (!empty($parentData)) {
$cleanedPath = Database::escape_string($parentData['path']);
$cleanedPath = $parentData['path'];
$num = substr_count($cleanedPath, '/');
$notLikeCondition = null;
for ($i = 1; $i <= $num; $i++) {
$repeat = str_repeat('/%', $i+1);
$notLikeCondition .= " AND docs.path NOT LIKE '".$cleanedPath.$repeat."' ";
$notLikeCondition .= " AND docs.path NOT LIKE '".Database::escape_string($cleanedPath.$repeat)."' ";
}
$folderCondition = " AND
@ -4692,8 +4693,6 @@ class DocumentManager
}
$sessionId = intval($sessionId);
$folder = Database::escape_string($folder);
$folderWithSuffix = self::fixDocumentName(
$folder,
'folder',
@ -4702,6 +4701,7 @@ class DocumentManager
$groupId
);
$folder = Database::escape_string($folder);
$folderWithSuffix = Database::escape_string($folderWithSuffix);
// Check if pathname already exists inside document table
@ -4710,7 +4710,7 @@ class DocumentManager
WHERE
filetype = 'folder' AND
c_id = $courseId AND
(path = '".$folder."' OR path = '$folderWithSuffix') AND
(path = '$folder' OR path = '$folderWithSuffix') AND
(session_id = 0 OR session_id = $sessionId)
";

3
main/inc/lib/fileUpload.lib.php
Unescape View File

@ -357,7 +357,7 @@ function handle_uploaded_document(
);
// This means that the path already exists in this course.
if (!empty($documentList)) {
if (!empty($documentList) && $whatIfFileExists != 'overwrite') {
//$found = false;
// Checking if we are talking about the same course + session
/*foreach ($documentList as $document) {
@ -378,6 +378,7 @@ function handle_uploaded_document(
case 'overwrite':
// Check if the target file exists, so we can give another message
$fileExists = file_exists($fullPath);
if (moveUploadedFile($uploadedFile, $fullPath)) {
chmod($fullPath, $filePermissions);

24
main/inc/lib/formvalidator/FormValidator.class.php
Unescape View File

@ -18,7 +18,7 @@ define('TEACHER_HTML_FULLPAGE', 5);
*/
class FormValidator extends HTML_QuickForm
{
public $with_progress_bar = false;
/**
* Create a form validator based on an array of form data:
*
@ -47,10 +47,11 @@ class FormValidator extends HTML_QuickForm
* )
* );
*
* @param array form_data
* @param array $form_data
*
* @return FormValidator
*/
static function create($form_data)
public static function create($form_data)
{
if (empty($form_data)) {
return null;
@ -98,11 +99,10 @@ class FormValidator extends HTML_QuickForm
}
}
$result->setDefaults($defaults);
return $result;
}
var $with_progress_bar = false;
/**
* Constructor
* @param string $form_name Name of the form
@ -113,7 +113,7 @@ class FormValidator extends HTML_QuickForm
* @param bool $track_submit (optional) Whether to track if the form was
* submitted by adding a special hidden field (default = true)
*/
function __construct($form_name, $method = 'post', $action = '', $target = '', $attributes = null, $track_submit = true)
public function __construct($form_name, $method = 'post', $action = '', $target = '', $attributes = null, $track_submit = true)
{
// Default form class.
if (is_array($attributes) && !isset($attributes['class']) || empty($attributes)) {
@ -257,8 +257,12 @@ EOT;
}
/**
* date_range_picker element creates 2 hidden fields
* elementName + "_start" elementName "_end"
* The "date_range_picker" element creates 2 hidden fields
* "elementName" + "_start" and "elementName" + "_end"
* For example if the name is "range", you will have 2 new fields
* when executing $form->getSubmitValues()
* "range_start" and "range_end"
*
* @param string $name
* @param string $label
* @param bool $required
@ -646,7 +650,7 @@ function html_filter_student_fullpage($html)
* @return string The cleaned mobile phone number
*/
function mobile_phone_number_filter($mobilePhoneNumber)
{
{
$mobilePhoneNumber = str_replace(array('+', '(', ')'), '', $mobilePhoneNumber);
return ltrim($mobilePhoneNumber,'0');
}
}

61
main/inc/lib/group_portal_manager.lib.php
Unescape View File

@ -35,10 +35,12 @@ class GroupPortalManager
*
* @author Julio Montoya <gugli100@gmail.com>,
*
* @param string The URL of the site
* @param string The description of the site
* @param int is active or not
* @param int the user_id of the owner
* @param string $name The URL of the site
* @param string $description The description of the site
* @param string $url
* @param int $visibility is active or not
* @param int $picture
*
* @return boolean if success
*/
public static function add($name, $description, $url, $visibility, $picture = '')
@ -68,10 +70,12 @@ class GroupPortalManager
* Updates a group
* @author Julio Montoya <gugli100@gmail.com>,
*
* @param int The id
* @param string The description of the site
* @param int is active or not
* @param int the user_id of the owner
* @param int $group_id The id
* @param string $name The description of the site
* @param string $description
* @param string $url
* @param int $visibility
* @param string $picture_uri
* @param bool $allowMemberGroupToLeave
* @return bool if success
*/
@ -85,23 +89,24 @@ class GroupPortalManager
$allowMemberGroupToLeave = $allowMemberGroupToLeave == true ? 1 : 0;
$groupLeaveCondition = " allow_members_leave_group = $allowMemberGroupToLeave , ";
}
$sql = "UPDATE $table
SET name = '".Database::escape_string($name)."',
description = '".Database::escape_string($description)."',
picture_uri = '".Database::escape_string($picture_uri)."',
url = '".Database::escape_string($url)."',
visibility = '".Database::escape_string($visibility)."',
$groupLeaveCondition
updated_on = '".$now."'
$sql = "UPDATE $table SET
name = '".Database::escape_string($name)."',
description = '".Database::escape_string($description)."',
picture_uri = '".Database::escape_string($picture_uri)."',
url = '".Database::escape_string($url)."',
visibility = '".Database::escape_string($visibility)."',
$groupLeaveCondition
updated_on = '".$now."'
WHERE id = '$group_id'";
$result = Database::query($sql);
return $result;
}
/**
* Deletes a group
* @author Julio Montoya
* @param int id
* @param int $id
* @return boolean true if success
* */
public static function delete($id)
@ -122,9 +127,9 @@ class GroupPortalManager
/**
* Gets data of all groups
* @author Julio Montoya
* @param int visibility
* @param int from which record the results will begin (use for pagination)
* @param int number of items
* @param int $visibility
* @param int $from which record the results will begin (use for pagination)
* @param int $number_of_items
* @return array
* */
public static function get_all_group_data($visibility = GROUP_PERMISSION_OPEN, $from = 0, $number_of_items = 10)
@ -137,12 +142,14 @@ class GroupPortalManager
while ($item = Database::fetch_array($res)) {
$data[] = $item;
}
return $data;
}
/**
* Gets a list of all group
* @param id of a group not to include (i.e. to exclude)
* @param inr $without_this_one id of a group not to include (i.e. to exclude)
*
* @return array : id => name
* */
public static function get_groups_list($without_this_one = NULL)
@ -158,12 +165,14 @@ class GroupPortalManager
while ($item = Database::fetch_assoc($res)) {
$list[$item['id']] = $item['name'];
}
return $list;
}
/**
* Gets the group data
* @param int $group_id
*
* @return array
*/
public static function get_group_data($group_id)
@ -176,6 +185,7 @@ class GroupPortalManager
if (Database::num_rows($res) > 0) {
$item = Database::fetch_array($res, 'ASSOC');
}
return $item;
}
@ -757,10 +767,7 @@ class GroupPortalManager
$group_table = Database::get_main_table(TABLE_MAIN_GROUP);
$table_tag = Database::get_main_table(TABLE_MAIN_TAG);
$table_group_tag_values = Database::get_main_table(TABLE_MAIN_GROUP_REL_TAG);
$field_id = 5;
$tag = Database::escape_string($tag);
$from = intval($from);
$number_of_items = intval($number_of_items);
@ -777,8 +784,9 @@ class GroupPortalManager
WHERE
tag LIKE '$tag%' AND field_id= $field_id OR
(
g.name LIKE '%".$tag."%' OR g.description LIKE '%".$tag."%' OR g.url LIKE '%".$tag."%'
g.name LIKE '".Database::escape_string('%'.$tag.'%')."' OR
g.description LIKE '".Database::escape_string('%'.$tag.'%')."' OR
g.url LIKE '".Database::escape_string('%'.$tag.'%')."'
)";
$sql .= " LIMIT $from, $number_of_items";
@ -794,6 +802,7 @@ class GroupPortalManager
$return[$row['id']] = $row;
}
}
return $return;
}

13
main/inc/lib/link.lib.php
Unescape View File

@ -565,7 +565,7 @@ function editlinkcategory($type)
if (empty ($mytarget)) {
$mytarget = '_self';
}
$mytarget = ",target='" . $target . "'";
$mytarget = ", target='" . $target . "'";
// Finding the old category_id.
$sql = "SELECT * FROM " . $tbl_link . "
@ -592,7 +592,7 @@ function editlinkcategory($type)
"description='" . Database :: escape_string($_POST['description']) . "', " .
"category_id='" . Database :: escape_string($_POST['selectcategory']) . "', " .
"display_order='" . $max_display_order . "', " .
"on_homepage='" . Database :: escape_string($onhomepage) . " ' $mytarget " .
"on_homepage= '" . Database :: escape_string($onhomepage) ."' $mytarget " .
" WHERE c_id = $course_id AND id='" . intval($_POST['id']) . "'";
Database :: query($sql);
@ -827,7 +827,7 @@ function change_visibility_link($id, $scope)
* session
* @param int $courseId
* @param int $sessionId
* @return string SQL query (to be executed)
* @return resource
*/
function getLinkCategories($courseId, $sessionId)
{
@ -849,6 +849,13 @@ function getLinkCategories($courseId, $sessionId)
itemproperties.c_id = " . $courseId . "
ORDER BY linkcat.display_order DESC";
$sql = "SELECT *, linkcat.id
FROM $tblLinkCategory linkcat
WHERE
linkcat.c_id = " . $courseId."
$sessionCondition
ORDER BY linkcat.display_order DESC";
return Database::query($sql);
}

152
main/inc/lib/main_api.lib.php
Unescape View File

@ -916,7 +916,6 @@ function api_protect_course_script($print_headers = false, $allow_session_admins
{
$is_allowed_in_course = api_is_allowed_in_course();
$is_visible = false;
$course_info = api_get_course_info();
if (empty($course_info)) {
@ -1034,14 +1033,12 @@ function api_block_anonymous_users($print_headers = true) {
api_not_allowed($print_headers);
return false;
}
return true;
}
/* ACCESSOR FUNCTIONS
Don't access kernel variables directly, use these functions instead. */
/**
* @return an array with the navigator name and version
* @return array with the navigator name and version
*/
function api_get_navigator() {
$navigator = 'Unknown';
@ -1273,7 +1270,7 @@ function api_get_user_info($user_id = '', $check_if_user_is_online = false, $sho
return _api_format_user($GLOBALS['_user']);
}
$sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_USER)."
WHERE user_id='".Database::escape_string($user_id)."'";
WHERE user_id='".intval($user_id)."'";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
$result_array = Database::fetch_array($result);
@ -1463,9 +1460,9 @@ function api_get_cidreq($addSessionId = true, $addGroupId = true)
function api_get_course_info($course_code = null, $strict = false)
{
if (!empty($course_code)) {
$course_code = Database::escape_string($course_code);
$course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY);
$course_code = Database::escape_string($course_code);
$course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$course_cat_table = Database::get_main_table(TABLE_MAIN_CATEGORY);
$sql = "SELECT course.*, course_category.code faCode, course_category.name faName
FROM $course_table
LEFT JOIN $course_cat_table
@ -3228,11 +3225,13 @@ function api_get_item_visibility($_course, $tool, $id, $session = 0)
$session = (int) $session;
$TABLE_ITEMPROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
$course_id = intval($_course['real_id']);
$sql = "SELECT visibility FROM $TABLE_ITEMPROPERTY
WHERE c_id = $course_id AND
tool = '$tool' AND
ref = $id AND
(id_session = $session OR id_session = 0)
$sql = "SELECT visibility
FROM $TABLE_ITEMPROPERTY
WHERE
c_id = $course_id AND
tool = '$tool' AND
ref = $id AND
(id_session = $session OR id_session = 0)
ORDER BY id_session DESC, lastedit_date DESC
LIMIT 1";
@ -3274,7 +3273,6 @@ function api_item_property_delete(
}
$table = Database::get_course_table(TABLE_ITEM_PROPERTY);
$tool = Database::escape_string($tool);
$itemId = intval($itemId);
$userId = intval($userId);
@ -3290,9 +3288,6 @@ function api_item_property_delete(
if (empty($userId)) {
$userCondition = " AND (to_user_id is NULL OR to_user_id = 0) ";
}
$sql = "DELETE FROM $table
WHERE
c_id = $courseId AND
@ -3351,18 +3346,19 @@ function api_item_property_update(
}
// Definition of variables.
$tool = Database::escape_string($tool);
$item_id = intval($item_id);
$lastedit_type = Database::escape_string($lastedit_type);
$user_id = intval($user_id);
$to_group_id = intval($to_group_id);
$to_user_id = intval($to_user_id);
$start_visible = Database::escape_string($start_visible);
$end_visible = Database::escape_string($end_visible);
$start_visible = ($start_visible == 0) ? '0000-00-00 00:00:00' : $start_visible;
$end_visible = ($end_visible == 0) ? '0000-00-00 00:00:00' : $end_visible;
$to_filter = '';
$time = api_get_utc_datetime();
$tool = Database::escape_string($tool);
$item_id = intval($item_id);
$lastEditTypeNoFilter = $lastedit_type;
$lastedit_type = Database::escape_string($lastedit_type);
$user_id = intval($user_id);
$to_group_id = intval($to_group_id);
$to_user_id = intval($to_user_id);
$start_visible = Database::escape_string($start_visible);
$end_visible = Database::escape_string($end_visible);
$start_visible = ($start_visible == 0) ? '0000-00-00 00:00:00' : $start_visible;
$end_visible = ($end_visible == 0) ? '0000-00-00 00:00:00' : $end_visible;
$to_filter = '';
$time = api_get_utc_datetime();
if (!empty($session_id)) {
$session_id = intval($session_id);
@ -3388,7 +3384,6 @@ function api_item_property_update(
}
// Set filters for $to_user_id and $to_group_id, with priority for $to_user_id
$condition_session = '';
if (!empty($session_id)) {
$condition_session = " AND id_session = '$session_id' ";
@ -3421,7 +3416,7 @@ function api_item_property_update(
// Update if possible
$set_type = '';
switch ($lastedit_type) {
switch ($lastEditTypeNoFilter) {
case 'delete':
// delete = make item only visible for the platform admin.
$visibility = '2';
@ -3454,17 +3449,18 @@ function api_item_property_update(
lastedit_user_id = '$user_id',
visibility='$visibility' $set_type
WHERE $filter";
}
break;
case 'visible' : // Change item to visible.
$visibility = '1';
if (!empty($session_id)) {
// Check whether session id already exist into item_properties for updating visibility or add it.
$sql = "SELECT id_session FROM $TABLE_ITEMPROPERTY
WHERE c_id = $course_id AND tool = '$tool' AND ref = '$item_id' AND id_session = '$session_id'";
WHERE
c_id = $course_id AND
tool = '$tool' AND
ref = '$item_id' AND
id_session = '$session_id'";
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {
$sql = "UPDATE $TABLE_ITEMPROPERTY
@ -3494,7 +3490,11 @@ function api_item_property_update(
if (!empty($session_id)) {
// Check whether session id already exist into item_properties for updating visibility or add it
$sql = "SELECT id_session FROM $TABLE_ITEMPROPERTY
WHERE c_id=$course_id AND tool = '$tool' AND ref='$item_id' AND id_session = '$session_id'";
WHERE
c_id = $course_id AND
tool = '$tool' AND
ref='$item_id' AND
id_session = '$session_id'";
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {
$sql = "UPDATE $TABLE_ITEMPROPERTY
@ -3550,8 +3550,8 @@ function api_item_property_update(
*/
function api_get_item_property_by_tool($tool, $course_code, $session_id = null)
{
$course_info = api_get_course_info($course_code);
$tool = Database::escape_string($tool);
$course_info = api_get_course_info($course_code);
$tool = Database::escape_string($tool);
// Definition of tables.
$item_property_table = Database::get_course_table(TABLE_ITEM_PROPERTY);
@ -3560,7 +3560,10 @@ function api_get_item_property_by_tool($tool, $course_code, $session_id = null)
$course_id = $course_info['real_id'];
$sql = "SELECT * FROM $item_property_table
WHERE c_id = $course_id AND tool = '$tool' $session_condition ";
WHERE
c_id = $course_id AND
tool = '$tool'
$session_condition ";
$rs = Database::query($sql);
$list = array();
if (Database::num_rows($rs) > 0) {
@ -3616,11 +3619,11 @@ function api_get_item_property_list_by_tool_by_user(
* @param string tool name, linked to 'rubrique' of the course tool_list (Warning: language sensitive !!)
* @param int id of the item itself, linked to key of every tool ('id', ...), "*" = all items of the tool
*/
function api_get_item_property_id($course_code, $tool, $ref) {
$course_info = api_get_course_info($course_code);
$tool = Database::escape_string($tool);
$ref = intval($ref);
function api_get_item_property_id($course_code, $tool, $ref)
{
$course_info = api_get_course_info($course_code);
$tool = Database::escape_string($tool);
$ref = intval($ref);
// Definition of tables.
$TABLE_ITEMPROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
@ -3860,13 +3863,15 @@ function api_get_languages_to_array() {
* @param string language name (the corresponding name of the language-folder in the filesystem)
* @return int id of the language
*/
function api_get_language_id($language) {
function api_get_language_id($language)
{
$tbl_language = Database::get_main_table(TABLE_MAIN_LANGUAGE);
if (empty($language)) {
return null;
}
$language = Database::escape_string($language);
$sql = "SELECT id FROM $tbl_language WHERE available='1' AND dokeos_folder = '$language' LIMIT 1";
$sql = "SELECT id FROM $tbl_language
WHERE available='1' AND dokeos_folder = '$language' LIMIT 1";
$result = Database::query($sql);
$row = Database::fetch_array($result);
return $row['id'];
@ -4084,7 +4089,8 @@ function api_return_html_area($name, $content = '', $height = '', $width = '100%
* @param int $user_course_category: the id of the user_course_category
* @return int the value of the highest sort of the user_course_category
*/
function api_max_sort_value($user_course_category, $user_id) {
function api_max_sort_value($user_course_category, $user_id)
{
$tbl_course_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$sql = "SELECT max(sort) as max_sort FROM $tbl_course_user
@ -4660,7 +4666,9 @@ function api_get_status_langvars() {
function api_get_settings_options($var) {
$table_settings_options = Database :: get_main_table(TABLE_MAIN_SETTINGS_OPTIONS);
$var = Database::escape_string($var);
$sql = "SELECT * FROM $table_settings_options WHERE variable = '$var' ORDER BY id";
$sql = "SELECT * FROM $table_settings_options
WHERE variable = '$var'
ORDER BY id";
$result = Database::query($sql);
$settings_options_array = array();
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -4816,7 +4824,8 @@ function api_set_settings_category($category, $value = null, $access_url = 1, $f
if (empty($access_url)) { $access_url = 1; }
if (isset($value)) {
$value = Database::escape_string($value);
$sql = "UPDATE $t_s SET selected_value = '$value' WHERE category = '$category' AND access_url = $access_url";
$sql = "UPDATE $t_s SET selected_value = '$value'
WHERE category = '$category' AND access_url = $access_url";
if (is_array($fieldtype) && count($fieldtype)>0) {
$sql .= " AND ( ";
$i = 0;
@ -4856,13 +4865,17 @@ function api_set_settings_category($category, $value = null, $access_url = 1, $f
* Gets all available access urls in an array (as in the database)
* @return array An array of database records
*/
function api_get_access_urls($from = 0, $to = 1000000, $order = 'url', $direction = 'ASC') {
$t_au = Database::get_main_table(TABLE_MAIN_ACCESS_URL);
function api_get_access_urls($from = 0, $to = 1000000, $order = 'url', $direction = 'ASC')
{
$table = Database::get_main_table(TABLE_MAIN_ACCESS_URL);
$from = (int) $from;
$to = (int) $to;
$order = Database::escape_string($order);
$direction = Database::escape_string($direction);
$sql = "SELECT id, url, description, active, created_by, tms FROM $t_au ORDER BY $order $direction LIMIT $to OFFSET $from";
$order = Database::escape_string($order, null, false);
$direction = Database::escape_string($direction, null, false);
$sql = "SELECT id, url, description, active, created_by, tms
FROM $table
ORDER BY $order $direction
LIMIT $to OFFSET $from";
$res = Database::query($sql);
return Database::store_result($res);
}
@ -4877,7 +4890,7 @@ function api_get_access_urls($from = 0, $to = 1000000, $order = 'url', $directio
function api_get_access_url($id)
{
global $_configuration;
$id = Database::escape_string(intval($id));
$id = intval($id);
// Calling the Database:: library dont work this is handmade.
//$table_access_url = Database::get_main_table(TABLE_MAIN_ACCESS_URL);
$table = 'access_url';
@ -5445,9 +5458,11 @@ function api_get_access_url_from_user($user_id) {
$user_id = intval($user_id);
$table_url_rel_user = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$table_url = Database :: get_main_table(TABLE_MAIN_ACCESS_URL);
$sql = "SELECT access_url_id FROM $table_url_rel_user url_rel_user INNER JOIN $table_url u
$sql = "SELECT access_url_id
FROM $table_url_rel_user url_rel_user
INNER JOIN $table_url u
ON (url_rel_user.access_url_id = u.id)
WHERE user_id = ".Database::escape_string($user_id);
WHERE user_id = ".intval($user_id);
$result = Database::query($sql);
$url_list = array();
while ($row = Database::fetch_array($result, 'ASSOC')) {
@ -5465,10 +5480,11 @@ function api_get_access_url_from_user($user_id) {
function api_get_status_of_user_in_course ($user_id, $course_code) {
$tbl_rel_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
if (!empty($user_id) && !empty($course_code)) {
$user_id = Database::escape_string(intval($user_id));
$user_id = intval($user_id);
$course_code = Database::escape_string($course_code);
$sql = 'SELECT status FROM '.$tbl_rel_course_user.'
WHERE user_id='.$user_id.' AND course_code="'.$course_code.'";';
$sql = 'SELECT status
FROM '.$tbl_rel_course_user.'
WHERE user_id='.$user_id.' AND course_code="'.$course_code.'";';
$result = Database::query($sql);
$row_status = Database::fetch_array($result, 'ASSOC');
return $row_status['status'];
@ -5555,14 +5571,14 @@ function api_is_valid_secret_key($original_key_secret, $security_key) {
/**
* Checks whether a user is into course
* @param string $course_id - the course id
* @param string $user_id - the user id
* @param int $user_id - the user id
*/
function api_is_user_of_course($course_id, $user_id) {
$tbl_course_rel_user = Database::get_main_table(TABLE_MAIN_COURSE_USER);
$sql = 'SELECT user_id FROM '.$tbl_course_rel_user.'
WHERE
course_code="'.Database::escape_string($course_id).'" AND
user_id="'.Database::escape_string($user_id).'" AND
user_id="'.intval($user_id).'" AND
relation_type<>'.COURSE_RELATION_TYPE_RRHH.' ';
$result = Database::query($sql);
return Database::num_rows($result) == 1;
@ -5739,7 +5755,8 @@ function api_get_tool_information($tool_id) {
function api_get_tool_information_by_name($name) {
$t_tool = Database::get_course_table(TABLE_TOOL_LIST);
$course_id = api_get_course_int_id();
$sql = "SELECT * FROM $t_tool WHERE c_id = $course_id AND name = '".Database::escape_string($name)."' ";
$sql = "SELECT * FROM $t_tool
WHERE c_id = $course_id AND name = '".Database::escape_string($name)."' ";
$rs = Database::query($sql);
return Database::fetch_array($rs, 'ASSOC');
}
@ -6441,7 +6458,8 @@ function api_resource_is_locked_by_gradebook($item_id, $link_type, $course_code
$item_id = intval($item_id);
$link_type = intval($link_type);
$course_code = Database::escape_string($course_code);
$sql = "SELECT locked FROM $table WHERE locked = 1 AND ref_id = $item_id AND type = $link_type AND course_code = '$course_code' ";
$sql = "SELECT locked FROM $table
WHERE locked = 1 AND ref_id = $item_id AND type = $link_type AND course_code = '$course_code' ";
$result = Database::query($sql);
if (Database::num_rows($result)) {
return true;
@ -6992,7 +7010,9 @@ function api_get_bytes_memory_limit($mem){
*/
function api_get_user_info_from_official_code($official_code = '')
{
if (empty($official_code)) { return false; }
if (empty($official_code)) {
return false;
}
$sql = "SELECT * FROM ".Database :: get_main_table(TABLE_MAIN_USER)."
WHERE official_code ='".Database::escape_string($official_code)."'";
$result = Database::query($sql);

56
main/inc/lib/sessionmanager.lib.php
Unescape View File

@ -2449,7 +2449,8 @@ class SessionManager
/**
* Get a list of sessions of which the given conditions match with an = 'cond'
* @param array $conditions a list of condition example :
* array('status' => STUDENT) or array('s.name LIKE' => "%$needle%")
* array('status' => STUDENT) or
* array('s.name' => array('operator' => 'LIKE', value = '%$needle%'))
* @param array $order_by a list of fields on which sort
* @return array An array with all sessions of the platform.
* @todo optional course code parameter, optional sorting parameters...
@ -2462,12 +2463,19 @@ class SessionManager
$table_access_url_rel_session = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$session_course_table = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
$course_table = Database::get_main_table(TABLE_MAIN_COURSE);
$access_url_id = api_get_current_access_url_id();
$return_array = array();
$sql_query = " SELECT s.id, s.name, s.nbr_courses, s.date_start, s.date_end, u.firstname, u.lastname, sc.name as category_name, s.promotion_id
$sql_query = " SELECT
s.id,
s.name,
s.nbr_courses,
s.date_start,
s.date_end,
u.firstname,
u.lastname,
sc.name as category_name,
s.promotion_id
FROM $session_table s
INNER JOIN $user_table u ON s.id_coach = u.user_id
INNER JOIN $table_access_url_rel_session ar ON ar.session_id = s.id
@ -2476,23 +2484,53 @@ class SessionManager
INNER JOIN $course_table c ON sco.course_code = c.code
WHERE ar.access_url_id = $access_url_id ";
$availableFields = array(
's.id',
's.name'
);
$availableOperator = array(
'like',
'>=',
'<=',
'='
);
if (count($conditions) > 0) {
foreach ($conditions as $field => $value) {
foreach ($conditions as $field => $options) {
$operator = strtolower($options['operator']);
$value = Database::escape_string($options['value']);
$sql_query .= ' AND ';
$field = Database::escape_string($field);
$value = Database::escape_string($value);
$sql_query .= $field . " '" . $value . "'";
if (in_array($field, $availableFields) && in_array($operator, $availableOperator)) {
$sql_query .= $field . " $operator '" . $value . "'";
}
}
}
$orderAvailableList = array('name');
if (count($order_by) > 0) {
$sql_query .= ' ORDER BY ' . Database::escape_string(implode(',', $order_by));
$order = null;
$direction = null;
if (isset($order_by[0]) && in_array($order_by[0], $orderAvailableList)) {
$order = $order_by[0];
}
if (isset($order_by[1]) && in_array(strtolower($order_by[1]), array('desc', 'asc'))) {
$direction = $order_by[1];
}
if (!empty($order)) {
$sql_query .= " ORDER BY $order $direction ";
}
}
$sql_result = Database::query($sql_query);
if (Database::num_rows($sql_result) > 0) {
while ($result = Database::fetch_array($sql_result)) {
$return_array[$result['id']] = $result;
}
}
return $return_array;
}

4
main/inc/lib/tracking.lib.php
Unescape View File

@ -1210,8 +1210,8 @@ class Tracking
* Calculates the time spent on the platform by a user
* @param int|array User id
* @param string type of time filter: 'last_week' or 'custom'
* @param strgin start date date('Y-m-d H:i:s')
* @param strgin end date date('Y-m-d H:i:s')
* @param string start date date('Y-m-d H:i:s')
* @param string end date date('Y-m-d H:i:s')
* @return timestamp $nb_seconds
*/
public static function get_time_spent_on_the_platform(

191
main/inc/lib/usermanager.lib.php
Unescape View File

@ -1303,7 +1303,7 @@ class UserManager
/**
* Update User extra field file type into {user_folder}/{$extra_field}
* @param $user_id The user internal identification number
* @param int $user_id The user internal identification number
* @param string $extra_field The $extra_field The extra field name
* @param null $file The filename
* @param null $source_file The temporal filename
@ -1318,6 +1318,7 @@ class UserManager
if (empty($user_id)) {
return false;
}
if (empty($source_file)) {
$source_file = $file;
}
@ -1495,9 +1496,10 @@ class UserManager
/**
* Update an extra field value for a given user
* @param integer User ID
* @param string Field variable name
* @param string Field value
* @param integer $user_id User ID
* @param string $fname Field variable name
* @param string $fvalue Field value
*
* @return boolean true if field updated, false otherwise
*/
public static function update_extra_field_value($user_id, $fname, $fvalue = '')
@ -1508,24 +1510,28 @@ class UserManager
$t_ufv = Database::get_main_table(TABLE_MAIN_USER_FIELD_VALUES);
$fname = Database::escape_string($fname);
if ($user_id != strval(intval($user_id)))
if ($user_id != strval(intval($user_id))) {
return false;
if ($user_id === false)
}
if ($user_id === false) {
return false;
}
$fvalues = '';
//echo '<pre>'; print_r($fvalue);
if (is_array($fvalue)) {
foreach ($fvalue as $val) {
$fvalues .= Database::escape_string($val).';';
$fvalues .= $val.';';
}
if (!empty($fvalues)) {
$fvalues = substr($fvalues, 0, -1);
}
} else {
$fvalues = Database::escape_string($fvalue);
$fvalues = $fvalue;
}
$fvalues = Database::escape_string($fvalues);
$sqluf = "SELECT * FROM $t_uf WHERE field_variable='$fname'";
$resuf = Database::query($sqluf);
$is_extra_file = false;
@ -1571,7 +1577,12 @@ class UserManager
$fvalue['name'] = Security::filter_filename($fvalue['name']);
$fvalue['tmp_name'] = Security::filter_filename($fvalue['tmp_name']);
// Update and recover the filename
$fvalues = UserManager::update_user_extra_file($user_id, $rowuf['field_variable'], $fvalue['name'], $fvalue['tmp_name']);
$fvalues = UserManager::update_user_extra_file(
$user_id,
$rowuf['field_variable'],
$fvalue['name'],
$fvalue['tmp_name']
);
} else {
// Set empty string to $fvalues to delete it
$fvalues = '';
@ -1583,7 +1594,9 @@ class UserManager
break;
}
$tms = time();
$sqlufv = "SELECT * FROM $t_ufv WHERE user_id = $user_id AND field_id = ".$rowuf['id']." ORDER BY id";
$sqlufv = "SELECT * FROM $t_ufv
WHERE user_id = $user_id AND field_id = ".$rowuf['id']."
ORDER BY id";
$resufv = Database::query($sqlufv);
$n = Database::num_rows($resufv);
if ($n > 1) {
@ -1596,9 +1609,12 @@ class UserManager
}
$rowufv = Database::fetch_array($resufv);
if ($rowufv['field_value'] != $fvalues) {
$sqlu = "UPDATE $t_ufv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowufv['id'];
$sqlu = "UPDATE $t_ufv SET
field_value = '$fvalues',
tms = FROM_UNIXTIME($tms)
WHERE id = ".$rowufv['id'];
$resu = Database::query($sqlu);
return($resu ? true : false);
return ($resu ? true : false);
}
return true;
}
@ -1612,29 +1628,35 @@ class UserManager
}
// If the new field is empty, delete it
if ($fvalues == '') {
$sql_query = "DELETE FROM $t_ufv WHERE id = ".$rowufv['id'].";";
$sql_query = "DELETE FROM $t_ufv
WHERE id = ".$rowufv['id'].";";
} else {
// Otherwise update it
$sql_query = "UPDATE $t_ufv SET field_value = '$fvalues', tms = FROM_UNIXTIME($tms) WHERE id = ".$rowufv['id'];
$sql_query = "UPDATE $t_ufv SET
field_value = '$fvalues',
tms = FROM_UNIXTIME($tms)
WHERE id = ".$rowufv['id'];
}
$resu = Database::query($sql_query);
return($resu ? true : false);
return ($resu ? true : false);
}
return true;
} else {
$sqli = "INSERT INTO $t_ufv (user_id,field_id,field_value,tms) ".
"VALUES ($user_id,".$rowuf['id'].",'$fvalues',FROM_UNIXTIME($tms))";
$sqli = "INSERT INTO $t_ufv (user_id,field_id,field_value,tms)
VALUES ( $user_id, ".$rowuf['id'].", '$fvalues', FROM_UNIXTIME($tms))";
$resi = Database::query($sqli);
return($resi ? true : false);
return ($resi ? true : false);
}
} else {
return false; //field not found
// Field not found
return false;
}
}
/**
* Get an array of extra fieds with field details (type, default value and options)
* Get an array of extra fields with field details (type, default value and options)
* @param integer Offset (from which row)
* @param integer Number of items
* @param integer Column on which sorting is made
@ -1643,8 +1665,14 @@ class UserManager
* @param int Optional. Whether we get all the fields with field_filter 1 or 0 or everything
* @return array Extra fields details (e.g. $list[2]['type'], $list[4]['options'][2]['title']
*/
public static function get_extra_fields($from = 0, $number_of_items = 0, $column = 5, $direction = 'ASC', $all_visibility = true, $field_filter = null)
{
public static function get_extra_fields(
$from = 0,
$number_of_items = 0,
$column = 5,
$direction = 'ASC',
$all_visibility = true,
$field_filter = null
) {
$fields = array();
$t_uf = Database :: get_main_table(TABLE_MAIN_USER_FIELD);
$t_ufo = Database :: get_main_table(TABLE_MAIN_USER_FIELD_OPTIONS);
@ -1664,7 +1692,7 @@ class UserManager
}
$sqlf .= " ORDER BY ".$columns[$column]." $sort_direction ";
if ($number_of_items != 0) {
$sqlf .= " LIMIT ".Database::escape_string($from).','.Database::escape_string($number_of_items);
$sqlf .= " LIMIT ".intval($from).','.intval($number_of_items);
}
$resf = Database::query($sqlf);
@ -3529,7 +3557,7 @@ class UserManager
}
/**
* Returns a list of all admninistrators
* Returns a list of all administrators
* @author jmontoya
* @return array
*/
@ -3540,13 +3568,18 @@ class UserManager
$tbl_url_rel_user = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$access_url_id = api_get_current_access_url_id();
if (api_get_multiple_access_url()) {
$access_url_id = api_get_current_access_url_id();
$sql = "SELECT admin.user_id, username, firstname, lastname, email FROM $tbl_url_rel_user as url INNER JOIN $table_admin as admin
ON (admin.user_id=url.user_id) INNER JOIN $table_user u ON (u.user_id=admin.user_id)
WHERE access_url_id ='".$access_url_id."'";
$sql = "SELECT admin.user_id, username, firstname, lastname, email
FROM $tbl_url_rel_user as url
INNER JOIN $table_admin as admin
ON (admin.user_id=url.user_id)
INNER JOIN $table_user u
ON (u.user_id=admin.user_id)
WHERE access_url_id ='".$access_url_id."'";
} else {
$sql = "SELECT admin.user_id, username, firstname, lastname, email FROM $table_admin as admin
INNER JOIN $table_user u ON (u.user_id=admin.user_id)";
$sql = "SELECT admin.user_id, username, firstname, lastname, email
FROM $table_admin as admin
INNER JOIN $table_user u
ON (u.user_id=admin.user_id)";
}
$result = Database::query($sql);
$return = array();
@ -3555,26 +3588,31 @@ class UserManager
$return[$row['user_id']] = $row;
}
}
return $return;
}
/**
* Search an user (tags, first name, last name and email )
* @param string the tag
* @param int field id of the tag
* @param int where to start in the query
* @param int number of items
* @param bool get count or not
* @param string $tag
* @param int $field_id field id of the tag
* @param int $from where to start in the query
* @param int $number_of_items
* @param bool $getCount get count or not
* @return array
*/
public static function get_all_user_tags($tag, $field_id = 0, $from = 0, $number_of_items = 10, $getCount = false)
{
public static function get_all_user_tags(
$tag,
$field_id = 0,
$from = 0,
$number_of_items = 10,
$getCount = false
) {
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$table_user_tag = Database::get_main_table(TABLE_MAIN_TAG);
$table_user_tag_values = Database::get_main_table(TABLE_MAIN_USER_REL_TAG);
$access_url_rel_user_table = Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$tag = Database::escape_string($tag);
$field_id = intval($field_id);
$from = intval($from);
$number_of_items = intval($number_of_items);
@ -3599,13 +3637,13 @@ class UserManager
LEFT JOIN $table_user_tag_values uv ON (u.user_id AND uv.user_id AND uv.user_id = url_rel_user.user_id)
LEFT JOIN $table_user_tag ut ON (uv.tag_id = ut.id)
WHERE
($where_field tag LIKE '$tag%') OR
($where_field tag LIKE '".Database::escape_string($tag."%")."') OR
(
u.firstname LIKE '%".$tag."%' OR
u.lastname LIKE '%".$tag."%' OR
u.username LIKE '%".$tag."%' OR
concat(u.firstname,' ',u.lastname) LIKE '%".$tag."%' OR
concat(u.lastname,' ',u.firstname) LIKE '%".$tag."%'
u.firstname LIKE '".Database::escape_string("%".$tag."%")."' OR
u.lastname LIKE '".Database::escape_string("%".$tag."%")."' OR
u.username LIKE '".Database::escape_string("%".$tag."%")."' OR
concat(u.firstname, ' ', u.lastname) LIKE '".Database::escape_string("%".$tag."%")."' OR
concat(u.lastname, ' ', u.firstname) LIKE '".Database::escape_string("%".$tag."%")."'
)
".(!empty($where_extra_fields) ? $where_extra_fields : '')."
AND
@ -3630,17 +3668,23 @@ class UserManager
return $row['count'];
}
while ($row = Database::fetch_array($result, 'ASSOC')) {
if (isset($return[$row['user_id']]) && !empty($return[$row['user_id']]['tag'])) {
$url = Display::url($row['tag'], api_get_path(WEB_PATH).'main/social/search.php?q='.$row['tag'], array('class' => 'tag'));
if (isset($return[$row['user_id']]) &&
!empty($return[$row['user_id']]['tag'])
) {
$url = Display::url(
$row['tag'],
api_get_path(WEB_PATH).'main/social/search.php?q='.$row['tag'],
array('class' => 'tag')
);
$row['tag'] = $url;
}
$return[$row['user_id']] = $row;
}
}
return $return;
}
/**
* Get extra filtrable user fields (type select)
* @return array
@ -3653,10 +3697,15 @@ class UserManager
foreach ($extraFieldList as $extraField) {
//if is enabled to filter and is a "<select>" field type
if ($extraField[8] == 1 && $extraField[2] == 4) {
$extraFiltrableFields[] = array('name'=> $extraField[3], 'variable'=>$extraField[1], 'data'=> $extraField[9]);
$extraFiltrableFields[] = array(
'name' => $extraField[3],
'variable' => $extraField[1],
'data' => $extraField[9]
);
}
}
}
if (is_array($extraFiltrableFields) && count($extraFiltrableFields) > 0 ) {
return $extraFiltrableFields;
}
@ -4856,4 +4905,46 @@ EOF;
Database::query($sql);
}
}
/**
* @return array
*/
public static function getOfficialCodeGrouped()
{
$user = Database::get_main_table(TABLE_MAIN_USER);
$sql = "SELECT DISTINCT official_code
FROM $user
GROUP BY official_code";
$result = Database::query($sql);
$values = Database::store_result($result, 'ASSOC');
$result = array();
foreach ($values as $value) {
$result[$value['official_code']] = $value['official_code'];
}
return $result;
}
/**
* @param string $officialCode
* @return array
*/
public static function getUsersByOfficialCode($officialCode)
{
$user = Database::get_main_table(TABLE_MAIN_USER);
$officialCode = Database::escape_string($officialCode);
$sql = "SELECT DISTINCT user_id
FROM $user
WHERE official_code = '$officialCode'
";
$result = Database::query($sql);
$users = array();
while ($row = Database::fetch_array($result)) {
$users[] = $row['user_id'];
}
return $users;
}
}

24
main/inc/lib/userportal.lib.php
Unescape View File

@ -1023,7 +1023,6 @@ class IndexManager
if ($session_category_id == 0 &&
isset($session_category['sessions'])
) {
// Independent sessions
foreach ($session_category['sessions'] as $session) {
$session_id = $session['session_id'];
@ -1065,7 +1064,6 @@ class IndexManager
}
}
}
}
if ($session_now > $allowed_time && $days_access_after_end > $dif_time_after - 1) {
// Read only and accessible.
@ -1079,7 +1077,7 @@ class IndexManager
true,
$this->load_directories_preview
);
$html_courses_session .= $c[1];
$html_courses_session .= isset($c[1]) ? $c[1] : null;
}
$count_courses_session++;
}
@ -1166,13 +1164,17 @@ class IndexManager
if ($date_session_start != '0000-00-00') {
$allowed_time = api_strtotime($date_session_start . ' 00:00:00') - ($days_access_before_beginning * 86400);
}
if ($date_session_end != '0000-00-00') {
$endSessionToTms = api_strtotime($date_session_end . ' 23:59:59');
if ($session_now > $endSessionToTms) {
$dif_time_after = $session_now - $endSessionToTms;
$dif_time_after = round(
$dif_time_after / 86400
if (!isset($_GET['history'])) {
if ($date_session_end != '0000-00-00') {
$endSessionToTms = api_strtotime(
$date_session_end . ' 23:59:59'
);
if ($session_now > $endSessionToTms) {
$dif_time_after = $session_now - $endSessionToTms;
$dif_time_after = round(
$dif_time_after / 86400
);
}
}
}
} else {
@ -1181,7 +1183,9 @@ class IndexManager
);
}
if ($session_now > $allowed_time && $days_access_after_end > $dif_time_after - 1) {
if ($session_now > $allowed_time &&
$days_access_after_end > $dif_time_after - 1
) {
if (api_get_setting('hide_courses_in_sessions') == 'false') {
$c = CourseManager:: get_logged_user_course_html(
$course,

7
main/install/configuration.dist.php
Unescape View File

@ -271,3 +271,10 @@ $_configuration['system_stable'] = NEW_VERSION_STABLE;
//$_configuration['course_images_in_courses_list'] = false;
// Which student publication will be taken when connected to the gradebook: first|last
//$_configuration['student_publication_to_take_in_gradebook'] = 'first';
// Show a filter by official code
//$_configuration['certificate_filter_by_official_code'] = false;
// Max quantity of fkceditor allowed in the exercise result page otherwise
// Textareas are used.
//$_configuration['exercise_max_fckeditors_in_page'] = 0;
// Default upload option
//$_configuration['document_if_file_exists_option'] = 'rename'; // overwrite

2
main/messages/new_message.php
Unescape View File

@ -344,7 +344,7 @@ if (!isset($_POST['compose'])) {
// post
if ($restrict) {
if (!isset($_POST['group_id'])) {
$default['users'] = $_POST['users'];
$default['users'] = isset($_POST['users']) ? $_POST['users'] : null;
} else {
$default['group_id'] = $_POST['group_id'];
}

20
main/mySpace/company_reports.php
Unescape View File

@ -71,12 +71,20 @@ $extra_params['height'] = 'auto';
$htmlHeadXtra[] = '<script>
$(function() {
'.Display::grid_js('user_course_report', $url, $columns, $column_model, $extra_params, array(), null, true).'
jQuery("#user_course_report").jqGrid("navGrid","#user_course_report_pager",{view:false, edit:false, add:false, del:false, search:false, excel:true});
jQuery("#user_course_report").jqGrid("navButtonAdd","#user_course_report_pager",{
caption:"",
onClickButton : function () {
jQuery("#user_course_report").jqGrid("excelExport",{"url":"'.$url.'&export_format=xls"});
}
jQuery("#user_course_report").jqGrid("navGrid","#user_course_report_pager",{
view:false,
edit:false,
add:false,
del:false,
search:false,
excel:true
});
jQuery("#user_course_report").jqGrid("navButtonAdd","#user_course_report_pager", {
caption:"",
onClickButton : function () {
jQuery("#user_course_report").jqGrid("excelExport",{"url":"'.$url.'&export_format=xls"});
}
});
});
</script>';

156
main/newscorm/learnpath.class.php
Unescape View File

@ -4,8 +4,8 @@
use \ChamiloSession as Session;
/**
* This class defines the parent attributes and methods for Chamilo learnpaths and SCORM
* learnpaths. It is used by the scorm class.
* This class defines the parent attributes and methods for Chamilo learnpaths
* and SCORM learnpaths. It is used by the scorm class.
*
* @package chamilo.learnpath
* @author Yannick Warnier <ywarnier@beeznest.org>
@ -457,7 +457,6 @@ class learnpath
$parent = intval($parent);
$previous = intval($previous);
$type = Database::escape_string($type);
$id = intval($id);
$max_time_allowed = Database::escape_string(htmlentities($max_time_allowed));
if (empty ($max_time_allowed)) {
@ -515,7 +514,7 @@ class learnpath
$new_item_id = -1;
$id = Database::escape_string($id);
$typeCleaned = Database::escape_string($type);
if ($type == 'quiz') {
$sql = 'SELECT SUM(ponderation)
FROM ' . Database :: get_course_table(TABLE_QUIZ_QUESTION) . ' as quiz_question
@ -555,7 +554,7 @@ class learnpath
") VALUES (
$course_id ,
".$this->get_id() . ", ".
"'" . $type . "', ".
"'" . $typeCleaned . "', ".
"'', ".
"'" . $title . "', ".
"'" . $description . "', ".
@ -587,7 +586,7 @@ class learnpath
") VALUES (".
$course_id. ",".
$this->get_id() . ",".
"'" . $type . "',".
"'" . $typeCleaned . "',".
"'',".
"'" . $title . "',".
"'" . $description . "',".
@ -760,13 +759,13 @@ class learnpath
$publicated_on = api_get_utc_datetime();
}
} else {
$publicated_on = Database::escape_string(api_get_utc_datetime($publicated_on));
$publicated_on = Database::escape_string(api_get_utc_datetime($publicated_on));
}
if ($expired_on == '0000-00-00 00:00:00' || empty($expired_on)) {
$expired_on = '';
} else {
$expired_on = Database::escape_string(api_get_utc_datetime($expired_on));
$expired_on = Database::escape_string(api_get_utc_datetime($expired_on));
}
while (Database :: num_rows($res_name)) {
@ -967,7 +966,7 @@ class learnpath
}
*/
}
$this->ordered_items = array ();
$this->ordered_items = array();
$this->index = 0;
unset ($this->lp_id);
//unset other stuff
@ -1465,7 +1464,6 @@ class learnpath
}
$prerequisite_id = Database::escape_string($prerequisite_id);
$tbl_lp_item = Database :: get_course_table(TABLE_LP_ITEM);
if (!is_numeric($mastery_score) || $mastery_score < 0) {
@ -1674,7 +1672,7 @@ class learnpath
if ($this->debug > 0) {
error_log('New LP - In learnpath::get_current_item_id()', 0);
}
if (!empty ($this->current)) {
if (!empty($this->current)) {
$current = $this->current;
}
if ($this->debug > 2) {
@ -1814,7 +1812,7 @@ class learnpath
/**
* Gets the information about an item in a format usable as JavaScript to update
* the JS API by just printing this content into the <head> section of the message frame
* @param integer Item ID
* @param int $item_id
* @return string
*/
public function get_js_info($item_id = '')
@ -1824,7 +1822,7 @@ class learnpath
}
$info = '';
$item_id = Database::escape_string($item_id);
$item_id = intval($item_id);
if (!empty($item_id) && is_object($this->items[$item_id])) {
//if item is defined, return values from DB
@ -3294,9 +3292,9 @@ class learnpath
/**
* Gets a link to the resource from the present location, depending on item ID.
* @param string Type of link expected
* @param integer Learnpath item ID
* @return string Link to the lp_item resource
* @param string $type Type of link expected
* @param integer $item_id Learnpath item ID
* @return string $provided_toc Link to the lp_item resource
*/
public function get_link($type = 'http', $item_id = null, $provided_toc = false)
{
@ -3326,7 +3324,7 @@ class learnpath
$lp_table = Database::get_course_table(TABLE_LP_MAIN);
$lp_item_table = Database::get_course_table(TABLE_LP_ITEM);
$lp_item_view_table = Database::get_course_table(TABLE_LP_ITEM_VIEW);
$item_id = Database::escape_string($item_id);
$item_id = intval($item_id);
$sql = "SELECT l.lp_type as ltype, l.path as lpath, li.item_type as litype, li.path as lipath, li.parameters as liparams
FROM $lp_table l
@ -3366,7 +3364,6 @@ class learnpath
// Now go through the specific cases to get the end of the path
// @todo Use constants instead of int values.
switch ($lp_type) {
case 1 :
if ($lp_item_type == 'dokeos_chapter') {
@ -3425,13 +3422,13 @@ class learnpath
}
if ($type_quiz) {
$lp_item_id = Database::escape_string($lp_item_id);
$lp_view_id = Database::escape_string($lp_view_id);
$lp_item_id = intval($lp_item_id);
$lp_view_id = intval($lp_view_id);
$sql = "SELECT count(*) FROM $lp_item_view_table
WHERE
c_id = $course_id AND
lp_item_id='" . (int) $lp_item_id . "' AND
lp_view_id ='" . (int) $lp_view_id . "' AND
lp_item_id='" . $lp_item_id . "' AND
lp_view_id ='" . $lp_view_id . "' AND
status='completed'";
$result = Database::query($sql);
$row_count = Database :: fetch_row($result);
@ -4114,7 +4111,7 @@ class learnpath
{
$course_id = api_get_course_int_id();
$tbl_lp = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = Database::escape_string($lp_id);
$lp_id = intval($lp_id);
$sql = "SELECT * FROM $tbl_lp where c_id = ".$course_id." AND id=$lp_id";
$result = Database::query($sql);
if (Database::num_rows($result)) {
@ -4341,7 +4338,7 @@ class learnpath
/**
* Sets the current item ID (checks if valid and authorized first)
* @param integer New item ID. If not given or not authorized, defaults to current
* @param integer $item_id New item ID. If not given or not authorized, defaults to current
*/
public function set_current_item($item_id = null)
{
@ -4358,7 +4355,7 @@ class learnpath
error_log('New LP - New current item given is ' . $item_id . '...', 0);
}
if (is_numeric($item_id)) {
$item_id = Database::escape_string($item_id);
$item_id = intval($item_id);
// TODO: Check in database here.
$this->last = $this->current;
$this->current = $item_id;
@ -4442,11 +4439,11 @@ class learnpath
}
if (empty ($name))
return false;
$this->maker = Database::escape_string($name);
$this->maker = $name;
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$course_id = api_get_course_int_id();
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET content_maker = '" . $this->maker . "'
$sql = "UPDATE $lp_table SET content_maker = '" . Database::escape_string($this->maker) . "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new content_maker : ' . $this->maker, 0);
@ -4468,11 +4465,11 @@ class learnpath
if (empty($name)) {
return false;
}
$this->name = Database::escape_string($name);
$this->name = $name;
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$course_id = api_get_course_int_id();
$sql = "UPDATE $lp_table SET name = '" . $this->name . "'
$sql = "UPDATE $lp_table SET name = '" . Database::escape_string($this->name). "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new name : ' . $this->name, 0);
@ -4582,10 +4579,10 @@ class learnpath
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_theme()', 0);
}
$this->theme = Database::escape_string($name);
$this->theme = $name;
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET theme = '" . $this->theme . "'
$sql = "UPDATE $lp_table SET theme = '" . Database::escape_string($this->theme). "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new theme : ' . $this->theme, 0);
@ -4606,10 +4603,11 @@ class learnpath
error_log('New LP - In learnpath::set_preview_image()', 0);
}
$this->preview_image = Database::escape_string($name);
$this->preview_image = $name;
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET preview_image = '" . $this->preview_image . "'
$sql = "UPDATE $lp_table SET
preview_image = '" . Database::escape_string($this->preview_image). "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new preview image : ' . $this->preview_image, 0);
@ -4628,10 +4626,10 @@ class learnpath
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_author()', 0);
}
$this->author = Database::escape_string($name);
$this->author = $name;
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET author = '" . $this->author . "'
$sql = "UPDATE $lp_table SET author = '" . Database::escape_string($name). "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new preview author : ' . $this->author, 0);
@ -4704,10 +4702,11 @@ class learnpath
if (empty ($name))
return false;
$this->proximity = Database::escape_string($name);
$this->proximity = $name;
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET content_local = '" . $this->proximity . "'
$sql = "UPDATE $lp_table SET
content_local = '" . Database::escape_string($name) . "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new proximity : ' . $this->proximity, 0);
@ -4756,7 +4755,7 @@ class learnpath
/**
* Sets and saves the expired_on date
* @param string Optional string giving the new author of this learnpath
* @param string $expired_on Optional string giving the new author of this learnpath
* @return bool Returns true if author's name is not empty
*/
public function set_expired_on($expired_on)
@ -4767,13 +4766,14 @@ class learnpath
}
if (!empty($expired_on)) {
$this->expired_on = Database::escape_string(api_get_utc_datetime($expired_on));
$this->expired_on = api_get_utc_datetime($expired_on);
} else {
$this->expired_on = '';
}
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET expired_on = '" . $this->expired_on . "'
$sql = "UPDATE $lp_table SET
expired_on = '" . Database::escape_string($this->expired_on) . "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new expired_on : ' . $this->expired_on, 0);
@ -4784,7 +4784,7 @@ class learnpath
/**
* Sets and saves the publicated_on date
* @param string Optional string giving the new author of this learnpath
* @param string $publicated_on Optional string giving the new author of this learnpath
* @return bool Returns true if author's name is not empty
*/
public function set_publicated_on($publicated_on)
@ -4794,13 +4794,14 @@ class learnpath
error_log('New LP - In learnpath::set_expired_on()', 0);
}
if (!empty($publicated_on)) {
$this->publicated_on = Database::escape_string(api_get_utc_datetime($publicated_on));
$this->publicated_on = api_get_utc_datetime($publicated_on);
} else {
$this->publicated_on = '';
}
$lp_table = Database :: get_course_table(TABLE_LP_MAIN);
$lp_id = $this->get_id();
$sql = "UPDATE $lp_table SET publicated_on = '" . $this->publicated_on . "'
$sql = "UPDATE $lp_table SET
publicated_on = '" . Database::escape_string($this->publicated_on) . "'
WHERE c_id = ".$course_id." AND id = '$lp_id'";
if ($this->debug > 2) {
error_log('New LP - lp updated with new publicated_on : ' . $this->publicated_on, 0);
@ -4811,7 +4812,6 @@ class learnpath
/**
* Sets and saves the expired_on date
* @param string Optional string giving the new author of this learnpath
* @return bool Returns true if author's name is not empty
*/
public function set_modified_on()
@ -4837,7 +4837,8 @@ class learnpath
* @param string Error message. If empty, reinits the error string
* @return void
*/
public function set_error_msg($error = '') {
public function set_error_msg($error = '')
{
if ($this->debug > 0) {
error_log('New LP - In learnpath::set_error_msg()', 0);
}
@ -4849,9 +4850,10 @@ class learnpath
}
/**
* Launches the current item if not 'sco' (starts timer and make sure there is a record ready in the DB)
* @param boolean Whether to allow a new attempt or not
* @return boolean True
* Launches the current item if not 'sco'
* (starts timer and make sure there is a record ready in the DB)
* @param boolean $allow_new_attempt Whether to allow a new attempt or not
* @return boolean
*/
public function start_current_item($allow_new_attempt = false)
{
@ -4865,7 +4867,6 @@ class learnpath
($type == 1 && $item_type != TOOL_QUIZ && $item_type != TOOL_HOTPOTATOES)
) {
$this->items[$this->current]->open($allow_new_attempt);
$this->autocomplete_parents($this->current);
$prereq_check = $this->prerequisites_match($this->current);
$this->items[$this->current]->save(false, $prereq_check);
@ -5710,17 +5711,28 @@ class learnpath
$return .= "\tm.add(" . $menu . ", -1, '" . addslashes(Security::remove_XSS(($this->name))) . "');\n";
$tbl_lp_item = Database :: get_course_table(TABLE_LP_ITEM);
$sql = " SELECT id, title, description, item_type, path, parent_item_id, previous_item_id, next_item_id, max_score, min_score, mastery_score, display_order
$sql = " SELECT
id,
title,
description,
item_type,
path,
parent_item_id,
previous_item_id,
next_item_id,
max_score,
min_score,
mastery_score,
display_order
FROM $tbl_lp_item
WHERE c_id = ".$course_id." AND lp_id = " . Database::escape_string($this->lp_id);
WHERE c_id = ".$course_id." AND lp_id = " . intval($this->lp_id);
$result = Database::query($sql);
$arrLP = array ();
while ($row = Database :: fetch_array($result)) {
$row['title'] = Security :: remove_XSS($row['title']);
$row['description'] = Security :: remove_XSS($row['description']);
$arrLP[] = array (
$arrLP[] = array(
'id' => $row['id'],
'item_type' => $row['item_type'],
'title' => $row['title'],
@ -6007,9 +6019,10 @@ class learnpath
fputs($fp, $content);
fclose($fp);
$sql_update = "UPDATE " . $table_doc ." SET title='".Database::escape_string($_POST['title'])."'
WHERE c_id = ".$course_id." AND id = " . $document_id;
Database::query($sql_update);
$sql = "UPDATE " . $table_doc ." SET
title='".Database::escape_string($_POST['title'])."'
WHERE c_id = ".$course_id." AND id = " . $document_id;
Database::query($sql);
}
}
}
@ -6026,9 +6039,8 @@ class learnpath
$return = '';
if (is_numeric($item_id)) {
$tbl_lp_item = Database :: get_course_table(TABLE_LP_ITEM);
$tbl_doc = Database :: get_course_table(TABLE_DOCUMENT);
$sql = "SELECT lp.* FROM " . $tbl_lp_item . " as lp
WHERE c_id = ".$course_id." AND lp.id = " . Database::escape_string($item_id);
WHERE c_id = ".$course_id." AND lp.id = " . intval($item_id);
$result = Database::query($sql);
while ($row = Database :: fetch_array($result,'ASSOC')) {
$_SESSION['parent_item_id'] = ($row['item_type'] == 'dokeos_chapter' || $row['item_type'] == 'dokeos_module' || $row['item_type'] == 'dir') ? $item_id : 0;
@ -6057,11 +6069,12 @@ class learnpath
}
break;
case TOOL_DOCUMENT:
$tbl_doc = Database :: get_course_table(TABLE_DOCUMENT);
$sql_doc = "SELECT path FROM " . $tbl_doc . " WHERE c_id = ".$course_id." AND id = " . Database::escape_string($row['path']);
$result = Database::query($sql_doc);
$path_file = Database::result($result, 0, 0);
$path_parts = pathinfo($path_file);
$tbl_doc = Database :: get_course_table(TABLE_DOCUMENT);
$sql_doc = "SELECT path FROM " . $tbl_doc . "
WHERE c_id = ".$course_id." AND id = " . Database::escape_string($row['path']);
$result = Database::query($sql_doc);
$path_file = Database::result($result, 0, 0);
$path_parts = pathinfo($path_file);
// TODO: Correct the following naive comparisons, also, htm extension is missing.
if (in_array($path_parts['extension'], array(
'html',
@ -6095,7 +6108,8 @@ class learnpath
$return = '';
if (is_numeric($item_id)) {
$tbl_lp_item = Database :: get_course_table(TABLE_LP_ITEM);
$sql = "SELECT * FROM $tbl_lp_item WHERE c_id = ".$course_id." AND id = " . Database::escape_string($item_id);
$sql = "SELECT * FROM $tbl_lp_item
WHERE c_id = ".$course_id." AND id = " . intval($item_id);
$res = Database::query($sql);
$row = Database::fetch_array($res);
@ -6116,9 +6130,10 @@ class learnpath
$sql_step = " SELECT lp.*, doc.path as dir
FROM " . $tbl_lp_item . " as lp
LEFT JOIN " . $tbl_doc . " as doc ON doc.id = lp.path
WHERE lp.c_id = $course_id AND
doc.c_id = $course_id AND
lp.id = " . Database::escape_string($item_id);
WHERE
lp.c_id = $course_id AND
doc.c_id = $course_id AND
lp.id = " . intval($item_id);
$res_step = Database::query($sql_step);
$row_step = Database :: fetch_array($res_step);
$return .= $this->display_manipulate($item_id, $row['item_type']);
@ -6128,7 +6143,8 @@ class learnpath
$link_id = (string) $row['path'];
if (ctype_digit($link_id)) {
$tbl_link = Database :: get_course_table(TABLE_LINK);
$sql_select = 'SELECT url FROM ' . $tbl_link . ' WHERE c_id = '.$course_id.' AND id = ' . Database::escape_string($link_id);
$sql_select = 'SELECT url FROM ' . $tbl_link . '
WHERE c_id = '.$course_id.' AND id = ' . intval($link_id);
$res_link = Database::query($sql_select);
$row_link = Database :: fetch_array($res_link);
if (is_array($row_link)) {
@ -7792,9 +7808,7 @@ class learnpath
WHERE c_id = ".$course_id." AND lp_id = " . $this->lp_id;
$result = Database::query($sql);
$arrLP = array ();
$arrLP = array();
while ($row = Database :: fetch_array($result)) {
$arrLP[] = array (
'id' => $row['id'],

3
main/newscorm/lp_ajax_switch_item.php
Unescape View File

@ -232,7 +232,8 @@ function switch_item_details($lp_id, $user_id, $view_id, $current_item, $next_it
if ($debug > 1) {
error_log('Prereq_match() returned '.htmlentities($mylp->error), 0);
}
$_SESSION['scorm_item_id'] = $new_item_id; // Save the new item ID for the exercise tool to use.
// Save the new item ID for the exercise tool to use.
$_SESSION['scorm_item_id'] = $new_item_id;
$_SESSION['lpobject'] = serialize($mylp);
return $return;
}

9
main/newscorm/lp_ajax_switch_item_toc.php
Unescape View File

@ -167,4 +167,11 @@ function switch_item_toc($lp_id, $user_id, $view_id, $current_item, $next_item)
$_SESSION['lpobject'] = serialize($mylp);
return $return;
}
echo switch_item_toc($_POST['lid'], $_POST['uid'], $_POST['vid'], $_POST['iid'], $_POST['next']);
echo switch_item_toc(
$_POST['lid'],
$_POST['uid'],
$_POST['vid'],
$_POST['iid'],
$_POST['next']
);

7
main/newscorm/lp_controller.php
Unescape View File

@ -1060,8 +1060,11 @@ switch ($action) {
break;
case 'content':
if ($debug > 0) error_log('New LP - content action triggered', 0);
if ($debug > 0) error_log('New LP - Item id is '.$_GET['item_id'], 0);
if (!$lp_found) { error_log('New LP - No learnpath given for content', 0); require 'lp_list.php'; }
if ($debug > 0) error_log('New LP - Item id is '.intval($_GET['item_id']), 0);
if (!$lp_found) {
error_log('New LP - No learnpath given for content', 0);
require 'lp_list.php';
}
else {
$_SESSION['oLP']->save_last();
$_SESSION['oLP']->set_current_item($_GET['item_id']);

72
main/reservation/rsys.php
Unescape View File

@ -1,14 +1,18 @@
<?php
/* For licensing terms, see /license.txt */
/**
The class-library with all reservation-system specific functionality
* Class Rsys
* The class-library with all reservation-system specific functionality
*/
class Rsys {
class Rsys
{
/**
* Get required database-vars from inc/lib/database.lib.php and load them into the $GLOBALS['_rsys']-array
*
*/
function init() {
public function init()
{
// reservation database tables
$GLOBALS['_rsys']['dbtables']['item'] = Database :: get_main_table(TABLE_MAIN_RESERVATION_ITEM);
$GLOBALS['_rsys']['dbtables']['reservation'] = Database :: get_main_table(TABLE_MAIN_RESERVATION_RESERVATION);
@ -197,7 +201,7 @@ class Rsys {
* @return - Array One or all rows of the category-table
*/
function get_category($id = null, $orderby = "name ASC") {
$id = intval($id);
$id = intval($id);
$sql = "SELECT * FROM ".Rsys :: getTable("category");
if (!empty ($id))
$sql .= " WHERE id = ".intval($id)."";
@ -520,7 +524,7 @@ class Rsys {
WHERE ( 1=". (api_is_platform_admin() ? 1 : 0)."
OR ((cu.user_id='".api_get_user_id()."' AND (ir.edit_right=1 OR ir.delete_right=1)) OR i.creator='".api_get_user_id()."' ))";
return @ Database::result(Database::query($sql), 0, 0);
return @ Database::result(Database::query($sql), 0, 0);
}
/**
@ -570,21 +574,21 @@ class Rsys {
} else {
$tabel[$count][4] = '<img src="../img/right.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=manage&set=0\'" />';
}
if ($lijn2[5] == 0) {
$tabel[$count][5] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=view&set=1\'" />';
} else {
$tabel[$count][5] = '<img src="../img/right.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=view&set=0\'" />';
}
$controle = true;
}
}
if (!$controle) {
$tabel[$count][2] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=edit&set=1\'" />';
$tabel[$count][3] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=delete&set=1\'" />';
$tabel[$count][4] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=manage&set=1\'" />';
$tabel[$count][5] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=view&set=1\'" />';
}
$tabel[$count][6] = $itemid."-".$lijn[0];
if ($lijn2[5] == 0) {
$tabel[$count][5] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=view&set=1\'" />';
} else {
$tabel[$count][5] = '<img src="../img/right.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=view&set=0\'" />';
}
$controle = true;
}
}
if (!$controle) {
$tabel[$count][2] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=edit&set=1\'" />';
$tabel[$count][3] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=delete&set=1\'" />';
$tabel[$count][4] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=manage&set=1\'" />';
$tabel[$count][5] = '<img src="../img/wrong.gif" onclick="document.location.href=\'m_item.php?action=m_rights&subaction=switch&class_id='.$lijn[0].'&item_id='.$itemid.'&switch=view&set=1\'" />';
}
$tabel[$count][6] = $itemid."-".$lijn[0];
}
}
return $tabel;
@ -927,7 +931,7 @@ class Rsys {
*/
function get_table_reservations($from, $per_page, $column, $direction) {
$sql = "SELECT DISTINCT r.id AS col0, i.name AS col1, DATE_FORMAT(r.start_at,'%Y-%m-%d %H:%i') AS col2, DATE_FORMAT(r.end_at,'%Y-%m-%d %H:%i') AS col3," .
"DATE_FORMAT(r.subscribe_from,'%Y-%m-%d %k:%i') AS col4, DATE_FORMAT(r.subscribe_until,'%Y-%m-%d %k:%i') AS col5,IF(timepicker <> 0, '".get_lang('TimePicker')."',CONCAT(r.subscribers,'/',r.max_users)) AS col6, r.notes AS col7, r.id as col8
"DATE_FORMAT(r.subscribe_from,'%Y-%m-%d %k:%i') AS col4, DATE_FORMAT(r.subscribe_until,'%Y-%m-%d %k:%i') AS col5,IF(timepicker <> 0, '".get_lang('TimePicker')."',CONCAT(r.subscribers,'/',r.max_users)) AS col6, r.notes AS col7, r.id as col8
FROM ".Rsys :: getTable('reservation')." r
INNER JOIN ".Rsys :: getTable('item')." i ON r.item_id=i.id
LEFT JOIN ".Rsys :: getTable('item_rights')." ir ON ir.item_id=i.id
@ -1005,10 +1009,10 @@ class Rsys {
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS)." c ON ir.class_id=c.id AND ir.item_id = r.item_id
LEFT JOIN ".Database :: get_main_table(TABLE_MAIN_CLASS_USER)." cu ON cu.class_id = c.id
WHERE ((ir.m_reservation=1 AND cu.user_id='".api_get_user_id()."') OR i.creator='".api_get_user_id()."' OR 1=". (api_is_platform_admin() ? 1 : 0).')';
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " AND (i.name LIKE '%".$keyword."%' OR i.description LIKE '%".$keyword."%' OR r.notes LIKE '%".$keyword."%')";
}
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " AND (i.name LIKE '%".$keyword."%' OR i.description LIKE '%".$keyword."%' OR r.notes LIKE '%".$keyword."%')";
}
return Database::result(Database::query($sql), 0, 0);
}
@ -1033,7 +1037,7 @@ class Rsys {
return 2;
}
if ($start_at < (date( 'Y-m-d H:i:s',time())))
return 3;
return 3;
if (($stamp_start_date != $stamp_end_date) && $timepicker == '1')
{
return 4;
@ -1192,10 +1196,10 @@ class Rsys {
WHERE ((ir.m_reservation=1 AND cu.user_id='".api_get_user_id()."')
OR i2.creator='".api_get_user_id()."'
OR 1=". (api_is_platform_admin() ? 1 : 0)."))";
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " AND (i1.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
}
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " AND (i1.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
}
return Database::result(Database::query($sql), 0, 0);
}
@ -1228,10 +1232,10 @@ class Rsys {
WHERE ((ir.m_reservation=1 AND cu.user_id='".api_get_user_id()."')
OR i2.creator='".api_get_user_id()."'
OR 1=". (api_is_platform_admin() ? 1 : 0)."))";
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " AND (i1.name LIKE '%".$keyword."%' or c.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
}
if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " AND (i1.name LIKE '%".$keyword."%' or c.name LIKE '%".$keyword."%' or r1.start_at LIKE '%".$keyword."%' or r1.end_at LIKE '%".$keyword."%' or u.lastname LIKE '%".$keyword."%' or u.firstname LIKE '%".$keyword."%' or s.start_at LIKE '%".$keyword."%' or s.end_at LIKE '%".$keyword."%')";
}
$sql .= " ORDER BY col".$column." ".$direction." LIMIT ".$from.",".$per_page;
/*$result = Database::query($sql);
while ($array = Database::fetch_array($result, 'NUM'))

1
main/social/group_topics.php
Unescape View File

@ -1,5 +1,6 @@
<?php
/* For licensing terms, see /license.txt */
/**
* @package chamilo.social
* @author Julio Montoya <gugli100@gmail.com>

43
main/social/groups.php
Unescape View File

@ -1,5 +1,6 @@
<?php
/* For licensing terms, see /license.txt */
/**
* @package chamilo.social
* @author Julio Montoya <gugli100@gmail.com>
@ -47,9 +48,7 @@ function remove_image_form(id_elem1) {
if (filepaths.childNodes.length < 3) {
var link_attach = document.getElementById("link-more-attach");
if (link_attach) {
link_attach.innerHTML=\'<a href="javascript://" onclick="return add_image_form()">' . get_lang(
'AddOneMoreFile'
) . '</a>\';
link_attach.innerHTML=\'<a href="javascript://" onclick="return add_image_form()">' . get_lang('AddOneMoreFile') . '</a>\';
}
}
}
@ -67,10 +66,7 @@ function add_image_form() {
filepaths.appendChild(elem1);
id_elem1 = "filepath_"+counter_image;
id_elem1 = "\'"+id_elem1+"\'";
document.getElementById("filepath_"+counter_image).innerHTML = "<input type=\"file\" name=\"attach_"+counter_image+"\" size=\"20\" />&nbsp;<a href=\"javascript:remove_image_form("+id_elem1+")\"><img src=\"' . api_get_path(
WEB_CODE_PATH
) . 'img/delete.gif\"></a>";
document.getElementById("filepath_"+counter_image).innerHTML = "<input type=\"file\" name=\"attach_"+counter_image+"\" size=\"20\" />&nbsp;<a href=\"javascript:remove_image_form("+id_elem1+")\"><img src=\"' . api_get_path(WEB_CODE_PATH) . 'img/delete.gif\"></a>";
if (filepaths.childNodes.length == 3) {
var link_attach = document.getElementById("link-more-attach");
if (link_attach) {
@ -92,34 +88,33 @@ jQuery(document).ready(function() {
$("#tab_browse").bind("tabsselect", function(event, ui) {
window.location.href=ui.tab;
});
$("#tabs").tabs();
$("#tab_browse").tabs();
var valor = "' . $anchor . '";
$(".head").click(function() {
$(this).next().next().slideToggle("fast");
image_clicked = $("#" + this.id + " img").attr("src");
image_clicked_info = image_clicked.split("/");
image_real_clicked = image_clicked_info[image_clicked_info.length-1];
image_path = image_clicked.split("img");
current_path = image_path[0]+"img/";
if (image_real_clicked == "div_show.gif") {
current_path = current_path+"div_hide.gif";
$("#" + this.id + " img").attr("src", current_path);
} else {
current_path = current_path+"div_show.gif";
$("#" + this.id + " img").attr("src", current_path)
}
return false;
}).next().next().hide();
$(this).next().next().slideToggle("fast");
image_clicked = $("#" + this.id + " img").attr("src");
image_clicked_info = image_clicked.split("/");
image_real_clicked = image_clicked_info[image_clicked_info.length-1];
image_path = image_clicked.split("img");
current_path = image_path[0]+"img/";
if (image_real_clicked == "div_show.gif") {
current_path = current_path+"div_hide.gif";
$("#" + this.id + " img").attr("src", current_path);
} else {
current_path = current_path+"div_show.gif";
$("#" + this.id + " img").attr("src", current_path)
}
return false;
}).next().next().hide();
// anchor for current topic
if (valor) {
$("#"+valor).show();
window.location = document.URL+"#"+valor;
}
});
</script>';

31
main/social/message_for_group_form.inc.php
Unescape View File

@ -4,9 +4,7 @@
* Form for group message
* @package chamilo.social
*/
/**
* Initialization
*/
$language_file = array('registration', 'messages', 'userInfo', 'admin');
$cidReset = true;
require_once '../inc/global.inc.php';
@ -36,19 +34,15 @@ if (isset($_REQUEST['user_friend'])) {
}
$group_id = intval($_GET['group_id']);
$message_id = isset($_GET['message_id']) ? intval($_GET['message_id']) : null;
$message_id = intval($_GET['message_id']);
$actions = array(
'add_message_group',
'edit_message_group',
'reply_message_group'
);
$allowed_action = (isset($_GET['action']) && in_array(
$_GET['action'],
$actions
)) ? Security::remove_XSS($_GET['action']) : '';
$allowed_action = (isset($_GET['action']) && in_array($_GET['action'], $actions)) ? Security::remove_XSS($_GET['action']) : '';
$to_group = '';
$subject = '';
$message = '';
@ -75,24 +69,15 @@ if (!empty($group_id) && $allowed_action) {
}
}
$page_item = !empty($_GET['topics_page_nr']) ? intval(
$_GET['topics_page_nr']
) : 1;
$param_item_page = isset($_GET['items_page_nr']) && isset($_GET['topic_id']) ? ('&items_' . intval(
$_GET['topic_id']
) . '_page_nr=' . (!empty($_GET['topics_page_nr']) ? intval(
$_GET['topics_page_nr']
) : 1)) : '';
$page_item = !empty($_GET['topics_page_nr']) ? intval($_GET['topics_page_nr']) : 1;
$param_item_page = isset($_GET['items_page_nr']) && isset($_GET['topic_id']) ? ('&items_' . intval($_GET['topic_id']) . '_page_nr=' . (!empty($_GET['topics_page_nr']) ? intval($_GET['topics_page_nr']) : 1)) : '';
$param_item_page .= '&topic_id=' . intval($_GET['topic_id']);
$page_topic = !empty($_GET['topics_page_nr']) ? intval(
$_GET['topics_page_nr']
) : 1;
$page_topic = !empty($_GET['topics_page_nr']) ? intval($_GET['topics_page_nr']) : 1;
$anchor = isset($_GET['anchor_topic']) ? Security::remove_XSS($_GET['anchor_topic']) : null;
?>
<form name="form"
action="group_topics.php?id=<?php echo $group_id ?>&anchor_topic=<?php echo Security::remove_XSS(
$_GET['anchor_topic']
) ?>&topics_page_nr=<?php echo $page_topic . $param_item_page ?>"
action="group_topics.php?id=<?php echo $group_id ?>&anchor_topic=<?php echo $anchor; ?>&topics_page_nr=<?php echo $page_topic . $param_item_page ?>"
method="POST" enctype="multipart/form-data">
<input type="hidden" name="action" value="<?php echo $allowed_action ?>"/>
<input type="hidden" name="group_id" value="<?php echo $group_id ?>"/>

28
main/social/search.php
Unescape View File

@ -4,12 +4,11 @@
* @package chamilo.social
* @author Julio Montoya <gugli100@gmail.com>
*/
/**
* Initialization
*/
// name of the language file that needs to be included
$language_file = array('registration', 'admin', 'userInfo');
$cidReset = true;
$cidReset = true;
require_once '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'group_portal_manager.lib.php';
require_once api_get_path(LIBRARY_PATH).'magpierss/rss_fetch.inc';
@ -136,26 +135,30 @@ $this_section = SECTION_SOCIAL;
$tool_name = get_lang('Search');
$interbreadcrumb[] = array('url' => 'profile.php', 'name' => get_lang('SocialNetwork'));
$query = isset($_GET['q']) ? Database::escape_string($_GET['q']) : null;
$query = isset($_GET['q']) ? Security::remove_XSS($_GET['q']): null;
$query_search_type = isset($_GET['search_type']) && in_array($_GET['search_type'], array('0','1','2')) ? $_GET['search_type'] : null;
$extra_fields = UserManager::get_extra_filtrable_fields();
$query_vars = array('q' => $query, 'search_type' => $query_search_type);
foreach ($extra_fields as $extra_field) {
$field_name = 'field_'.$extra_field['variable'];
if (isset($_GET[$field_name]) && $_GET[$field_name]!='0') {
$query_vars[$field_name]=$_GET[$field_name];
if (!empty($extra_fields)) {
foreach ($extra_fields as $extra_field) {
$field_name = 'field_' . $extra_field['variable'];
if (isset($_GET[$field_name]) && $_GET[$field_name] != '0') {
$query_vars[$field_name] = $_GET[$field_name];
}
}
}
$social_avatar_block = SocialManager::show_social_avatar_block('search');
$social_menu_block = SocialManager::show_social_menu('search');
$social_right_content = '<div class="span9">'.UserManager::get_search_form($query).'</div>';
$groups = array();
$totalGroups = array();
// I'm searching something
if ($query != '' || ($query_vars['search_type']=='1' && count($query_vars)>2) ) {
$itemPerPage = 9;
if ($_GET['search_type']=='0' || $_GET['search_type']=='1') {
$page = isset($_GET['users_page_nr']) ? intval($_GET['users_page_nr']) : 1;
$totalUsers = UserManager::get_all_user_tags($_GET['q'], 0, 0, $itemPerPage, true);
@ -169,7 +172,6 @@ if ($query != '' || ($query_vars['search_type']=='1' && count($query_vars)>2) )
$pageGroup = isset($_GET['groups_page_nr']) ? intval($_GET['groups_page_nr']) : 1;
// Groups
$fromGroups = intval(($pageGroup - 1) * $itemPerPage);
$totalGroups = GroupPortalManager::get_all_group_tags($_GET['q'], 0, $itemPerPage, true);
$groups = GroupPortalManager::get_all_group_tags($_GET['q'], $fromGroups, $itemPerPage);
}
@ -216,9 +218,7 @@ if ($query != '' || ($query_vars['search_type']=='1' && count($query_vars)>2) )
}
$tag = isset($user['tag']) ? ' <br /><br />'.$user['tag'] : null;
$user_info['complete_name'] = Display::url($status_icon.$user_info['complete_name'], $url);
$invitations = $user['tag'].$send_inv.$send_msg;
$results .= '<li class="span3">

9
main/survey/survey.lib.php
Unescape View File

@ -872,6 +872,7 @@ class survey_manager
$sql = "SELECT * FROM $table_survey_question_option
WHERE c_id = $course_id AND survey_id='".Database::escape_string($survey_id)."'";
$result = Database::query($sql);
$return = array();
while ($row = Database::fetch_array($result, 'ASSOC')) {
$return[$row['question_id']]['answers'][] = $row['option_text'];
}
@ -2631,7 +2632,7 @@ class SurveyUtil
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @version February 2007
*/
static function handle_reporting_actions($survey_data, $people_filled)
public static function handle_reporting_actions($survey_data, $people_filled)
{
$action = isset($_GET['action']) ? $_GET['action'] : null;
@ -2639,7 +2640,8 @@ class SurveyUtil
$temp_questions_data = survey_manager::get_questions($_GET['survey_id']);
// Sorting like they should be displayed and removing the non-answer question types (comment and pagebreak)
$my_temp_questions_data=($temp_questions_data==null) ? array() : $temp_questions_data;
$my_temp_questions_data = ($temp_questions_data==null) ? array() : $temp_questions_data;
$questions_data = array();
foreach ($my_temp_questions_data as $key => & $value) {
if ($value['type'] != 'comment' && $value['type'] != 'pagebreak') {
$questions_data[$value['sort']] = $value;
@ -2892,6 +2894,7 @@ class SurveyUtil
}
$currentQuestion = isset($_GET['question']) ? $_GET['question'] : 0;
$question = array();
echo '<div class="actions">';
echo '<a href="'.api_get_path(WEB_CODE_PATH).'survey/reporting.php?survey_id='.Security::remove_XSS($_GET['survey_id']).'">'.
@ -2938,7 +2941,7 @@ class SurveyUtil
}
}
echo $question['survey_question'];
echo isset($question['survey_question']) ? $question['survey_question'] : null;
if ($question['type'] == 'score') {
/** @todo This function should return the options as this is needed further in the code */

1
main/survey/survey_list.php
Unescape View File

@ -38,6 +38,7 @@ event_access_tool(TOOL_SURVEY);
* of the code)
*/
$courseInfo = api_get_course_info();
$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
api_get_user_id(),
$courseInfo

19
main/template/default/auth/courses_categories.php
Unescape View File

@ -7,7 +7,7 @@
* @package chamilo.auth
*/
if (Security::remove_XSS($_REQUEST['action']) !== 'subscribe') {
if (isset($_REQUEST['action']) && Security::remove_XSS($_REQUEST['action']) !== 'subscribe') {
$stok = Security::get_token();
} else {
$stok = $_SESSION['sec_token'];
@ -33,6 +33,8 @@ if ($showSessions && isset($_POST['date'])) {
}
$userInfo = api_get_user_info();
$code = isset($code) ? $code : null;
?>
<script>
$(document).ready( function() {
@ -52,7 +54,7 @@ $userInfo = api_get_user_info();
}
});
});
$('.courses-list-btn').toggle(function (e) {
e.preventDefault();
@ -72,10 +74,8 @@ $userInfo = api_get_user_info();
},
success: function (response){
var $container = $el.prev('.course-list');
var $courseList = $('<ul>');
$.each(response, function (index, course){
$.each(response, function (index, course) {
$courseList.append('<li><div><strong>' + course.name + '</strong><br>' + course.coachName + '</div></li>');
});
@ -84,21 +84,18 @@ $userInfo = api_get_user_info();
});
}, function (e) {
e.preventDefault();
var $el = $(this);
var $container = $el.prev('.course-list');
$container.hide(250).empty();
$el.children('img').remove();
$el.prepend('<?php echo Display::display_icon('nolines_plus.gif'); ?>');
});
var getSessionId = function (el){
var getSessionId = function (el) {
var parts = el.id.split('_');
return parseInt(parts[1], 10);
};
<?php if ($showSessions) { ?>
$('#date').datepicker({
dateFormat: 'yy-mm-dd'

7
main/webservices/registration.soap.php
Unescape View File

@ -1600,7 +1600,7 @@ function WSEditUserWithPicture($params) {
// Get user id from id wiener
$user_id = UserManager::get_user_id_from_original_id($original_user_id_value, $original_user_id_name);
// Get picture and generate uri.
$filename = basename($picture_url);
$tempdir = sys_get_temp_dir();
@ -5462,10 +5462,10 @@ function WSListSessions($params) {
$sql_params = array();
// Dates should be provided in YYYY-MM-DD format, UTC
if (!empty($params['date_start'])) {
$sql_params['s.date_start >='] = $params['date_start'];
$sql_params['s.date_start'] = array('operator' => '>=', 'value' => $params['date_start']);
}
if (!empty($params['date_end'])) {
$sql_params['s.date_end <='] = $params['date_end'];
$sql_params['s.date_end'] = array('operator' => '<=', 'value' => $params['date_end']);
}
$sessions_list = SessionManager::get_sessions_list($sql_params);
$return_list = array();
@ -5478,6 +5478,7 @@ function WSListSessions($params) {
'date_end' => $session['date_end'],
);
}
return $return_list;
}

3
main/wiki/index.php
Unescape View File

@ -1,5 +1,6 @@
<?php
/* For licensing terms, see /license.txt */
/**
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University, Belgium
* @author Juan Carlos Raña <herodoto@telefonica.net>
@ -7,8 +8,6 @@
* @package chamilo.wiki
*/
use \ChamiloSession as Session;
// name of the language file that needs to be included
$language_file = 'wiki';

143
main/wiki/wiki.inc.php
Unescape View File

@ -1,15 +1,16 @@
<?php
/* For licensing terms, see /license.txt */
use \ChamiloSession as Session;
/**
* Class Wiki
* Functions library for the wiki tool
* @author Juan Carlos Raña <herodoto@telefonica.net>
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University, Belgium
* @author Julio Montoya <gugli100@gmail.com> using the pdf.lib.php library
* @package chamilo.wiki
*/
use \ChamiloSession as Session;
class Wiki
{
public $tbl_wiki;
@ -29,6 +30,9 @@ class Wiki
public $wikiData = array();
public $url;
/**
* Constructor
*/
public function __construct()
{
// Database table definition
@ -239,6 +243,7 @@ class Wiki
/**
* This function saves a change in a wiki page
* @author Patrick Cool <patrick.cool@ugent.be>, Ghent University
* @param array $values
* @return language string saying that the changes are stored
**/
public function save_wiki($values)
@ -267,20 +272,20 @@ class Wiki
// NOTE: visibility, visibility_disc and ratinglock_disc changes are not made here, but through the interce buttons
// cleaning the variables
$_clean['page_id'] = Database::escape_string($values['page_id']);
$_clean['reflink'] = Database::escape_string(trim($values['reflink']));
$_clean['title'] = Database::escape_string(trim($values['title']));
$_clean['content'] = Database::escape_string($values['content']);
$_clean['page_id'] = intval($values['page_id']);
$_clean['reflink'] = Database::escape_string(trim($values['reflink']));
$_clean['title'] = Database::escape_string(trim($values['title']));
$_clean['content'] = Database::escape_string($values['content']);
if (api_get_setting('htmlpurifier_wiki') == 'true'){
$purifier = new HTMLPurifier();
$_clean['content'] = $purifier->purify($_clean['content']);
}
$_clean['user_id'] = api_get_user_id();
$_clean['assignment'] = Database::escape_string($values['assignment']);
$_clean['comment'] = Database::escape_string($values['comment']);
$_clean['progress'] = Database::escape_string($values['progress']);
$_clean['version'] = intval($values['version']) + 1 ;
$_clean['linksto'] = self::links_to($_clean['content']); //and check links content
$_clean['user_id'] = api_get_user_id();
$_clean['assignment']= Database::escape_string($values['assignment']);
$_clean['comment'] = Database::escape_string($values['comment']);
$_clean['progress'] = Database::escape_string($values['progress']);
$_clean['version'] = intval($values['version']) + 1 ;
$_clean['linksto'] = self::links_to($_clean['content']); //and check links content
//cleaning config variables
if (!empty($values['task'])) {
@ -321,22 +326,30 @@ class Wiki
$sql = "INSERT INTO ".$tbl_wiki." (c_id, page_id, reflink, title, content, user_id, group_id, dtime, assignment, comment, progress, version, linksto, user_ip, session_id)
VALUES ($course_id, '".$_clean['page_id']."','".$_clean['reflink']."','".$_clean['title']."','".$_clean['content']."','".$_clean['user_id']."','".$groupId."','".$dtime."','".$_clean['assignment']."','".$_clean['comment']."','".$_clean['progress']."','".$_clean['version']."','".$_clean['linksto']."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."', '".Database::escape_string($session_id)."')";
Database::query($sql);
$Id = Database::insert_id();
if ($Id > 0) {
$id = Database::insert_id();
if ($id > 0) {
//insert into item_property
api_item_property_update(api_get_course_info(), TOOL_WIKI, $Id, 'WikiAdded', api_get_user_id(), $groupId);
api_item_property_update(
api_get_course_info(),
TOOL_WIKI,
$id,
'WikiAdded',
api_get_user_id(),
$groupId
);
}
if ($_clean['page_id'] ==0) {
$sql='UPDATE '.$tbl_wiki.' SET page_id="'.$Id.'" WHERE c_id = '.$course_id.' AND id="'.$Id.'"';
if ($_clean['page_id'] == 0) {
$sql='UPDATE '.$tbl_wiki.' SET page_id="'.$id.'" WHERE c_id = '.$course_id.' AND id="'.$id.'"';
Database::query($sql);
}
//update wiki config
if ($_clean['reflink']=='index' && $_clean['version']==1) {
$sql="INSERT INTO ".$tbl_wiki_conf." (c_id, page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit)
VALUES ($course_id, '".$Id."','".$_clean['task']."','".$_clean['feedback1']."','".$_clean['feedback2']."','".$_clean['feedback3']."','".$_clean['fprogress1']."','".$_clean['fprogress2']."','".$_clean['fprogress3']."','".$_clean['max_text']."','".$_clean['max_version']."','".$_clean['startdate_assig']."','".$_clean['enddate_assig']."','".$_clean['delayedsubmit']."')";
if ($values['reflink'] == 'index' && $_clean['version'] == 1 ) {
$sql = "INSERT INTO ".$tbl_wiki_conf." (c_id, page_id, task, feedback1, feedback2, feedback3, fprogress1, fprogress2, fprogress3, max_text, max_version, startdate_assig, enddate_assig, delayedsubmit)
VALUES ($course_id, '".$id."','".$_clean['task']."','".$_clean['feedback1']."','".$_clean['feedback2']."','".$_clean['feedback3']."','".$_clean['fprogress1']."','".$_clean['fprogress2']."','".$_clean['fprogress3']."','".$_clean['max_text']."','".$_clean['max_version']."','".$_clean['startdate_assig']."','".$_clean['enddate_assig']."','".$_clean['delayedsubmit']."')";
} else {
$sql = 'UPDATE '.$tbl_wiki_conf.' SET
task="'.$_clean['task'].'",
@ -355,10 +368,11 @@ class Wiki
page_id = "'.$_clean['page_id'].'" AND
c_id = '.$course_id;
}
Database::query($sql);
api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $groupId);
api_item_property_update($_course, 'wiki', $id, 'WikiAdded', api_get_user_id(), $groupId);
self::check_emailcue($_clean['reflink'], 'P', $dtime, $_clean['user_id']);
$this->setWikiData($Id);
$this->setWikiData($id);
return get_lang('Saved');
}
@ -403,8 +417,8 @@ class Wiki
($course_id, '".$r_page_id."','".$r_reflink."','".$r_title."','".$r_content."','".$r_user_id."','".$r_group_id."','".$r_dtime."','".$r_assignment."','".$r_comment."','".$r_progress."','".$r_version."','".$r_linksto."','".Database::escape_string($_SERVER['REMOTE_ADDR'])."','".Database::escape_string($session_id)."')";
Database::query($sql);
$Id = Database::insert_id();
api_item_property_update($_course, 'wiki', $Id, 'WikiAdded', api_get_user_id(), $r_group_id);
$id = Database::insert_id();
api_item_property_update($_course, 'wiki', $id, 'WikiAdded', api_get_user_id(), $r_group_id);
self::check_emailcue($r_reflink, 'P', $r_dtime, $r_user_id);
return get_lang('PageRestored');
@ -739,18 +753,17 @@ class Wiki
$KeyVisibility=$row['visibility'];
// second, show the last version
$sql = 'SELECT * FROM '.$tbl_wiki.' w , '.$tbl_wiki_conf.' wc
$sql = 'SELECT * FROM '.$tbl_wiki.' w INNER JOIN '.$tbl_wiki_conf.' wc
ON (wc.page_id = w.page_id AND wc.c_id = w.c_id)
WHERE
wc.c_id = '.$course_id.' AND
w.c_id = '.$course_id.' AND
wc.page_id = w.page_id AND
w.reflink = "'.Database::escape_string($pageMIX).'" AND
w.session_id = '.$session_id.' AND
w.'.$groupfilter.' '.$filter.'
ORDER BY id DESC';
$result = Database::query($sql);
$row = Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
$row = Database::fetch_array($result); // we do not need a while loop since we are always displaying the last version
//log users access to wiki (page_id)
if (!empty($row['page_id'])) {
@ -1286,7 +1299,7 @@ class Wiki
c_id = '.$course_id.' AND
reflink="'.Database::escape_string($page).'" AND
'.$groupfilter.$condition_session;
//Visibility. Value to all,not only for the first
//Visibility. Value to all,not only for the first
Database::query($sql);
//Although the value now is assigned to all (not only the first), these three lines remain necessary. They do that by changing the page state is made when you press the button and not have to wait to change his page
@ -2375,7 +2388,7 @@ class Wiki
WHERE
c_id = '.$course_id.' AND
is_editing="'.$isEditing.'" '.
$condition_session;
$condition_session;
Database::query($sql);
}
@ -3545,25 +3558,26 @@ class Wiki
//fix index to title Main page into linksto
if ($page == 'index') {
$page=str_replace(' ','_',get_lang('DefaultTitle'));
$page = str_replace(' ','_',get_lang('DefaultTitle'));
}
//table
if (api_is_allowed_to_edit(false,true) || api_is_platform_admin()) { //only by professors if page is hidden
if (api_is_allowed_to_edit(false,true) || api_is_platform_admin()) {
//only by professors if page is hidden
$sql = "SELECT * FROM ".$tbl_wiki." s1
WHERE s1.c_id = $course_id AND linksto LIKE '%".Database::escape_string($page)." %' AND id=(
WHERE s1.c_id = $course_id AND linksto LIKE '%".Database::escape_string($page)."%' AND id=(
SELECT MAX(s2.id) FROM ".$tbl_wiki." s2
WHERE s2.c_id = $course_id AND s1.reflink = s2.reflink AND ".$groupfilter.$condition_session.")";
//add blank space after like '%" " %' to identify each word
} else {
$sql = "SELECT * FROM ".$tbl_wiki." s1
WHERE s1.c_id = $course_id AND visibility=1 AND linksto LIKE '%".Database::escape_string($page)." %' AND id=(
WHERE s1.c_id = $course_id AND visibility=1 AND linksto LIKE '%".Database::escape_string($page)."%' AND id=(
SELECT MAX(s2.id) FROM ".$tbl_wiki." s2
WHERE s2.c_id = $course_id AND s1.reflink = s2.reflink AND ".$groupfilter.$condition_session.")";
//add blank space after like '%" " %' to identify each word
}
$allpages=Database::query($sql);
$allpages = Database::query($sql);
//show table
if (Database::num_rows($allpages) > 0) {
@ -3900,22 +3914,22 @@ class Wiki
self::setMessage(Display::display_normal_message($is_being_edited, false, true));
} else {
self::setMessage(Display::display_confirmation_message(
self::restore_wikipage(
$current_row['page_id'],
$current_row['reflink'],
$current_row['title'],
$current_row['content'],
$current_row['group_id'],
$current_row['assignment'],
$current_row['progress'],
$current_row['version'],
$last_row['version'],
$current_row['linksto']
).': <a href="index.php?cidReq='.$_course['code'].'&action=showpage&amp;title='.api_htmlentities(urlencode($last_row['reflink'])).'&session_id='.$last_row['session_id'].'&group_id='.$last_row['group_id'].'">'.
api_htmlentities($last_row['title']).'</a>',
false,
true
));
self::restore_wikipage(
$current_row['page_id'],
$current_row['reflink'],
$current_row['title'],
$current_row['content'],
$current_row['group_id'],
$current_row['assignment'],
$current_row['progress'],
$current_row['version'],
$last_row['version'],
$current_row['linksto']
).': <a href="index.php?cidReq='.$_course['code'].'&action=showpage&amp;title='.api_htmlentities(urlencode($last_row['reflink'])).'&session_id='.$last_row['session_id'].'&group_id='.$last_row['group_id'].'">'.
api_htmlentities($last_row['title']).'</a>',
false,
true
));
}
}
}
@ -4440,27 +4454,28 @@ class Wiki
$groupId = $this->group_id;
$userId = api_get_user_id();
if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {
if (api_get_session_id() != 0 && api_is_allowed_to_session_edit(false,true)==false) {
api_not_allowed();
}
$sql = 'SELECT *
FROM '.$tbl_wiki.', '.$tbl_wiki_conf.'
WHERE
'.$tbl_wiki.'.c_id = '.$course_id.' AND
'.$tbl_wiki_conf.'.c_id = '.$course_id.' AND
'.$tbl_wiki_conf.'.page_id='.$tbl_wiki.'.page_id AND
'.$tbl_wiki.'.reflink= "'.Database::escape_string($page).'" AND
'.$tbl_wiki.'.'.$groupfilter.$condition_session.'
FROM '.$tbl_wiki.' w INNER JOIN '.$tbl_wiki_conf.' c
ON (w.c_id = c.c_id AND w.page_id = c.page_id)
WHERE
w.c_id = '.$course_id.' AND
w.reflink= "'.Database::escape_string($page).'" AND
w.'.$groupfilter.$condition_session.'
ORDER BY id DESC';
$result = Database::query($sql);
$row = Database::fetch_array($result);
// we do not need a while loop since we are always displaying the last version
if ($row['content']=='' AND $row['title']=='' AND $page=='') {
self::setMessage(Display::display_error_message(get_lang('MustSelectPage'), false, true));
return;
} elseif ($row['content']=='' AND $row['title']=='' AND $page=='index') {
//Table structure for better export to pdf
$default_table_for_content_Start='<table align="center" border="0"><tr><td align="center">';
$default_table_for_content_End='</td></tr></table>';
@ -4474,7 +4489,9 @@ class Wiki
}
//Only teachers and platform admin can edit the index page. Only teachers and platform admin can edit an assignment teacher. And users in groups
if (($row['reflink']=='index' || $row['reflink']=='' || $row['assignment']==1) && (!api_is_allowed_to_edit(false,true) && intval($_GET['group_id'])==0)) {
if (($row['reflink']=='index' || $row['reflink']=='' || $row['assignment']==1) &&
(!api_is_allowed_to_edit(false,true) && intval($_GET['group_id'])==0)
) {
self::setMessage(Display::display_error_message(get_lang('OnlyEditPagesCourseManager'), false, true));
} else {
$PassEdit=false;
@ -4535,7 +4552,7 @@ class Wiki
$row['enddate_assig']!='0000-00-00 00:00:00' &&
$row['delayedsubmit']==0
) {
$message=get_lang('TheDeadlineHasBeenCompleted').': '.api_get_local_time($row['enddate_assig'], null, date_default_timezone_get());
$message = get_lang('TheDeadlineHasBeenCompleted').': '.api_get_local_time($row['enddate_assig'], null, date_default_timezone_get());
self::setMessage(Display::display_warning_message($message, false, true));
if (!api_is_allowed_to_edit(false,true)) {
return;
@ -4644,6 +4661,7 @@ class Wiki
$row['title'] = $title;
$row['page_id'] = $page_id;
$row['reflink'] = $page;
$row['content'] = $content;
$form->setDefaults($row);
$form->display();
@ -4659,6 +4677,7 @@ class Wiki
//prevent concurrent users and double version
self::setMessage(Display::display_error_message(get_lang("EditedByAnotherUser"), false, true));
} else {
$return_message = self::save_wiki($form->exportValues());
self::setMessage(Display::display_confirmation_message($return_message, false, true));
}

6
main/work/downloadfolder.inc.php
Unescape View File

@ -10,14 +10,16 @@
$work_id = $_GET['id'];
require_once '../inc/global.inc.php';
$current_course_tool = TOOL_STUDENTPUBLICATION;
$_course = api_get_course_info();
//protection
// Protection
api_protect_course_script(true);
require_once 'work.lib.php';
$work_data = get_work_data_by_id($work_id);
$groupId = api_get_group_id();
if (empty($work_data)) {
exit;
}
@ -59,7 +61,7 @@ if (array_key_exists('filename', $work_data)) {
$filenameCondition = ", filename";
}
if (api_is_allowed_to_edit()) {
if (api_is_allowed_to_edit() || api_is_coach()) {
//Search for all files that are not deleted => visibility != 2
$sql = "SELECT DISTINCT
url,

14
main/work/student_work.php
Unescape View File

@ -39,7 +39,7 @@ if (!empty($group_id)) {
} else {
// you are not a teacher
$show_work = GroupManager::user_has_access(
$user_id,
api_get_user_id(),
$group_id,
GroupManager::GROUP_TOOL_WORK
);
@ -58,7 +58,7 @@ if (!empty($group_id)) {
'name' => get_lang('GroupSpace').' '.$group_properties['name']
);
} else {
if (!api_is_allowed_to_edit(false, true)) {
if (!(api_is_allowed_to_edit() || api_is_coach())) {
api_not_allowed(true);
}
}
@ -178,8 +178,14 @@ foreach ($workPerUser as $work) {
$url = api_get_path(WEB_CODE_PATH).'work/download.php?'.api_get_cidreq().'&id='.$itemId;
$links .= Display::url(Display::return_icon('save.png', get_lang('Download')), $url);
}
$url = api_get_path(WEB_CODE_PATH).'work/edit.php?'.api_get_cidreq().'&item_id='.$itemId.'&id='.$workId.'&parent_id='.$workId;
$links .= Display::url(Display::return_icon('rate_work.png', get_lang('Comment')), $url);
if (api_is_allowed_to_edit()) {
$url = api_get_path(WEB_CODE_PATH).'work/edit.php?'.api_get_cidreq().'&item_id='.$itemId.'&id='.$workId.'&parent_id='.$workId;
$links .= Display::url(
Display::return_icon('rate_work.png', get_lang('Comment')),
$url
);
}
$table->setCellContents($row, $column, $links);

17
main/work/view.php
Unescape View File

@ -35,14 +35,14 @@ $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
$courseInfo
);
if ((user_is_author($id) || $isDrhOfCourse) ||
if ((user_is_author($id) || $isDrhOfCourse || (api_is_allowed_to_edit() || api_is_coach())) ||
(
$courseInfo['show_score'] == 0 &&
$work['active'] == 1 &&
$work['accepted'] == 1
)
) {
if (api_is_allowed_to_edit(null, true) || api_is_drh()) {
if ((api_is_allowed_to_edit() || api_is_coach()) || api_is_drh()) {
$url_dir = 'work_list_all.php?id='.$my_folder_data['id'];
} else {
$url_dir = 'work_list.php?id='.$my_folder_data['id'];
@ -51,8 +51,13 @@ if ((user_is_author($id) || $isDrhOfCourse) ||
$interbreadcrumb[] = array('url' => $url_dir, 'name' => $my_folder_data['title']);
$interbreadcrumb[] = array('url' => '#','name' => $work['title']);
//|| api_is_drh()
if (($courseInfo['show_score'] == 0 && $work['active'] == 1 && $work['accepted'] == 1) ||
(api_is_allowed_to_edit()) || user_is_author($id) || $isDrhOfCourse
if (($courseInfo['show_score'] == 0 &&
$work['active'] == 1 &&
$work['accepted'] == 1
) ||
(api_is_allowed_to_edit() || api_is_coach()) ||
user_is_author($id) ||
$isDrhOfCourse
) {
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
switch ($action) {
@ -89,7 +94,9 @@ if ((user_is_author($id) || $isDrhOfCourse) ||
$tpl->assign('work', $work);
$tpl->assign('work_comment_enabled', ALLOW_USER_COMMENTS);
$tpl->assign('comments', $comments);
$tpl->assign('form', $commentForm);
if (api_is_allowed_to_session_edit()) {
$tpl->assign('form', $commentForm);
}
$tpl->assign('is_allowed_to_edit', api_is_allowed_to_edit());
$template = $tpl->get_template('work/view.tpl');

32
main/work/work.lib.php
Unescape View File

@ -1828,12 +1828,12 @@ function getWorkListTeacher(
) {
$workTable = Database::get_course_table(TABLE_STUDENT_PUBLICATION);
$workTableAssignment = Database::get_course_table(TABLE_STUDENT_PUBLICATION_ASSIGNMENT);
$courseInfo = api_get_course_info();
$course_id = api_get_course_int_id();
$session_id = api_get_session_id();
$condition_session = api_get_session_condition($session_id);
$group_id = api_get_group_id();
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$is_allowed_to_edit = api_is_allowed_to_edit() || api_is_coach();
if (!in_array($direction, array('asc', 'desc'))) {
$direction = 'desc';
@ -1931,9 +1931,18 @@ function getWorkListTeacher(
);
}
$deleteUrl = api_get_path(WEB_CODE_PATH).'work/work.php?id='.$workId.'&action=delete_dir&'.api_get_cidreq();
$deleteLink = '<a href="#" onclick="showConfirmationPopup(this, \''.$deleteUrl.'\' ) " >'.
Display::return_icon('delete.png', get_lang('Delete'), array(), ICON_SIZE_SMALL).'</a>';
$deleteLink = '<a href="#" onclick="showConfirmationPopup(this, \'' . $deleteUrl . '\' ) " >' .
Display::return_icon(
'delete.png',
get_lang('Delete'),
array(),
ICON_SIZE_SMALL
) . '</a>';
if (!api_is_allowed_to_edit()) {
$deleteLink = null;
$editLink = null;
}
$work['actions'] = $downloadLink.$editLink.$deleteLink;
$works[] = $work;
}
@ -2184,7 +2193,7 @@ function get_work_user_list(
}
$work_data = get_work_data_by_id($work_id);
$is_allowed_to_edit = api_is_allowed_to_edit(null, true);
$is_allowed_to_edit = api_is_allowed_to_edit() || api_is_coach();
$condition_session = api_get_session_condition($session_id);
$locked = api_resource_is_locked_by_gradebook($work_id, LINK_STUDENTPUBLICATION);
@ -2377,7 +2386,7 @@ function get_work_user_list(
// Actions.
$action = '';
if ($is_allowed_to_edit) {
if (api_is_allowed_to_edit()) {
$action .= '<a href="'.$url.'view.php?'.api_get_cidreq().'&id='.$item_id.'" title="'.get_lang('View').'">'.
Display::return_icon('default.png', get_lang('View'),array(), ICON_SIZE_SMALL).'</a> ';
@ -3632,6 +3641,7 @@ function getWorkCommentForm($work)
$form->addElement('checkbox', 'send_mail', null, get_lang('SendMail'));
}
$form->addElement('button', 'button', get_lang('Send'));
return $form->return_form();
}
@ -4682,15 +4692,17 @@ function getWorkUserList($courseCode, $sessionId, $groupId, $start, $limit, $sid
} else {
$limitString = null;
if (!empty($start) && !empty($limit)) {
$start = intval($start);
$limit = intval($limit);
$limitString = " LIMIT $start, $limit";
}
$orderBy = null;
if (!empty($sidx) && !empty($sord)) {
$sidx = Database::escape_string($sidx);
$sord = Database::escape_string($sord);
$orderBy = "ORDER BY $sidx $sord";
if (in_array($sidx, array('firstname', 'lastname'))) {
$orderBy = "ORDER BY $sidx $sord";
}
}
if (empty($sessionId)) {

2
main/work/work.php
Unescape View File

@ -289,7 +289,7 @@ switch ($action) {
get_lang('Description').':</strong><p>'.Security::remove_XSS($my_folder_data['description'], STUDENT).
'</p></div></p>';
}
if (api_is_allowed_to_edit()) {
if (api_is_allowed_to_edit() || api_is_coach()) {
// Work list
$content .= '<div class="row">';
$content .= '<div class="span9">';

4
main/work/work_list_all.php
Unescape View File

@ -15,7 +15,7 @@ require_once 'work.lib.php';
$this_section = SECTION_COURSES;
$workId = isset($_GET['id']) ? intval($_GET['id']) : null;
$is_allowed_to_edit = api_is_allowed_to_edit();
$is_allowed_to_edit = api_is_allowed_to_edit() || api_is_coach();
if (empty($workId)) {
api_not_allowed(true);
@ -33,7 +33,7 @@ $isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
api_get_course_info()
);
if (!(api_is_allowed_to_edit() || $isDrhOfCourse)) {
if (!($is_allowed_to_edit || $isDrhOfCourse)) {
api_not_allowed(true);
}

Write Preview
Loading…
Cancel
Save