chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #347 - Blogs, Agenda, Chat, and Course description tool: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent ca91ba7bc3
commit d7374d430e
14 changed files with 138 additions and 138 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      main/blog/blog.php
  2. 2
      main/blog/download.php
  3. 92
      main/calendar/agenda.inc.php
  4. 2
      main/calendar/download.php
  5. 26
      main/calendar/myagenda.inc.php
  6. 2
      main/calendar/print.php
  7. 6
      main/chat/chat_chat.php
  8. 32
      main/chat/chat_functions.lib.php
  9. 16
      main/chat/chat_hidden.php
  10. 4
      main/chat/chat_message.php
  11. 32
      main/chat/chat_whoisonline.php
  12. 14
      main/course_home/2column.php
  13. 2
      main/course_home/3column.php
  14. 44
      main/course_home/activity.php

2
main/blog/blog.php
Unescape View File

@ -385,7 +385,7 @@ else
user_id = ".api_get_user_id()." AND
task_id = ".$task_id;
$result = Database::query($sql, __LINE__, __FILE__);
$result = Database::query($sql);
$row = Database::fetch_array($result);
if ($row['number'] == 1)

2
main/blog/download.php
Unescape View File

@ -82,7 +82,7 @@ event_download($doc_url);
$sql = 'SELECT filename FROM '.$tbl_blogs_attachment.' WHERE path LIKE BINARY "'.$doc_url.'"';
$result= Database::query($sql, __FILE__, __LINE__);
$result= Database::query($sql);
$row= Database::fetch_array($result);
DocumentManager::file_send_for_download($full_file_name,TRUE, $row['filename']);
exit;

92
main/calendar/agenda.inc.php
Unescape View File

@ -266,7 +266,7 @@ function get_calendar_items($month, $year)
} // you are a student
//echo "<pre>".$sql."</pre>";
$result=Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result=Database::query($sql) or die(Database::error());
/////////////////
$data=array();
@ -446,7 +446,7 @@ function display_monthcalendar($month, $year)
$start_time= date("H:i",strtotime($value['start_date']));
$end_time= date("H:i",strtotime($value['end_date']));
if ($value['end_date']=='0000-00-00 00:00:00'){
if ($value['end_date']=='0000-00-00 00:00:00'){
$dayheader .= '<br />'.get_lang("Work").'<br />';
$dayheader .= $value['title'];
$dayheader .= '<br/>';
@ -666,7 +666,7 @@ function selectAll(cbList,bSelect,showwarning)
msg_err2 = document.getElementById(\"err_start_date\");
msg_err3 = document.getElementById(\"err_end_date\");
msg_err4 = document.getElementById(\"err_title\");
if (start_date > ends_date) {
msg_err1.style.display =\"block\";
msg_err1.innerHTML=\"".get_lang('EndDateCannotBeBeforeTheStartDate')."\";
@ -779,7 +779,7 @@ function get_course_users()
FROM $tbl_user as u, $tbl_courseUser as cu
WHERE cu.course_code = '".$_cid."'
AND cu.user_id = u.user_id $courseadmin_filter".$order_clause;
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
while($user=Database::fetch_array($result)){
$users[$user[0]] = $user;
}
@ -792,7 +792,7 @@ function get_course_users()
WHERE id_session='".intval($_SESSION['id_session'])."'
AND course_code='$_cid'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
while($user=Database::fetch_array($result)){
$users[$user[0]] = $user;
}
@ -845,7 +845,7 @@ function show_to_form($to_already_selected)
"value=\" class=\"arrow\" \" />";
*/
?>
<button class="arrowr" type="button" onclick="move(document.getElementById('not_selected_form'), document.getElementById('selected_form'))" onclick="move(document.getElementById('not_selected_form'), document.getElementById('selected_form'))"></button>
<button class="arrowr" type="button" onclick="move(document.getElementById('not_selected_form'), document.getElementById('selected_form'))" onclick="move(document.getElementById('not_selected_form'), document.getElementById('selected_form'))"></button>
<br /> <br />
<button class="arrowl" type="button" onclick="move(document.getElementById('selected_form'), document.getElementById('not_selected_form'))" onclick="move(document.getElementById('selected_form'), document.getElementById('not_selected_form'))"></button>
<?php
@ -1013,7 +1013,7 @@ function store_new_agenda_item() {
(title,content, start_date, end_date)
VALUES
('".$title."','".$content."', '".$start_date."','".$end_date."')";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$last_id = Database::insert_id();
// store in last_tooledit (first the groups, then the users
@ -1055,7 +1055,7 @@ function store_new_agenda_item() {
if ($end > $now && in_array($type,array('daily','weekly','monthlyByDate','monthlyByDay','monthlyByDayR','yearly'))) {
$sql = "INSERT INTO $t_agenda_repeat (cal_id, cal_type, cal_end)" .
" VALUES ($last_id,'$type',$end)";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
}
}
}
@ -1076,13 +1076,13 @@ function store_agenda_item_as_announcement($item_id){
$item_id=Database::escape_string($item_id);
$sql = "SELECT * FROM $table_agenda WHERE id = '".$item_id."'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)>0){
$row = Database::fetch_array($res);
//we have the agenda event, copy it
//get the maximum value for display order in announcement table
$sql_max = "SELECT MAX(display_order) FROM $table_ann";
$res_max = Database::query($sql_max,__FILE__,__LINE__);
$res_max = Database::query($sql_max);
$row_max = Database::fetch_array($res_max);
$max = $row_max[0]+1;
//build the announcement text
@ -1091,7 +1091,7 @@ function store_agenda_item_as_announcement($item_id){
$session_id = api_get_session_id();
$sql_ins = "INSERT INTO $table_ann (title,content,end_date,display_order,session_id) " .
"VALUES ('".Security::remove_XSS($row['title'])."','".$content."','".$row['end_date']."','$max','$session_id')";
$res_ins = Database::query($sql_ins,__FILE__,__LINE__);
$res_ins = Database::query($sql_ins);
if($res > 0)
{
$ann_id = Database::insert_id();
@ -1099,7 +1099,7 @@ function store_agenda_item_as_announcement($item_id){
//and copy them into announcement item_properties
$table_props = Database::get_course_table(TABLE_ITEM_PROPERTY);
$sql_props = "SELECT * FROM $table_props WHERE tool = 'calendar_event' AND ref='$item_id'";
$res_props = Database::query($sql_props,__FILE__,__LINE__);
$res_props = Database::query($sql_props);
if(Database::num_rows($res_props)>0)
{
while($row_props = Database::fetch_array($res_props))
@ -1116,7 +1116,7 @@ function store_agenda_item_as_announcement($item_id){
"'$time','$ann_id','AnnouncementAdded'," .
"'".$row_props['last_edit_user_id']."','".$row_props['to_group_id']."','".$row_props['to_user_id']."'," .
"'".$row_props['visibility']."','".$row_props['start_visible']."','".$row_props['end_visible']."')";
$res_ins_props = Database::query($sql_ins_props,__FILE__,__LINE__);
$res_ins_props = Database::query($sql_ins_props);
if($res_ins_props <= 0){
error_log('SQL Error in '.__FILE__.' at line '.__LINE__.': '.$sql_ins_props);
}else{
@ -1181,7 +1181,7 @@ function sent_to($tool, $id)
$id=Database::escape_string($id);
$sql="SELECT * FROM $TABLE_ITEM_PROPERTY WHERE tool='".$tool."' AND ref='".$id."'";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
// if to_group_id is null then it is sent to a specific user
@ -1408,7 +1408,7 @@ function load_edit_users($tool, $id)
$TABLE_ITEM_PROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
$sql="SELECT * FROM $TABLE_ITEM_PROPERTY WHERE tool='$tool' AND ref='$id'";
$result=Database::query($sql,__FILE__,__LINE__) or die (Database::error());
$result=Database::query($sql) or die (Database::error());
while ($row=Database::fetch_array($result))
{
$to_group=$row['to_group_id'];
@ -1443,7 +1443,7 @@ function change_visibility($tool,$id,$visibility)
$id=Database::escape_string($id);
/*
$sql="SELECT * FROM $TABLE_ITEM_PROPERTY WHERE tool='".TOOL_CALENDAR_EVENT."' AND ref='$id'";
$result=Database::query($sql,__FILE__,__LINE__) or die (Database::error());
$result=Database::query($sql) or die (Database::error());
$row=Database::fetch_array($result);
*/
if ($visibility == 0)
@ -1539,7 +1539,7 @@ function get_agenda_item($id)
}
if(empty($id)){return $item;}
$sql = "SELECT * FROM ".$TABLEAGENDA." WHERE id='".$id."'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$entry_to_edit = Database::fetch_array($result);
$item['title'] = $entry_to_edit["title"];
$item['content'] = $entry_to_edit["content"];
@ -1557,7 +1557,7 @@ function get_agenda_item($id)
}
$item['repeat'] = false;
$sql = "SELECT * FROM $t_agenda_repeat WHERE cal_id = $id";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)>0)
{
//this event is repetitive
@ -1609,7 +1609,7 @@ function store_edited_agenda_item($id_attach,$file_comment)
// 2.a. delete everything for the users
$sql_delete="DELETE FROM ".$TABLE_ITEM_PROPERTY." WHERE ref='$id' AND tool='".TOOL_CALENDAR_EVENT."'";
$result = Database::query($sql_delete,__FILE__,__LINE__) or die (Database::error());
$result = Database::query($sql_delete) or die (Database::error());
// 2.b. storing the new users/groups
if (!is_null($to)) // !is_null($to): when no user is selected we send it to everyone
{
@ -1667,7 +1667,7 @@ function save_edit_agenda_item($id,$title,$content,$start_date,$end_date)
start_date='".$start_date."',
end_date='".$end_date."'
WHERE id='".$id."'";
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error());
$result = Database::query($sql) or die (Database::error());
return true;
}
@ -1692,11 +1692,11 @@ function delete_agenda_item($id)
$t_agenda_r = Database::get_course_table(TABLE_AGENDA_REPEAT);
$id=(int)addslashes($_GET['id']);
$sql = "SELECT * FROM $t_agenda_r WHERE cal_id = $id";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)>0)
{
$sql_children = "SELECT * FROM $t_agenda WHERE parent_event_id = $id";
$res_children = Database::query($sql_children,__FILE__,__LINE__);
$res_children = Database::query($sql_children);
if(Database::num_rows($res_children)>0)
{
while ($row_child = Database::fetch_array($res_children))
@ -1705,11 +1705,11 @@ function delete_agenda_item($id)
}
}
$sql_del = "DELETE FROM $t_agenda_r WHERE cal_id = $id";
$res_del = Database::query($sql_del,__FILE__,__LINE__);
$res_del = Database::query($sql_del);
}
//$sql = "DELETE FROM ".$TABLEAGENDA." WHERE id='$id'";
//$sql= "UPDATE ".$TABLE_ITEM_PROPERTY." SET visibility='2' WHERE tool='Agenda' and ref='$id'";
//$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error());
//$result = Database::query($sql) or die (Database::error());
api_item_property_update($_course,TOOL_CALENDAR_EVENT,$id,'delete',api_get_user_id());
// delete the resources that were added to this agenda item
@ -1903,12 +1903,12 @@ function display_agenda_items()
$session_condition
GROUP BY ip.ref
ORDER BY start_date ".$_SESSION['sort'];
//removed - > AND toolitemproperties.visibility='1'
//removed - > AND toolitemproperties.visibility='1'
}
// A.3 you are a course admin without any group or user filter
else
{
// A.3.a you are a course admin without user or group filter but WITH studentview
// => see all the messages of all the users and groups without editing possibilities
if ($_GET['isStudentView']=='true')
@ -2011,7 +2011,7 @@ function display_agenda_items()
if ($_user['user_id'])
{
$sql="SELECT
agenda.*, ip.visibility, ip.to_group_id, ip.insert_user_id, ip.ref
agenda.*, ip.visibility, ip.to_group_id, ip.insert_user_id, ip.ref
FROM ".$TABLEAGENDA." agenda, ".$TABLE_ITEM_PROPERTY." ip
WHERE agenda.id = ip.ref ".$show_all_current."
AND ip.tool='".TOOL_CALENDAR_EVENT."'
@ -2036,7 +2036,7 @@ function display_agenda_items()
} // you are a student
//echo "<pre>".$sql."</pre>";
$result=Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result=Database::query($sql) or die(Database::error());
$number_items=Database::num_rows($result);
/*--------------------------------------------------
@ -2147,7 +2147,7 @@ function display_agenda_items()
echo get_lang("EndTimeWindow").": ";
echo api_ucfirst(format_locale_date($dateFormatLong,strtotime($myrow["end_date"])))."&nbsp;&nbsp;&nbsp;";
echo api_ucfirst(strftime($timeNoSecFormat,strtotime($myrow["end_date"])))."";
}
}
echo "</td>\n";
// attachment list
@ -2303,7 +2303,7 @@ function get_attachment($agenda_id) {
$agenda_id=Database::escape_string($agenda_id);
$row=array();
$sql = 'SELECT id,path, filename,comment FROM '. $agenda_table_attachment.' WHERE agenda_id = '.(int)$agenda_id.'';
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
if (Database::num_rows($result)!=0) {
$row=Database::fetch_array($result);
}
@ -2340,12 +2340,12 @@ function display_one_agenda_item($agenda_id)
AND ip.tool='".TOOL_CALENDAR_EVENT."'
AND ip.visibility='1'
AND agenda.id='$agenda_id'";
$result=Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result=Database::query($sql) or die(Database::error());
$number_items=Database::num_rows($result);
$myrow=Database::fetch_array($result); // there should be only one item so no need for a while loop
$sql_rep = "SELECT * FROM $TABLEAGENDA WHERE id = $agenda_id AND parent_event_id IS NOT NULL AND parent_event_id !=0";
$res_rep = Database::query($sql_rep,__FILE__,__LINE__);
$res_rep = Database::query($sql_rep);
$repeat = false;
$repeat_id = 0;
if(Database::num_rows($res_rep)>0)
@ -3104,7 +3104,7 @@ function get_agendaitems($month, $year)
}
$mycourse = api_get_course_info();
$result = Database::query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery);
global $_configuration;
$root_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']==true) {
@ -3194,7 +3194,7 @@ function display_upcoming_events()
ORDER BY start_date ";
}
}
$result = Database::query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery);
$counter = 0;
while ($item = Database::fetch_array($result,'ASSOC'))
{
@ -3471,7 +3471,7 @@ function get_day_agendaitems($courses_dbs, $month, $year, $day)
//$sqlquery = "SELECT * FROM $agendadb WHERE DAYOFMONTH(day)='$day' AND month(day)='$month' AND year(day)='$year'";
//echo "abc";
//echo $sqlquery;
$result = Database::query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery);
//echo Database::num_rows($result);
while ($item = Database::fetch_array($result))
{
@ -3599,7 +3599,7 @@ function get_week_agendaitems($courses_dbs, $month, $year, $week = '')
// $sqlquery = "SELECT * FROM $agendadb WHERE (DAYOFMONTH(day)>='$start_day' AND DAYOFMONTH(day)<='$end_day')
// AND (MONTH(day)>='$start_month' AND MONTH(day)<='$end_month')
// AND (YEAR(day)>='$start_year' AND YEAR(day)<='$end_year')";
$result = Database::query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery);
while ($item = Database::fetch_array($result))
{
$agendaday = date("j",strtotime($item['start_date']));
@ -3685,7 +3685,7 @@ function get_repeated_events_day_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)>0)
{
while($row = Database::fetch_array($res))
@ -3812,7 +3812,7 @@ function get_repeated_events_week_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)>0)
{
while($row = Database::fetch_array($res))
@ -3943,7 +3943,7 @@ function get_repeated_events_month_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)>0)
{
while($row = Database::fetch_array($res))
@ -4114,7 +4114,7 @@ function get_repeated_events_list_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)>0)
{
while($row = Database::fetch_array($res))
@ -4293,7 +4293,7 @@ function is_repeated_event($id,$course=null)
$id = (int) $id;
$t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT,$course);
$sql = "SELECT * FROM $t_agenda_repeat WHERE cal_id = $id";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)>0)
{
return true;
@ -4383,7 +4383,7 @@ function agenda_add_item($course_info, $title, $content, $db_start_date, $db_end
AND item_property.ref = agenda.id
AND item_property.visibility <> 2
";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$count = Database::num_rows($result);
if ($count > 0) {
return false;
@ -4394,7 +4394,7 @@ function agenda_add_item($course_info, $title, $content, $db_start_date, $db_end
VALUES
('".$title."','".$content."', '".$start_date."','".$end_date."'".(!empty($parent_id)?','.((int)$parent_id):'').", '".$id_session."')";
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error());
$result = Database::query($sql) or die (Database::error());
$last_id=Database::insert_id();
// add a attachment file in agenda
@ -4573,7 +4573,7 @@ function agenda_add_repeat_item($course_info,$orig_id,$type,$end,$orig_dest,$fil
$t_agenda_r = Database::get_course_table(TABLE_AGENDA_REPEAT,$course_info['dbName']);
//$sql = "SELECT title, content, UNIX_TIMESTAMP(start_date) as sd, UNIX_TIMESTAMP(end_date) as ed FROM $t_agenda WHERE id = $orig_id";
$sql = 'SELECT title, content, start_date as sd, end_date as ed FROM '. $t_agenda.' WHERE id ="'.Database::escape_string($orig_id).'" ';
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)!==1){return false;}
$row = Database::fetch_array($res);
//$orig_start = $row['sd'];
@ -4617,7 +4617,7 @@ function agenda_add_repeat_item($course_info,$orig_id,$type,$end,$orig_dest,$fil
{
$sql = "INSERT INTO $t_agenda_r (cal_id, cal_type, cal_end)" .
" VALUES ($orig_id,'$type',$end)";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
switch($type)
{
case 'daily':
@ -4763,7 +4763,7 @@ function get_global_agenda_items($agendaitems, $day = "", $month = "", $year = "
$end_filter = $year."-".$month."-".$day." 23:59:59";
$sql = " SELECT * FROM ".$tbl_global_agenda." WHERE start_date>='".$start_filter."' AND start_date<='".$end_filter."'";
}
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($item = Database::fetch_array($result))
{
// we break the date field in the database into a date and a time part

2
main/calendar/download.php
Unescape View File

@ -84,7 +84,7 @@ event_download($doc_url);
$sql='SELECT filename FROM '.$tbl_agenda_attachment.'
WHERE path LIKE BINARY "'.$doc_url.'"';
$result= Database::query($sql, __FILE__, __LINE__);
$result= Database::query($sql);
$row= Database::fetch_array($result);
$title = str_replace(' ','_', $row['filename']);
DocumentManager::file_send_for_download($full_file_name,TRUE, $title);

26
main/calendar/myagenda.inc.php
Unescape View File

@ -112,7 +112,7 @@ function get_myagendaitems($courses_dbs, $month, $year)
}
}
$result = Database::query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery);
while ($item = Database::fetch_array($result)) {
$agendaday = date("j",strtotime($item['start_date']));
if(!isset($items[$agendaday])){$items[$agendaday]=array();}
@ -311,7 +311,7 @@ function show_new_personal_item_form($id = "")
if ($id <> "")
{
$sql = "SELECT * FROM ".$tbl_personal_agenda." WHERE user='".$_user['user_id']."' AND id='".$id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$aantal = Database::num_rows($result);
if ($aantal <> 0)
{
@ -329,7 +329,7 @@ function show_new_personal_item_form($id = "")
return false;
}
}
echo '<form method="post" action="myagenda.php?action=add_personal_agenda_item&amp;id=$id" name="newedit_form">';
echo '<div id="newedit_form">';
echo '<div class="title">';
@ -339,7 +339,7 @@ function show_new_personal_item_form($id = "")
echo '<!-- date: 1 -> 31 -->';
echo '<br/>';
echo ''.get_lang("Date").': ';
// ********** The form containing the days (0->31) ********** \\
echo '<select name="frm_day">';
// small loop for filling all the dates
@ -475,7 +475,7 @@ function show_new_personal_item_form($id = "")
echo '</div>';
echo '</div>';
echo '</form>';
}
/**
* This function shows all the forms that are needed form adding a new personal agenda item
@ -503,7 +503,7 @@ function store_personal_item($day, $month, $year, $hour, $minute, $title, $conte
{ // we are adding a new item
$sql = "INSERT INTO $tbl_personal_agenda (user, title, text, date) VALUES ('".$_user['user_id']."','$title', '$content', '$date')";
}
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
/**
* This function finds all the courses (also those of sessions) of the user and returns an array containing the
@ -619,7 +619,7 @@ function get_personal_agenda_items($agendaitems, $day = "", $month = "", $year =
}
}
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($item = Database::fetch_array($result))
{
// we break the date field in the database into a date and a time part
@ -679,7 +679,7 @@ function get_personal_agenda_item($id)
// make sure events of the personal agenda can only be seen by the user himself
$user = api_get_user_id();
$sql = " SELECT * FROM ".$tbl_personal_agenda." WHERE id=".$id." AND user = ".$user;
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if(Database::num_rows($result)==1)
{
$item = Database::fetch_array($result);
@ -701,7 +701,7 @@ function show_personal_agenda()
global $_user;
// The SQL statement that retrieves all the personal agenda items of this user
$sql = "SELECT * FROM ".$tbl_personal_agenda." WHERE user='".$_user['user_id']."' ORDER BY date DESC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
// variable initialisation
$month_bar = "";
// setting the default day, month and year
@ -805,7 +805,7 @@ function show_simple_personal_agenda($user_id)
// The SQL statement that retrieves all the personal agenda items of this user
$sql = "SELECT * FROM ".$tbl_personal_agenda." WHERE user='".$user_id."' ORDER BY date DESC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
// variable initialisation
$month_bar = "";
// setting the default day, month and year
@ -884,12 +884,12 @@ function delete_personal_agenda($id)
if ($id <> '')
{
$sql = "SELECT * FROM ".$tbl_personal_agenda." WHERE user='".$_user['user_id']."' AND id='".$id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$aantal = Database::num_rows($result);
if ($aantal <> 0)
{
$sql = "DELETE FROM ".$tbl_personal_agenda." WHERE user='".$_user['user_id']."' AND id='".$id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
}
}
@ -965,7 +965,7 @@ function get_personal_agenda_items_between_dates($user_id, $date_start='', $date
}
}
$result = Database::query($sqlquery, __FILE__, __LINE__);
$result = Database::query($sqlquery);
while ($item = Database::fetch_array($result)) {
$agendaday = date("j",strtotime($item['start_date']));
$URL = api_get_path(WEB_PATH)."main/calendar/agenda.php?cidReq=".urlencode($course["code"])."&amp;day=$agendaday&amp;month=$month&amp;year=$year#$agendaday";

2
main/calendar/print.php
Unescape View File

@ -26,7 +26,7 @@ require_once '../inc/global.inc.php';
$TABLEAGENDA = Database::get_course_table(TABLE_AGENDA);
$sql = "SELECT * FROM $TABLEAGENDA WHERE id IN($id) ORDER BY start_date DESC";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
?>
<html>

6
main/chat/chat_chat.php
Unescape View File

@ -49,7 +49,7 @@ if (!empty($course))
$reset=$_GET['reset']?true:false;
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);
@ -84,7 +84,7 @@ if (!empty($course))
$doc_id=add_document($_course,$basepath_chat,'folder',0,'chat_files');
$sql = "INSERT INTO $TABLEITEMPROPERTY (tool,insert_user_id,insert_date,lastedit_date,ref,lastedit_type,lastedit_user_id,to_group_id,to_user_id,visibility)
VALUES ('document',1,NOW(),NOW(),$doc_id,'FolderCreated',1,$group_id,NULL,0)";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
}
@ -160,7 +160,7 @@ if (!empty($course))
if ($_GET["origin"]=='whoisonlinejoin') { //the joiner (we have to delete the chat request to him when he joins the chat)
$track_user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql="update $track_user_table set chatcall_user_id = '', chatcall_date = '', chatcall_text='' where (user_id = ".$_user['user_id'].")";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
}
echo '<div style="margin-left: 5px;">';

32
main/chat/chat_functions.lib.php
Unescape View File

@ -30,19 +30,19 @@
function exit_of_chat ($user_id) {
$list_course=array();
$list_course=CourseManager::get_courses_list_by_user_id($user_id);
$group_id = intval($_SESSION['id_group']);
$session_id = intval($_SESSION['id_session']);
$extra_condition = '';
if (!empty($group_id)) $extra_condition = " AND to_group_id = '$group_id'";
else $extra_condition = api_get_session_condition($session_id);
foreach($list_course as $courses) {
$response=user_connected_in_chat($user_id,$courses['db_name']);
if ($response===true) {
$tbl_chat_connected = Database::get_course_chat_connected_table($courses['db_name']);
$sql='DELETE FROM '.$tbl_chat_connected.' WHERE user_id='.$user_id.$extra_condition;
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
@ -55,15 +55,15 @@ function exit_of_chat ($user_id) {
*/
function user_connected_in_chat ($user_id,$database_name) {
$tbl_chat_connected = Database::get_course_chat_connected_table($database_name);
$group_id = intval($_SESSION['id_group']);
$session_id = intval($_SESSION['id_session']);
$extra_condition = '';
if (!empty($group_id)) $extra_condition = " AND to_group_id = '$group_id'";
else $extra_condition = api_get_session_condition($session_id);
$sql='SELECT COUNT(*) AS count FROM '.$tbl_chat_connected .' c WHERE user_id='.$user_id.$extra_condition;
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$count = Database::fetch_array($result,'ASSOC');
if (1==$count['count']) {
return true;
@ -76,9 +76,9 @@ function user_connected_in_chat ($user_id,$database_name) {
* @return void
*/
function disconnect_user_of_chat($database_name='') {
$list_info_user_in_chat = array();
if (!empty($database_name)) {
$list_info_user_in_chat = users_list_in_chat($database_name);
} else {
@ -91,7 +91,7 @@ function disconnect_user_of_chat($database_name='') {
$cdate_s = date('s',time());
$cd_count_time_seconds=$cdate_h*3600 + $cdate_m*60 + $cdate_s;
if (is_array($list_info_user_in_chat) && count($list_info_user_in_chat) > 0 ) {
foreach ($list_info_user_in_chat as $list_info_user) {
$date_db_date = date('Y-m-d',strtotime($list_info_user['last_connection']));
@ -102,19 +102,19 @@ function disconnect_user_of_chat($database_name='') {
if ($cd_date==$date_db_date) {
if (($cd_count_time_seconds - $date_count_time_seconds)>5) {
$tbl_chat_connected = Database::get_course_chat_connected_table();
$tbl_chat_connected = Database::get_course_chat_connected_table();
if (!empty($database_name)) {
$tbl_chat_connected = Database::get_course_chat_connected_table($database_name);
}
$sql='DELETE FROM '.$tbl_chat_connected.' WHERE user_id='.$list_info_user['user_id'];
//return $sql;
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
}
}
}
}
/**
* @param void
@ -127,9 +127,9 @@ function users_list_in_chat ($database_name = '') {
$session_id = intval($_SESSION['id_session']);
$extra_condition = '';
if (!empty($group_id)) $extra_condition = " WHERE to_group_id = '$group_id'";
else $extra_condition = api_get_session_condition($session_id,false);
$sql='SELECT user_id,last_connection FROM '.$tbl_chat_connected.$extra_condition;
$result=Database::query($sql,__FILE__,__LINE__);
else $extra_condition = api_get_session_condition($session_id,false);
$sql='SELECT user_id,last_connection FROM '.$tbl_chat_connected.$extra_condition;
$result=Database::query($sql);
while ($row = Database::fetch_array($result,'ASSOC')) {
$list_users_in_chat[]=$row;
}

16
main/chat/chat_hidden.php
Unescape View File

@ -44,7 +44,7 @@ $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_chat_connected = Database::get_course_chat_connected_table();
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);
@ -76,8 +76,8 @@ $documentPath=api_get_path(SYS_COURSE_PATH).$_course['path'].'/document';
if (!empty($group_id)) {
$group_info = GroupManager :: get_group_properties($group_id);
$chatPath=$documentPath.$group_info['directory'].'/chat_files/';
} else {
$chatPath=$documentPath.'/chat_files/';
} else {
$chatPath=$documentPath.'/chat_files/';
}
// get chat file
@ -87,7 +87,7 @@ if (!empty($group_id)) {
} else if (!empty($session_id)) {
$basename_chat = 'messages-'.$dateNow.'_sid-'.$session_id;
} else {
$basename_chat = 'messages-'.$dateNow;
$basename_chat = 'messages-'.$dateNow;
}
$chat_size_old=intval($_POST['chat_size_old']);
@ -104,10 +104,10 @@ if (Database::num_rows($result)==0) {
$query="UPDATE $tbl_chat_connected set last_connection='".$current_time."' WHERE user_id='".$_user['user_id']."' AND session_id='$session_id' AND to_group_id='$group_id'";
}
Database::query($query,__FILE__,__LINE__);
Database::query($query);
$query="SELECT COUNT(user_id) FROM $tbl_chat_connected WHERE last_connection>'".date('Y-m-d H:i:s',time()-60*5)."' $extra_condition";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
$connected_old=intval($_POST['connected_old']);
list($connected_new) = Database::fetch_row($result);
@ -143,12 +143,12 @@ if ($_SESSION["origin"] == 'whoisonline') { //check if our target has denied ou
$talk_to=$_SESSION["target"];
$track_user_table = Database::get_main_table(TABLE_MAIN_USER);
$sql="select chatcall_text from $track_user_table where ( user_id = $talk_to )";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
if ($row['chatcall_text'] == 'DENIED') {
echo "<script language=javascript> alert('".get_lang('ChatDenied')."'); </script>";
$sql="update $track_user_table set chatcall_user_id = '', chatcall_date = '', chatcall_text='' where (user_id = $talk_to)";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
}
}

4
main/chat/chat_message.php
Unescape View File

@ -110,7 +110,7 @@ if (!empty($course) && !empty($_user['user_id']))
==============================================================================
*/
$query="SELECT lastname, firstname, username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
list($pseudoUser)=Database::fetch_row($result);
@ -145,7 +145,7 @@ if (!empty($course) && !empty($_user['user_id']))
$doc_id = add_document($_course,$basepath_chat,'folder',0,'chat_files');
$sql = "INSERT INTO $TABLEITEMPROPERTY (tool,insert_user_id,insert_date,lastedit_date,ref,lastedit_type,lastedit_user_id,to_group_id,to_user_id,visibility)
VALUES ('document',1,NOW(),NOW(),$doc_id,'FolderCreated',1,$group_id,NULL,0)";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
}

32
main/chat/chat_whoisonline.php
Unescape View File

@ -59,8 +59,8 @@ if (!empty($course))
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$tbl_chat_connected = Database::get_course_table(CHAT_CONNECTED_TABLE,$_course['dbName']);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query,__FILE__,__LINE__);
$query="SELECT username FROM $tbl_user WHERE user_id='".$_user['user_id']."'";
$result=Database::query($query);
list($pseudoUser)=Database::fetch_array($result);
@ -73,15 +73,15 @@ if (!empty($course))
if(empty($session_id))
{
$query="SELECT DISTINCT t1.user_id,username,firstname,lastname,picture_uri,t3.status FROM $tbl_user t1,$tbl_chat_connected t2,$tbl_course_user t3 WHERE t1.user_id=t2.user_id AND t3.user_id=t2.user_id AND t3.course_code = '".$_course['sysCode']."' AND t2.last_connection>'".$date_inter."' $extra_condition ORDER BY username";
$result=Database::query($query,__FILE__,__LINE__);
$Users=Database::store_result($result);
$query="SELECT DISTINCT t1.user_id,username,firstname,lastname,picture_uri,t3.status FROM $tbl_user t1,$tbl_chat_connected t2,$tbl_course_user t3 WHERE t1.user_id=t2.user_id AND t3.user_id=t2.user_id AND t3.course_code = '".$_course['sysCode']."' AND t2.last_connection>'".$date_inter."' $extra_condition ORDER BY username";
$result=Database::query($query);
$Users=Database::store_result($result);
}
else
{
// select learners
$query="SELECT DISTINCT t1.user_id,username,firstname,lastname,picture_uri FROM $tbl_user t1,$tbl_chat_connected t2,$tbl_session_course_user t3 WHERE t1.user_id=t2.user_id AND t3.id_user=t2.user_id AND t3.id_session = '".$session_id."' AND t3.course_code = '".$_course['sysCode']."' AND t2.last_connection>'".$date_inter."' $extra_condition ORDER BY username";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
while($learner = Database::fetch_array($result))
{
$Users[$learner['user_id']] = $learner;
@ -89,23 +89,23 @@ if (!empty($course))
// select session coach
$query="SELECT DISTINCT t1.user_id,username,firstname,lastname,picture_uri FROM $tbl_user t1,$tbl_chat_connected t2,$tbl_session t3 WHERE t1.user_id=t2.user_id AND t3.id_coach=t2.user_id AND t3.id = '".$session_id."' AND t2.last_connection>'".$date_inter."' $extra_condition ORDER BY username";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
if($coach = Database::fetch_array($result))
$Users[$coach['user_id']] = $coach;
// select session course coach
$query="SELECT DISTINCT t1.user_id,username,firstname,lastname,picture_uri
FROM $tbl_user t1,$tbl_chat_connected t2,$tbl_session_course_user t3
WHERE t1.user_id=t2.user_id
AND t3.id_user=t2.user_id AND t3.status=2
AND t3.id_session = '".$session_id."'
AND t3.course_code = '".$_course['sysCode']."'
$query="SELECT DISTINCT t1.user_id,username,firstname,lastname,picture_uri
FROM $tbl_user t1,$tbl_chat_connected t2,$tbl_session_course_user t3
WHERE t1.user_id=t2.user_id
AND t3.id_user=t2.user_id AND t3.status=2
AND t3.id_session = '".$session_id."'
AND t3.course_code = '".$_course['sysCode']."'
AND t2.last_connection>'".$date_inter."' $extra_condition ORDER BY username";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
$course_coachs = array();
while ($coachs = Database::fetch_array($result)) {
//$course_coachs[] = $coachs['user_id'];
//$course_coachs[] = $coachs['user_id'];
$Users[$coachs['user_id']] = $coachs;
}
@ -121,7 +121,7 @@ if (!empty($course))
<?php
foreach($Users as $enreg)
{
if(empty($session_id))
{
$status=$enreg['status'];

14
main/course_home/2column.php
Unescape View File

@ -1,4 +1,4 @@
<?php
<?php
/* For licensing terms, see /chamilo_license.txt */
/**
==============================================================================
@ -55,7 +55,7 @@ if (api_is_allowed_to_edit(null,true)) {
elseif ($_GET["destroy"])
{
Database::query("UPDATE $tool_table SET visibility='2' WHERE id='".$_GET["id"]."'",__FILE__,__LINE__);
Database::query("UPDATE $tool_table SET visibility='2' WHERE id='".$_GET["id"]."'");
}
/*
@ -65,7 +65,7 @@ if (api_is_allowed_to_edit(null,true)) {
*/
elseif ($_GET["hide"]) // visibility 1 -> 0
{
Database::query("UPDATE $tool_table SET visibility=0 WHERE id='".$_GET["id"]."'",__FILE__,__LINE__);
Database::query("UPDATE $tool_table SET visibility=0 WHERE id='".$_GET["id"]."'");
Display::display_confirmation_message(get_lang('ToolIsNowHidden'));
}
@ -76,7 +76,7 @@ if (api_is_allowed_to_edit(null,true)) {
*/
elseif ($_GET["restore"]) // visibility 0,2 -> 1
{
Database::query("UPDATE $tool_table SET visibility=1 WHERE id='".$_GET["id"]."'",__FILE__,__LINE__);
Database::query("UPDATE $tool_table SET visibility=1 WHERE id='".$_GET["id"]."'");
Display::display_confirmation_message(get_lang('ToolIsNowVisible'));
}
}
@ -106,7 +106,7 @@ if (api_is_platform_admin())
elseif (isset($_GET["delete"]) && $_GET["delete"])
{
Database::query("DELETE FROM $tool_table WHERE id='$id' AND added_tool=1",__FILE__,__LINE__);
Database::query("DELETE FROM $tool_table WHERE id='$id' AND added_tool=1");
}
}
@ -153,9 +153,9 @@ if (api_is_allowed_to_edit(null,true) && !api_is_coach()) {
"<div style=\"margin-bottom: 10px;\"><font color=\"#808080\">\n",get_lang("InLnk"),"</font></div>",
"</td>\n",
"</tr>\n";
CourseHome::show_tool_2column(TOOL_PUBLIC_BUT_HIDDEN);
echo "</table>";
echo "</div> ";
}

2
main/course_home/3column.php
Unescape View File

@ -60,7 +60,7 @@ if (api_is_allowed_to_edit(null,true)) {
if($remove)
{
$sql = "SELECT * FROM $TBL_ACCUEIL WHERE id=$id";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$toolsRow = Database::fetch_array($result);
$tool_name = htmlspecialchars($toolsRow['name'] != "" ? $toolsRow['name'] : $toolsRow['link'],ENT_QUOTES,$charset);
if($toolsRow['img'] != "external.gif")

44
main/course_home/activity.php
Unescape View File

@ -1,4 +1,4 @@
<?php
<?php
/* For licensing terms, see /chamilo_license.txt */
/**
==============================================================================
@ -22,29 +22,29 @@ if(api_is_allowed_to_edit(null,true)) {
if(!empty($_GET['hide'])) // visibility 1 -> 0
{
/* -- session condition for visibility
if (!empty($session_id)) {
if (!empty($session_id)) {
$sql = "select session_id FROM $tool_table WHERE id='".intval($_GET["id"])."' AND session_id = '".intval($session_id)."'";
$rs = Database::query($sql,__FILE__,__LINE__);
if (Database::num_rows($rs) > 0) {
$rs = Database::query($sql);
if (Database::num_rows($rs) > 0) {
$sql="UPDATE $tool_table SET visibility=0 WHERE id='".intval($_GET["id"])."' AND session_id = '".intval($session_id)."'";
} else {
$sql_select = "select * FROM $tool_table WHERE id='".$_GET["id"]."'";
$res_select = Database::query($sql_select,__FILE__,__LINE__);
$row_select = Database::fetch_array($res_select);
$res_select = Database::query($sql_select);
$row_select = Database::fetch_array($res_select);
$sql = "INSERT INTO $tool_table(name,link,image,visibility,admin,address,added_tool,target,category,session_id)
VALUES('{$row_select['name']}','{$row_select['link']}','{$row_select['image']}','0','{$row_select['admin']}','{$row_select['address']}','{$row_select['added_tool']}','{$row_select['target']}','{$row_select['category']}','$session_id')";
}
} else {
}
} else {
$sql="UPDATE $tool_table SET visibility=0 WHERE id='".intval($_GET["id"])."'";
}*/
}*/
$sql="UPDATE $tool_table SET visibility=0 WHERE id='".intval($_GET["id"])."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
Display::display_confirmation_message(get_lang('ToolIsNowHidden'));
} elseif(!empty($_GET['restore'])) {
// visibility 0,2 -> 1
//REACTIVATE
$sql = "UPDATE $tool_table SET visibility=1 WHERE id='".intval($_GET["id"])."'";
Database::query($sql,__FILE__,__LINE__);
$sql = "UPDATE $tool_table SET visibility=1 WHERE id='".intval($_GET["id"])."'";
Database::query($sql);
Display::display_confirmation_message(get_lang('ToolIsNowVisible'));
}
}
@ -69,7 +69,7 @@ if (api_is_platform_admin()) {
elseif (isset($_GET["delete"]) && $_GET["delete"]) {
//where $id is set?
$id = intval($id);
Database::query("DELETE FROM $tool_table WHERE id='$id' AND added_tool=1",__FILE__,__LINE__);
Database::query("DELETE FROM $tool_table WHERE id='$id' AND added_tool=1");
}
}
@ -97,15 +97,15 @@ if(api_is_allowed_to_edit(null,true) && !api_is_coach()) {
?>
<div class="courseadminview" style="border:0px; margin-top: 0px;padding:5px 0px;">
<div class="normal-message" id="id_normal_message" style="display:none">
<?php
<div class="normal-message" id="id_normal_message" style="display:none">
<?php
echo '<img src="'.$server_protocol.$current_host.'/'.$path_work.'main/inc/lib/javascript/indicator.gif"/>'."&nbsp;&nbsp;";
echo get_lang('PleaseStandBy');
?>
</div>
<div class="confirmation-message" id="id_confirmation_message" style="display:none"></div>
</div>
<?php
if (api_get_setting('show_session_data') === 'true' && $id_session > 0) {
?>
@ -121,8 +121,8 @@ if(api_is_allowed_to_edit(null,true) && !api_is_coach()) {
<div class="courseadminview">
<span class="viewcaption"><?php echo get_lang("Authoring") ?></span>
<table width="100%">
<?php
$my_list = CourseHome::get_tools_category(TOOL_AUTHORING);
<?php
$my_list = CourseHome::get_tools_category(TOOL_AUTHORING);
CourseHome::show_tools_category($my_list);
?>
</table>
@ -130,8 +130,8 @@ if(api_is_allowed_to_edit(null,true) && !api_is_coach()) {
<div class="courseadminview">
<span class="viewcaption"><?php echo get_lang("Interaction") ?></span>
<table width="100%">
<?php
$my_list = CourseHome::get_tools_category(TOOL_INTERACTION);
<?php
$my_list = CourseHome::get_tools_category(TOOL_INTERACTION);
CourseHome::show_tools_category($my_list);
?>
</table>
@ -139,8 +139,8 @@ if(api_is_allowed_to_edit(null,true) && !api_is_coach()) {
<div class="courseadminview">
<span class="viewcaption"><?php echo get_lang("Administration") ?></span>
<table width="100%">
<?php
$my_list = CourseHome::get_tools_category(TOOL_ADMIN_PLATEFORM);
<?php
$my_list = CourseHome::get_tools_category(TOOL_ADMIN_PLATEFORM);
CourseHome::show_tools_category($my_list);
?>
</table>

Write Preview
Loading…
Cancel
Save