merge

15 years ago · e1a977ca54
parent 29f5f6afd3 07018bb839
commit e1a977ca54
7 changed files with 69 additions and 85 deletions
--- a/main/auth/inscription.php
+++ b/main/auth/inscription.php
@ -1,5 +1,5 @@
 <?php
-/* For licensing terms, see /dokeos_license.txt */
+/* For licensing terms, see /license.txt */
 /**
 ==============================================================================
 *	This script displays a form for registering new users.
@ -9,7 +9,7 @@
 // name of the language file that needs to be included
 $language_file = array('registration', 'admin');

-require '../inc/global.inc.php';
+require_once '../inc/global.inc.php';

 require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
 require_once api_get_path(LIBRARY_PATH).'usermanager.lib.php';
@ -572,8 +572,12 @@ if ($form->validate()) {
 		$action_url = "../create_course/add_course.php";
 		$button_text = get_lang('CourseCreate');
 	} else {
+		if (api_get_setting('allow_students_to_browse_courses') == 'true') 
+			$action_url = "courses.php?action=subscribe";
+		else 
+			$action_url = api_get_path(WEB_PATH).'user_portal.php';			
 		echo "<p>", get_lang('NowGoChooseYourCourses'), ".</p>\n";
-		$action_url = "courses.php?action=subscribe";
+		
 		$button_text = get_lang('Next');
 	}
 	// ?uidReset=true&uidReq=$_user['user_id']
--- a/main/coursecopy/classes/CourseBuilder.class.php
+++ b/main/coursecopy/classes/CourseBuilder.class.php
@ -1,5 +1,5 @@
 <?php
-/* For licensing terms, see /dokeos_license.txt */
+/* For licensing terms, see /license.txt */

 require_once 'Course.class.php';
 require_once 'Event.class.php';
@ -138,9 +138,9 @@ class CourseBuilder
 			$session_id = intval($session_id);

 			if (!empty($this->course->type) && $this->course->type=='partial') {
-        		$sql = 'SELECT * FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND path NOT LIKE \'/images/gallery%\' AND session_id = '.$session_id.' ORDER BY path';
+        		$sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND path NOT LIKE \'/images/gallery%\' AND session_id = '.$session_id.' ORDER BY path';
 			} else {
-	        	$sql = 'SELECT * FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND session_id = '.$session_id.' ORDER BY path';
+	        	$sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND session_id = '.$session_id.' ORDER BY path';
 			}

 			$db_result = Database::query($sql);
@ -155,9 +155,9 @@ class CourseBuilder
 			$table_prop = Database :: get_course_table(TABLE_ITEM_PROPERTY);

 			if (!empty($this->course->type) && $this->course->type=='partial')
-        	$sql = 'SELECT * FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND path  NOT LIKE \'/images/gallery%\' AND d.session_id = 0 ORDER BY path';
+        		$sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND path  NOT LIKE \'/images/gallery%\' AND d.session_id = 0 ORDER BY path';
 	        else
-	        	$sql = 'SELECT * FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND d.session_id = 0 ORDER BY path';
+	        	$sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size  FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND d.session_id = 0 ORDER BY path';

 			$db_result = Database::query($sql);
 			while ($obj = Database::fetch_object($db_result))
@ -240,11 +240,11 @@ class CourseBuilder
 			$table = Database :: get_course_table(TABLE_LINK,$course_info['dbName']);
 			$table_prop = Database :: get_course_table(TABLE_ITEM_PROPERTY,$course_info['dbName']);
 			$session_id = intval($session_id);
-			$sql = "SELECT * FROM $table l, $table_prop p WHERE p.ref=l.id AND p.tool = '".TOOL_LINK."' AND p.visibility != 2  AND session_id = '$session_id' ORDER BY l.display_order";
+			$sql = "SELECT  l.id, l.title, l.url, l.description, l.category_id, l.on_homepage  FROM $table l, $table_prop p WHERE p.ref=l.id AND p.tool = '".TOOL_LINK."' AND p.visibility != 2  AND session_id = '$session_id' ORDER BY l.display_order";
 		} else {
 			$table = Database :: get_course_table(TABLE_LINK);
 			$table_prop = Database :: get_course_table(TABLE_ITEM_PROPERTY);
-			$sql = "SELECT * FROM $table l, $table_prop p WHERE p.ref=l.id AND p.tool = '".TOOL_LINK."' AND p.visibility != 2 AND l.session_id = 0 ORDER BY l.display_order";
+			$sql = "SELECT l.id, l.title, l.url, l.description, l.category_id, l.on_homepage  FROM $table l, $table_prop p WHERE p.ref=l.id AND p.tool = '".TOOL_LINK."' AND p.visibility != 2 AND l.session_id = 0 ORDER BY l.display_order";
 		}

 		$db_result = Database::query($sql);
@ -568,34 +568,34 @@ class CourseBuilder
 			$db_items = Database::query($sql_items);
 			while ($obj_item = Database::fetch_object($db_items))
 			{
-				$item['id'] = $obj_item->id;
-				$item['item_type'] = $obj_item->item_type;
-				$item['ref'] = $obj_item->ref;
-				$item['title'] = $obj_item->title;
-				$item['description'] = $obj_item->description;
-				$item['path'] = $obj_item->path;
-				$item['min_score'] = $obj_item->min_score;
-				$item['max_score'] = $obj_item->max_score;
-				$item['mastery_score'] = $obj_item->mastery_score;
+				$item['id']				= $obj_item->id;
+				$item['item_type'] 		= $obj_item->item_type;
+				$item['ref'] 			= $obj_item->ref;
+				$item['title'] 			= $obj_item->title;
+				$item['description'] 	= $obj_item->description;
+				$item['path'] 			= $obj_item->path;
+				$item['min_score'] 		= $obj_item->min_score;
+				$item['max_score'] 		= $obj_item->max_score;
+				$item['mastery_score'] 	= $obj_item->mastery_score;
 				$item['parent_item_id'] = $obj_item->parent_item_id;
 				$item['previous_item_id'] = $obj_item->previous_item_id;
-				$item['next_item_id'] = $obj_item->next_item_id;
-				$item['display_order'] = $obj_item->display_order;
-				$item['prerequisite'] = $obj_item->prerequisite;
-				$item['parameters'] = $obj_item->parameters;
-				$item['launch_data'] = $obj_item->launch_data;
+				$item['next_item_id'] 	= $obj_item->next_item_id;
+				$item['display_order'] 	= $obj_item->display_order;
+				$item['prerequisite']	 = $obj_item->prerequisite;
+				$item['parameters'] 	= $obj_item->parameters;
+				$item['launch_data'] 	= $obj_item->launch_data;
+				//adding audio data
+				$item['audio'] 	= $obj_item->audio;
+				
 				$items[] = $item;
 			}

 			$sql_tool = "SELECT id FROM ".$table_tool." WHERE (link LIKE '%lp_controller.php%lp_id=".$obj->id."%' and image='scormbuilder.gif') AND visibility='1'";
 			$db_tool = Database::query($sql_tool);

-			if(Database::num_rows($db_tool))
-			{
+			if(Database::num_rows($db_tool)) {
 				$visibility='1';
-			}
-			else
-			{
+			} else {
 				$visibility='0';
 			}

--- a/main/coursecopy/classes/CourseRecycler.class.php
+++ b/main/coursecopy/classes/CourseRecycler.class.php
@ -56,10 +56,24 @@ class CourseRecycler
 		$table_tool_intro = Database::get_course_table(TABLE_TOOL_INTRO);
 		$table_linked_resources = Database :: get_course_table(TABLE_LINKED_RESOURCES);
 		$table_item_properties = Database::get_course_table(TABLE_ITEM_PROPERTY);
-		foreach ($this->course->resources as $type => $resources)
-		{
-			foreach ($resources as $id => $resource)
-			{
+		
+		$this->recycle_links();
+		$this->recycle_link_categories();
+		$this->recycle_events();
+		$this->recycle_announcements();
+		$this->recycle_documents();		
+		$this->recycle_forums(); //@todo does not work yet
+		$this->recycle_forum_categories();
+		$this->recycle_quizzes();
+		$this->recycle_surveys();
+		$this->recycle_learnpaths();
+		$this->recycle_cours_description();
+		$this->recycle_wiki();
+		$this->recycle_glossary();
+		
+		
+		foreach ($this->course->resources as $type => $resources) {			
+			foreach ($resources as $id => $resource) {
 				$sql = "DELETE FROM ".$table_linked_resources." WHERE (source_type = '".$type."' AND source_id = '".$id."') OR (resource_type = '".$type."' AND resource_id = '".$id."')  ";
 				Database::query($sql);
 				if(is_numeric($id))
@ -74,19 +88,7 @@ class CourseRecycler
 				}
 			}
 		}
-		$this->recycle_links();
-		$this->recycle_link_categories();
-		$this->recycle_events();
-		$this->recycle_announcements();
-		$this->recycle_documents();
-		$this->recycle_forums();
-		$this->recycle_forum_categories();
-		$this->recycle_quizzes();
-		$this->recycle_surveys();
-		$this->recycle_learnpaths();
-		$this->recycle_cours_description();
-		$this->recycle_wiki();
-		$this->recycle_glossary();
+
 	}
 	/**
 	 * Delete documents
--- a/main/coursecopy/classes/CourseRestorer.class.php
+++ b/main/coursecopy/classes/CourseRestorer.class.php
@ -372,9 +372,8 @@ class CourseRestorer
 									break;

 						} // end switch
-					} // end if file exists
-					else
-					{
+					} else { // end if file exists
+					
 						//make sure the source file actually exists
 						//echo $this->course->backup_path.'/'.$document->path;
 						if(is_file($this->course->backup_path.'/'.$document->path) && is_readable($this->course->backup_path.'/'.$document->path) && is_dir(dirname($path.$document->path)) && is_writeable(dirname($path.$document->path)))
@ -1175,8 +1174,8 @@ class CourseRestorer
 	function restore_learnpaths($session_id = 0)
 	{
 		if ($this->course->has_resources(RESOURCE_LEARNPATH)) {
-			$table_main 	= Database :: get_course_table(TABLE_LP_MAIN, $this->course->destination_db);
-			$table_item 	= Database :: get_course_table(TABLE_LP_ITEM, $this->course->destination_db);
+			$table_main 	= Database::get_course_table(TABLE_LP_MAIN, $this->course->destination_db);
+			$table_item 	= Database::get_course_table(TABLE_LP_ITEM, $this->course->destination_db);
 			$table_tool 	= Database::get_course_table(TABLE_TOOL_LIST, $this->course->destination_db);

 			$resources = $this->course->resources;
@ -1201,7 +1200,7 @@ class CourseRestorer
 								"prevent_reinit = '".Database::escape_string($lp->prevent_reinit)."', " .
 								"force_commit = '".Database::escape_string($lp->force_commit)."', " .
 								"content_maker = '".Database::escape_string($lp->content_maker)."', " .
-								"display_order = '".Database::escape_string($lp->display_order)."', " .
+								"display_order = '".Database::escape_string($lp->display_order)."', " .								
 								"js_lib= '".Database::escape_string($lp->js_lib)."', " .
 								"content_license= '".Database::escape_string($lp->content_license)."', " .
 								"debug= '".Database::escape_string($lp->debug)."' $condition_session ";
@ -1270,6 +1269,7 @@ class CourseRestorer
 							"display_order = '".Database::escape_string($item['display_order'])."', " .
 							"prerequisite = '".Database::escape_string($item['prerequisite'])."', " .
 							"parameters='".Database::escape_string($item['parameters'])."', " .
+							"audio='".Database::escape_string($item['audio'])."', " .
 							"launch_data = '".Database::escape_string($item['launch_dataprereq_type'])."'";

 					Database::query($sql);
--- a/main/coursecopy/classes/CourseSelectForm.class.php
+++ b/main/coursecopy/classes/CourseSelectForm.class.php
@ -1,29 +1,6 @@
 <?php
 // $Id: CourseSelectForm.class.php 22200 2009-07-17 19:47:58Z iflorespaz $
-/*
-==============================================================================
-	Dokeos - elearning and course management software
-
-	Copyright (c) 2004-2008 Dokeos SPRL
-	Copyright (c) 2003 Ghent University (UGent)
-	Copyright (c) 2001 Universite catholique de Louvain (UCL)
-	Copyright (c) Bart Mollet (bart.mollet@hogent.be)
-
-	For a full list of contributors, see "credits.txt".
-	The full license can be read in "license.txt".
-
-	This program is free software; you can redistribute it and/or
-	modify it under the terms of the GNU General Public License
-	as published by the Free Software Foundation; either version 2
-	of the License, or (at your option) any later version.
-
-	See the GNU General Public License for more details.
-
-	Contact address: Dokeos, rue du Corbeau, 108, B-1030 Brussels, Belgium
-	Mail: info@dokeos.com
-==============================================================================
-*/
-
+/* For licensing terms, see /license.txt */
 require_once 'Course.class.php';

 /**
@ -252,7 +229,7 @@ class CourseSelectForm
 						$condition_session = ' AND d.session_id ='.$session_id;
 					}

-					$sql = 'SELECT * FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND id = '.$resource_item.$condition_session.' ORDER BY path';
+					$sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size  FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND d.id = '.$resource_item.$condition_session.' ORDER BY path';
 					$db_result = Database::query($sql);
 					while ($obj = Database::fetch_object($db_result)) {
 						$doc = new Document($obj->id, $obj->path, $obj->comment, $obj->title, $obj->filetype, $obj->size);
--- a/main/newscorm/learnpath.class.php
+++ b/main/newscorm/learnpath.class.php
@ -4710,9 +4710,10 @@ class learnpath {
 				}
 			} else {
 				if ($arrLP[$i]['item_type'] != 'dokeos_chapter' && $arrLP[$i]['item_type'] != 'dokeos_module' && $arrLP[$i]['item_type'] != 'dir') {
+					
 					$return .= ' <input type="file" name="mp3file' . $arrLP[$i]['id'] . '" id="mp3file" />';
 					if (!empty ($arrLP[$i]['audio'])) {
-						$return .= '<br /><input type="checkbox" name="removemp3' . $arrLP[$i]['id'] . '" id="checkbox' . $arrLP[$i]['id'] . '" />' . get_lang('RemoveAudio');
+						$return .= '<br />'.Security::remove_XSS($arrLP[$i]['audio']).'<input type="checkbox" name="removemp3' . $arrLP[$i]['id'] . '" id="checkbox' . $arrLP[$i]['id'] . '" />' . get_lang('RemoveAudio');
 					}
 				}
 			}
--- a/main/work/work.lib.php
+++ b/main/work/work.lib.php
@ -223,13 +223,13 @@ function display_studentsdelete_form()
 function display_user_link_work($user_id, $name='')
 {
 	global $_otherusers;
-
-	if ($user_id<>0) {
-
+	$user_id = intval($user_id);
+	
+	if ($user_id <> 0) {
 		$table_user = Database::get_main_table(TABLE_MAIN_USER);
-		$sql="SELECT * FROM $table_user WHERE user_id='".Database::escape_string($user_id)."'";
-		$result=Database::query($sql);
-		$row=Database::fetch_array($result);
+		$sql	= "SELECT user_id, firstname, lastname  FROM $table_user WHERE user_id='".Database::escape_string($user_id)."'";
+		$result	= Database::query($sql);
+		$row	= Database::fetch_array($result);
 		if ($name=='') {
 			return "<a href=\"../user/userInfo.php?cidReq=".api_get_course_id()."&gradebook=$gradebook&origin=&uInfo=".$row['user_id']."\">".api_get_person_name($row['firstname'], $row['lastname'])."</a>";
 		} else {
@ -359,7 +359,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou

 	} else {
 		if (!empty($_SESSION['toolgroup'])) {
-			$group_query = " WHERE post_group_id = '".$_SESSION['toolgroup']."' "; // set to select only messages posted by the user's group
+			$group_query = " WHERE post_group_id = '".intval($_SESSION['toolgroup'])."' "; // set to select only messages posted by the user's group
 			$subdirs_query = "AND url NOT LIKE BINARY '$sub_course_dir%/%' AND url LIKE BINARY '$sub_course_dir%'";
 		} else {
 			$group_query = " WHERE post_group_id = '0' ";