diff --git a/main/auth/inscription.php b/main/auth/inscription.php index 30292e63bd..2842f74d10 100755 --- a/main/auth/inscription.php +++ b/main/auth/inscription.php @@ -1,5 +1,5 @@ validate()) { $action_url = "../create_course/add_course.php"; $button_text = get_lang('CourseCreate'); } else { + if (api_get_setting('allow_students_to_browse_courses') == 'true') + $action_url = "courses.php?action=subscribe"; + else + $action_url = api_get_path(WEB_PATH).'user_portal.php'; echo "

", get_lang('NowGoChooseYourCourses'), ".

\n"; - $action_url = "courses.php?action=subscribe"; + $button_text = get_lang('Next'); } // ?uidReset=true&uidReq=$_user['user_id'] diff --git a/main/coursecopy/classes/CourseBuilder.class.php b/main/coursecopy/classes/CourseBuilder.class.php index 24447921ca..b21e4a5064 100755 --- a/main/coursecopy/classes/CourseBuilder.class.php +++ b/main/coursecopy/classes/CourseBuilder.class.php @@ -1,5 +1,5 @@ course->type) && $this->course->type=='partial') { - $sql = 'SELECT * FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND path NOT LIKE \'/images/gallery%\' AND session_id = '.$session_id.' ORDER BY path'; + $sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND path NOT LIKE \'/images/gallery%\' AND session_id = '.$session_id.' ORDER BY path'; } else { - $sql = 'SELECT * FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND session_id = '.$session_id.' ORDER BY path'; + $sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND session_id = '.$session_id.' ORDER BY path'; } $db_result = Database::query($sql); @@ -155,9 +155,9 @@ class CourseBuilder $table_prop = Database :: get_course_table(TABLE_ITEM_PROPERTY); if (!empty($this->course->type) && $this->course->type=='partial') - $sql = 'SELECT * FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND path NOT LIKE \'/images/gallery%\' AND d.session_id = 0 ORDER BY path'; + $sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND path NOT LIKE \'/images/gallery%\' AND d.session_id = 0 ORDER BY path'; else - $sql = 'SELECT * FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND d.session_id = 0 ORDER BY path'; + $sql = 'SELECT d.id, d.path, d.comment, d.title, d.filetype, d.size FROM '.$table_doc.' d, '.$table_prop.' p WHERE tool = \''.TOOL_DOCUMENT.'\' AND p.ref = d.id AND p.visibility != 2 AND d.session_id = 0 ORDER BY path'; $db_result = Database::query($sql); while ($obj = Database::fetch_object($db_result)) @@ -240,11 +240,11 @@ class CourseBuilder $table = Database :: get_course_table(TABLE_LINK,$course_info['dbName']); $table_prop = Database :: get_course_table(TABLE_ITEM_PROPERTY,$course_info['dbName']); $session_id = intval($session_id); - $sql = "SELECT * FROM $table l, $table_prop p WHERE p.ref=l.id AND p.tool = '".TOOL_LINK."' AND p.visibility != 2 AND session_id = '$session_id' ORDER BY l.display_order"; + $sql = "SELECT l.id, l.title, l.url, l.description, l.category_id, l.on_homepage FROM $table l, $table_prop p WHERE p.ref=l.id AND p.tool = '".TOOL_LINK."' AND p.visibility != 2 AND session_id = '$session_id' ORDER BY l.display_order"; } else { $table = Database :: get_course_table(TABLE_LINK); $table_prop = Database :: get_course_table(TABLE_ITEM_PROPERTY); - $sql = "SELECT * FROM $table l, $table_prop p WHERE p.ref=l.id AND p.tool = '".TOOL_LINK."' AND p.visibility != 2 AND l.session_id = 0 ORDER BY l.display_order"; + $sql = "SELECT l.id, l.title, l.url, l.description, l.category_id, l.on_homepage FROM $table l, $table_prop p WHERE p.ref=l.id AND p.tool = '".TOOL_LINK."' AND p.visibility != 2 AND l.session_id = 0 ORDER BY l.display_order"; } $db_result = Database::query($sql); @@ -568,34 +568,34 @@ class CourseBuilder $db_items = Database::query($sql_items); while ($obj_item = Database::fetch_object($db_items)) { - $item['id'] = $obj_item->id; - $item['item_type'] = $obj_item->item_type; - $item['ref'] = $obj_item->ref; - $item['title'] = $obj_item->title; - $item['description'] = $obj_item->description; - $item['path'] = $obj_item->path; - $item['min_score'] = $obj_item->min_score; - $item['max_score'] = $obj_item->max_score; - $item['mastery_score'] = $obj_item->mastery_score; + $item['id'] = $obj_item->id; + $item['item_type'] = $obj_item->item_type; + $item['ref'] = $obj_item->ref; + $item['title'] = $obj_item->title; + $item['description'] = $obj_item->description; + $item['path'] = $obj_item->path; + $item['min_score'] = $obj_item->min_score; + $item['max_score'] = $obj_item->max_score; + $item['mastery_score'] = $obj_item->mastery_score; $item['parent_item_id'] = $obj_item->parent_item_id; $item['previous_item_id'] = $obj_item->previous_item_id; - $item['next_item_id'] = $obj_item->next_item_id; - $item['display_order'] = $obj_item->display_order; - $item['prerequisite'] = $obj_item->prerequisite; - $item['parameters'] = $obj_item->parameters; - $item['launch_data'] = $obj_item->launch_data; + $item['next_item_id'] = $obj_item->next_item_id; + $item['display_order'] = $obj_item->display_order; + $item['prerequisite'] = $obj_item->prerequisite; + $item['parameters'] = $obj_item->parameters; + $item['launch_data'] = $obj_item->launch_data; + //adding audio data + $item['audio'] = $obj_item->audio; + $items[] = $item; } $sql_tool = "SELECT id FROM ".$table_tool." WHERE (link LIKE '%lp_controller.php%lp_id=".$obj->id."%' and image='scormbuilder.gif') AND visibility='1'"; $db_tool = Database::query($sql_tool); - if(Database::num_rows($db_tool)) - { + if(Database::num_rows($db_tool)) { $visibility='1'; - } - else - { + } else { $visibility='0'; } diff --git a/main/coursecopy/classes/CourseRecycler.class.php b/main/coursecopy/classes/CourseRecycler.class.php index 306c8b8937..36f80a9643 100755 --- a/main/coursecopy/classes/CourseRecycler.class.php +++ b/main/coursecopy/classes/CourseRecycler.class.php @@ -56,10 +56,24 @@ class CourseRecycler $table_tool_intro = Database::get_course_table(TABLE_TOOL_INTRO); $table_linked_resources = Database :: get_course_table(TABLE_LINKED_RESOURCES); $table_item_properties = Database::get_course_table(TABLE_ITEM_PROPERTY); - foreach ($this->course->resources as $type => $resources) - { - foreach ($resources as $id => $resource) - { + + $this->recycle_links(); + $this->recycle_link_categories(); + $this->recycle_events(); + $this->recycle_announcements(); + $this->recycle_documents(); + $this->recycle_forums(); //@todo does not work yet + $this->recycle_forum_categories(); + $this->recycle_quizzes(); + $this->recycle_surveys(); + $this->recycle_learnpaths(); + $this->recycle_cours_description(); + $this->recycle_wiki(); + $this->recycle_glossary(); + + + foreach ($this->course->resources as $type => $resources) { + foreach ($resources as $id => $resource) { $sql = "DELETE FROM ".$table_linked_resources." WHERE (source_type = '".$type."' AND source_id = '".$id."') OR (resource_type = '".$type."' AND resource_id = '".$id."') "; Database::query($sql); if(is_numeric($id)) @@ -74,19 +88,7 @@ class CourseRecycler } } } - $this->recycle_links(); - $this->recycle_link_categories(); - $this->recycle_events(); - $this->recycle_announcements(); - $this->recycle_documents(); - $this->recycle_forums(); - $this->recycle_forum_categories(); - $this->recycle_quizzes(); - $this->recycle_surveys(); - $this->recycle_learnpaths(); - $this->recycle_cours_description(); - $this->recycle_wiki(); - $this->recycle_glossary(); + } /** * Delete documents diff --git a/main/coursecopy/classes/CourseRestorer.class.php b/main/coursecopy/classes/CourseRestorer.class.php index 656cecb5d3..e2faccf6d8 100755 --- a/main/coursecopy/classes/CourseRestorer.class.php +++ b/main/coursecopy/classes/CourseRestorer.class.php @@ -372,9 +372,8 @@ class CourseRestorer break; } // end switch - } // end if file exists - else - { + } else { // end if file exists + //make sure the source file actually exists //echo $this->course->backup_path.'/'.$document->path; if(is_file($this->course->backup_path.'/'.$document->path) && is_readable($this->course->backup_path.'/'.$document->path) && is_dir(dirname($path.$document->path)) && is_writeable(dirname($path.$document->path))) @@ -1175,8 +1174,8 @@ class CourseRestorer function restore_learnpaths($session_id = 0) { if ($this->course->has_resources(RESOURCE_LEARNPATH)) { - $table_main = Database :: get_course_table(TABLE_LP_MAIN, $this->course->destination_db); - $table_item = Database :: get_course_table(TABLE_LP_ITEM, $this->course->destination_db); + $table_main = Database::get_course_table(TABLE_LP_MAIN, $this->course->destination_db); + $table_item = Database::get_course_table(TABLE_LP_ITEM, $this->course->destination_db); $table_tool = Database::get_course_table(TABLE_TOOL_LIST, $this->course->destination_db); $resources = $this->course->resources; @@ -1201,7 +1200,7 @@ class CourseRestorer "prevent_reinit = '".Database::escape_string($lp->prevent_reinit)."', " . "force_commit = '".Database::escape_string($lp->force_commit)."', " . "content_maker = '".Database::escape_string($lp->content_maker)."', " . - "display_order = '".Database::escape_string($lp->display_order)."', " . + "display_order = '".Database::escape_string($lp->display_order)."', " . "js_lib= '".Database::escape_string($lp->js_lib)."', " . "content_license= '".Database::escape_string($lp->content_license)."', " . "debug= '".Database::escape_string($lp->debug)."' $condition_session "; @@ -1270,6 +1269,7 @@ class CourseRestorer "display_order = '".Database::escape_string($item['display_order'])."', " . "prerequisite = '".Database::escape_string($item['prerequisite'])."', " . "parameters='".Database::escape_string($item['parameters'])."', " . + "audio='".Database::escape_string($item['audio'])."', " . "launch_data = '".Database::escape_string($item['launch_dataprereq_type'])."'"; Database::query($sql); diff --git a/main/coursecopy/classes/CourseSelectForm.class.php b/main/coursecopy/classes/CourseSelectForm.class.php index 63151804ef..6bb26ed1b5 100755 --- a/main/coursecopy/classes/CourseSelectForm.class.php +++ b/main/coursecopy/classes/CourseSelectForm.class.php @@ -1,29 +1,6 @@ id, $obj->path, $obj->comment, $obj->title, $obj->filetype, $obj->size); diff --git a/main/newscorm/learnpath.class.php b/main/newscorm/learnpath.class.php index e755f5cf4d..b444d431a4 100755 --- a/main/newscorm/learnpath.class.php +++ b/main/newscorm/learnpath.class.php @@ -4710,9 +4710,10 @@ class learnpath { } } else { if ($arrLP[$i]['item_type'] != 'dokeos_chapter' && $arrLP[$i]['item_type'] != 'dokeos_module' && $arrLP[$i]['item_type'] != 'dir') { + $return .= ' '; if (!empty ($arrLP[$i]['audio'])) { - $return .= '
' . get_lang('RemoveAudio'); + $return .= '
'.Security::remove_XSS($arrLP[$i]['audio']).'' . get_lang('RemoveAudio'); } } } diff --git a/main/work/work.lib.php b/main/work/work.lib.php index 0d9401b5d5..440e893e4c 100755 --- a/main/work/work.lib.php +++ b/main/work/work.lib.php @@ -223,13 +223,13 @@ function display_studentsdelete_form() function display_user_link_work($user_id, $name='') { global $_otherusers; - - if ($user_id<>0) { - + $user_id = intval($user_id); + + if ($user_id <> 0) { $table_user = Database::get_main_table(TABLE_MAIN_USER); - $sql="SELECT * FROM $table_user WHERE user_id='".Database::escape_string($user_id)."'"; - $result=Database::query($sql); - $row=Database::fetch_array($result); + $sql = "SELECT user_id, firstname, lastname FROM $table_user WHERE user_id='".Database::escape_string($user_id)."'"; + $result = Database::query($sql); + $row = Database::fetch_array($result); if ($name=='') { return "".api_get_person_name($row['firstname'], $row['lastname']).""; } else { @@ -359,7 +359,7 @@ function display_student_publications_list($work_dir,$sub_course_dir,$currentCou } else { if (!empty($_SESSION['toolgroup'])) { - $group_query = " WHERE post_group_id = '".$_SESSION['toolgroup']."' "; // set to select only messages posted by the user's group + $group_query = " WHERE post_group_id = '".intval($_SESSION['toolgroup'])."' "; // set to select only messages posted by the user's group $subdirs_query = "AND url NOT LIKE BINARY '$sub_course_dir%/%' AND url LIKE BINARY '$sub_course_dir%'"; } else { $group_query = " WHERE post_group_id = '0' ";