chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Format code, fix PHP warning, add/fix docs

Browse Source
1.10.x
Julio Montoya 10 years ago
parent 39503d9ad0
commit e326572e46
16 changed files with 627 additions and 613 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 73
      main/inc/lib/AnnouncementManager.php
  2. 44
      main/inc/lib/agenda.lib.php
  3. 62
      main/inc/lib/attendance.lib.php
  4. 4
      main/inc/lib/auth.lib.php
  5. 339
      main/inc/lib/blog.lib.php
  6. 2
      main/inc/lib/certificate.lib.php
  7. 3
      main/inc/lib/course_description.lib.php
  8. 6
      main/inc/lib/course_home.lib.php
  9. 7
      main/inc/lib/course_request.lib.php
  10. 458
      main/inc/lib/dashboard.lib.php
  11. 14
      main/inc/lib/event_email_template.class.php
  12. 58
      main/inc/lib/exercise_show_functions.lib.php
  13. 58
      main/inc/lib/export.lib.inc.php
  14. 2
      main/inc/lib/redirect.class.php
  15. 29
      main/newscorm/learnpath.class.php
  16. 77
      main/permissions/blog_permissions.inc.php

73
main/inc/lib/AnnouncementManager.php
Unescape View File

@ -194,52 +194,52 @@ class AnnouncementManager
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
if (api_is_allowed_to_edit(false, true) || (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) { if (api_is_allowed_to_edit(false, true) || (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {
$sql_query = " SELECT announcement.*, toolitemproperties.* $sql = "SELECT announcement.*, toolitemproperties.*
FROM $tbl_announcement announcement, $tbl_item_property toolitemproperties FROM $tbl_announcement announcement, $tbl_item_property toolitemproperties
WHERE WHERE
announcement.id = toolitemproperties.ref AND announcement.id = toolitemproperties.ref AND
announcement.id = '$announcement_id' AND announcement.id = '$announcement_id' AND
toolitemproperties.tool='announcement' AND toolitemproperties.tool='announcement' AND
announcement.c_id = $course_id AND announcement.c_id = $course_id AND
toolitemproperties.c_id = $course_id toolitemproperties.c_id = $course_id
ORDER BY display_order DESC"; ORDER BY display_order DESC";
} else { } else {
$group_list = GroupManager::get_group_ids($course_id, api_get_user_id()); $group_list = GroupManager::get_group_ids($course_id, api_get_user_id());
if (empty($group_list)) { if (empty($group_list)) {
$group_list[] = 0; $group_list[] = 0;
} }
if (api_get_user_id() != 0) { if (api_get_user_id() != 0) {
$sql_query = " SELECT announcement.*, toolitemproperties.* $sql = "SELECT announcement.*, toolitemproperties.*
FROM $tbl_announcement announcement, $tbl_item_property toolitemproperties FROM $tbl_announcement announcement, $tbl_item_property toolitemproperties
WHERE WHERE
announcement.id = toolitemproperties.ref AND announcement.id = toolitemproperties.ref AND
announcement.id = '$announcement_id' AND announcement.id = '$announcement_id' AND
toolitemproperties.tool='announcement' AND toolitemproperties.tool='announcement' AND
( (
toolitemproperties.to_user_id='" . api_get_user_id() . "' OR toolitemproperties.to_user_id='" . api_get_user_id() . "' OR
toolitemproperties.to_group_id IN ('0', '" . implode("', '", $group_list) . "') OR toolitemproperties.to_group_id IN ('0', '" . implode("', '", $group_list) . "') OR
toolitemproperties.to_group_id IS NULL toolitemproperties.to_group_id IS NULL
) AND ) AND
toolitemproperties.visibility='1' AND toolitemproperties.visibility='1' AND
announcement.c_id = $course_id AND announcement.c_id = $course_id AND
toolitemproperties.c_id = $course_id toolitemproperties.c_id = $course_id
ORDER BY display_order DESC"; ORDER BY display_order DESC";
} else { } else {
$sql_query = " SELECT announcement.*, toolitemproperties.* $sql = "SELECT announcement.*, toolitemproperties.*
FROM $tbl_announcement announcement, $tbl_item_property toolitemproperties FROM $tbl_announcement announcement, $tbl_item_property toolitemproperties
WHERE WHERE
announcement.id = toolitemproperties.ref AND announcement.id = toolitemproperties.ref AND
announcement.id = '$announcement_id' AND announcement.id = '$announcement_id' AND
toolitemproperties.tool='announcement' AND toolitemproperties.tool='announcement' AND
(toolitemproperties.to_group_id='0' OR toolitemproperties.to_group_id IS NULL) AND (toolitemproperties.to_group_id='0' OR toolitemproperties.to_group_id IS NULL) AND
toolitemproperties.visibility='1' AND toolitemproperties.visibility='1' AND
announcement.c_id = $course_id AND announcement.c_id = $course_id AND
toolitemproperties.c_id = $course_id toolitemproperties.c_id = $course_id
"; ";
} }
} }
$sql_result = Database::query($sql_query); $sql_result = Database::query($sql);
$html = null; $html = null;
if (Database::num_rows($sql_result) > 0) { if (Database::num_rows($sql_result) > 0) {
$result = Database::fetch_array($sql_result, 'ASSOC'); $result = Database::fetch_array($sql_result, 'ASSOC');
@ -312,6 +312,7 @@ class AnnouncementManager
$html .= '</td></tr>'; $html .= '</td></tr>';
} }
$html .= "</table>"; $html .= "</table>";
return $html; return $html;
} }

44
main/inc/lib/agenda.lib.php
Unescape View File

@ -522,7 +522,8 @@ class Agenda
// Get the agenda item. // Get the agenda item.
$item_id = intval($item_id); $item_id = intval($item_id);
$sql = "SELECT * FROM $table_agenda WHERE c_id = $course_id AND id = ".$item_id; $sql = "SELECT * FROM $table_agenda
WHERE c_id = $course_id AND id = ".$item_id;
$res = Database::query($sql); $res = Database::query($sql);
if (Database::num_rows($res) > 0) { if (Database::num_rows($res) > 0) {
@ -538,9 +539,11 @@ class Agenda
$row['end_date'] $row['end_date']
); );
AnnouncementManager::send_email($id); AnnouncementManager::send_email($id);
return $id;
} }
return $id;
} }
return -1; return -1;
} }
@ -1088,17 +1091,20 @@ class Agenda
if (!empty($event)) { if (!empty($event)) {
switch ($this->type) { switch ($this->type) {
case 'personal': case 'personal':
$sql = "UPDATE $this->tbl_personal_agenda SET all_day = 0, enddate = DATE_ADD(enddate, INTERVAL $delta MINUTE) $sql = "UPDATE $this->tbl_personal_agenda SET
all_day = 0, enddate = DATE_ADD(enddate, INTERVAL $delta MINUTE)
WHERE id=".intval($id); WHERE id=".intval($id);
Database::query($sql); Database::query($sql);
break; break;
case 'course': case 'course':
$sql = "UPDATE $this->tbl_course_agenda SET all_day = 0, end_date = DATE_ADD(end_date, INTERVAL $delta MINUTE) $sql = "UPDATE $this->tbl_course_agenda SET
all_day = 0, end_date = DATE_ADD(end_date, INTERVAL $delta MINUTE)
WHERE c_id = ".$this->course['real_id']." AND id=".intval($id); WHERE c_id = ".$this->course['real_id']." AND id=".intval($id);
Database::query($sql); Database::query($sql);
break; break;
case 'admin': case 'admin':
$sql = "UPDATE $this->tbl_global_agenda SET all_day = 0, end_date = DATE_ADD(end_date, INTERVAL $delta MINUTE) $sql = "UPDATE $this->tbl_global_agenda SET
all_day = 0, end_date = DATE_ADD(end_date, INTERVAL $delta MINUTE)
WHERE id=".intval($id); WHERE id=".intval($id);
Database::query($sql); Database::query($sql);
break; break;
@ -1129,19 +1135,26 @@ class Agenda
if (!empty($event)) { if (!empty($event)) {
switch ($this->type) { switch ($this->type) {
case 'personal': case 'personal':
$sql = "UPDATE $this->tbl_personal_agenda SET all_day = $allDay, date = DATE_ADD(date, INTERVAL $delta MINUTE), enddate = DATE_ADD(enddate, INTERVAL $delta MINUTE) $sql = "UPDATE $this->tbl_personal_agenda SET
all_day = $allDay, date = DATE_ADD(date, INTERVAL $delta MINUTE),
enddate = DATE_ADD(enddate, INTERVAL $delta MINUTE)
WHERE id=".intval($id); WHERE id=".intval($id);
$result = Database::query($sql); Database::query($sql);
break; break;
case 'course': case 'course':
$sql = "UPDATE $this->tbl_course_agenda SET all_day = $allDay, start_date = DATE_ADD(start_date,INTERVAL $delta MINUTE), end_date = DATE_ADD(end_date, INTERVAL $delta MINUTE) $sql = "UPDATE $this->tbl_course_agenda SET
all_day = $allDay, start_date = DATE_ADD(start_date,INTERVAL $delta MINUTE),
end_date = DATE_ADD(end_date, INTERVAL $delta MINUTE)
WHERE c_id = ".$this->course['real_id']." AND id=".intval($id); WHERE c_id = ".$this->course['real_id']." AND id=".intval($id);
$result = Database::query($sql); Database::query($sql);
break; break;
case 'admin': case 'admin':
$sql = "UPDATE $this->tbl_global_agenda SET all_day = $allDay, start_date = DATE_ADD(start_date,INTERVAL $delta MINUTE), end_date = DATE_ADD(end_date, INTERVAL $delta MINUTE) $sql = "UPDATE $this->tbl_global_agenda SET
all_day = $allDay,
start_date = DATE_ADD(start_date,INTERVAL $delta MINUTE),
end_date = DATE_ADD(end_date, INTERVAL $delta MINUTE)
WHERE id=".intval($id); WHERE id=".intval($id);
$result = Database::query($sql); Database::query($sql);
break; break;
} }
} }
@ -2549,12 +2562,17 @@ class Agenda
} }
} }
$actionsRight = '';
if ($view == 'calendar') { if ($view == 'calendar') {
$actionsRight .= $form; $actionsRight .= $form;
} }
$toolbar = Display::toolbarAction('toolbar-agenda', array( 0 => $actionsLeft, 1 => $actionsRight), 2, false); $toolbar = Display::toolbarAction(
'toolbar-agenda',
array(0 => $actionsLeft, 1 => $actionsRight),
2,
false
);
return $toolbar; return $toolbar;
} }

62
main/inc/lib/attendance.lib.php
Unescape View File

@ -56,40 +56,39 @@ class Attendance
return $obj->total_number_of_items; return $obj->total_number_of_items;
} }
/** /**
* Get attendance list only the id, name and attendance_qualify_max fields * Get attendance list only the id, name and attendance_qualify_max fields
* @param string course db name (optional) * @param string course db name (optional)
* @param int session id (optional) * @param int session id (optional)
* @return array attendances list * @return array attendances list
*/ */
public function get_attendances_list($course_id = '', $session_id = null) public function get_attendances_list($course_id = '', $session_id = null)
{ {
// Initializing database table and variables $tbl_attendance = Database :: get_course_table(TABLE_ATTENDANCE);
$tbl_attendance = Database :: get_course_table(TABLE_ATTENDANCE); $data = array();
$data = array();
if (empty($course_id)) {
$course_id = api_get_course_int_id();
} else {
$course_id = intval($course_id);
}
$session_id = isset($session_id)?intval($session_id):api_get_session_id(); if (empty($course_id)) {
$condition_session = api_get_session_condition($session_id); $course_id = api_get_course_int_id();
} else {
$course_id = intval($course_id);
}
// Get attendance data $session_id = isset($session_id)?intval($session_id):api_get_session_id();
$sql = "SELECT id, name, attendance_qualify_max $condition_session = api_get_session_condition($session_id);
FROM $tbl_attendance
WHERE c_id = $course_id AND active = 1 $condition_session "; // Get attendance data
$rs = Database::query($sql); $sql = "SELECT id, name, attendance_qualify_max
if (Database::num_rows($rs) > 0) { FROM $tbl_attendance
while ($row = Database::fetch_array($rs,'ASSOC')) { WHERE c_id = $course_id AND active = 1 $condition_session ";
$data[$row['id']] = $row; $rs = Database::query($sql);
} if (Database::num_rows($rs) > 0) {
} while ($row = Database::fetch_array($rs,'ASSOC')) {
$data[$row['id']] = $row;
}
}
return $data; return $data;
} }
/** /**
* Get the attendaces to display on the current page (fill the sortable-table) * Get the attendaces to display on the current page (fill the sortable-table)
@ -849,7 +848,6 @@ class Attendance
} }
// get count of presences by users inside current attendance and save like results // get count of presences by users inside current attendance and save like results
$count_presences = 0;
if (count($user_ids) > 0) { if (count($user_ids) > 0) {
foreach ($user_ids as $uid) { foreach ($user_ids as $uid) {
$count_presences = 0; $count_presences = 0;

4
main/inc/lib/auth.lib.php
Unescape View File

@ -102,7 +102,9 @@ class Auth
{ {
$user_id = api_get_user_id(); $user_id = api_get_user_id();
$table_category = Database::get_main_table(TABLE_USER_COURSE_CATEGORY); $table_category = Database::get_main_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM " . $table_category . " WHERE user_id=$user_id ORDER BY sort ASC"; $sql = "SELECT * FROM " . $table_category . "
WHERE user_id=$user_id
ORDER BY sort ASC";
$result = Database::query($sql); $result = Database::query($sql);
$output = array(); $output = array();
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {

339
main/inc/lib/blog.lib.php
Unescape View File

@ -124,10 +124,15 @@ class Blog
if ($info_count == 0) { if ($info_count == 0) {
// Create the blog // Create the blog
$sql = "INSERT INTO $tbl_blogs (c_id, blog_name, blog_subtitle, date_creation, visibility, session_id ) $params = [
VALUES ($course_id, '".Database::escape_string($title)."', '".Database::escape_string($subtitle)."', '".$current_date."', '1', '$session_id');"; 'c_id' => $course_id,
Database::query($sql); 'blog_name' => $title,
$this_blog_id = Database::insert_id(); 'blog_subtitle' => $subtitle,
'date_creation' => $current_date,
'visibility' => 1 ,
'session_id' => $session_id,
];
$this_blog_id = Database::insert($tbl_blogs, $params);
if ($this_blog_id > 0) { if ($this_blog_id > 0) {
@ -145,10 +150,16 @@ class Blog
} }
// Make first post. :) // Make first post. :)
$sql = "INSERT INTO $tbl_blogs_posts (c_id, title, full_text, date_creation, blog_id, author_id)
VALUES ($course_id, '".get_lang("Welcome")."', '" . get_lang('FirstPostText')."','".$current_date."', '".Database::escape_string((int)$this_blog_id)."', '".Database::escape_string((int)$_user['user_id'])."');"; $params = [
Database::query($sql); 'c_id' => $course_id,
$postId = Database::insert_id(); 'title' => get_lang("Welcome"),
'full_text' => get_lang('FirstPostText'),
'date_creation' => $current_date,
'blog_id' => $this_blog_id,
'author_id' => $_user['user_id'],
];
$postId = Database::insert($tbl_blogs_posts, $params);
if ($postId) { if ($postId) {
$sql = "UPDATE $tbl_blogs_posts SET post_id = iid WHERE iid = $postId"; $sql = "UPDATE $tbl_blogs_posts SET post_id = iid WHERE iid = $postId";
Database::query($sql); Database::query($sql);
@ -165,7 +176,6 @@ class Blog
Database::query($sql); Database::query($sql);
} }
// Subscribe the teacher to this blog // Subscribe the teacher to this blog
Blog::set_user_subscribed($this_blog_id, $_user['user_id']); Blog::set_user_subscribed($this_blog_id, $_user['user_id']);
} }
@ -180,8 +190,6 @@ class Blog
*/ */
public static function edit_blog($blog_id, $title, $subtitle) public static function edit_blog($blog_id, $title, $subtitle)
{ {
$_user = api_get_user_info();
// Table definitions // Table definitions
$tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$tbl_tool = Database::get_course_table(TABLE_TOOL_LIST); $tbl_tool = Database::get_course_table(TABLE_TOOL_LIST);
@ -197,7 +205,6 @@ class Blog
blog_id ='".Database::escape_string((int)$blog_id)."' blog_id ='".Database::escape_string((int)$blog_id)."'
LIMIT 1"; LIMIT 1";
Database::query($sql); Database::query($sql);
$this_blog_id = Database::insert_id();
//update item_property (update) //update item_property (update)
api_item_property_update( api_item_property_update(
@ -211,7 +218,7 @@ class Blog
// Update course homepage link // Update course homepage link
$sql = "UPDATE $tbl_tool SET $sql = "UPDATE $tbl_tool SET
name = '".Database::escape_string($title)."' name = '".Database::escape_string($title)."'
WHERE c_id = $course_id AND link = 'blog/blog.php?blog_id=".Database::escape_string((int)$blog_id)."' LIMIT 1"; WHERE c_id = $course_id AND link = 'blog/blog.php?blog_id=".(int)$blog_id."' LIMIT 1";
Database::query($sql); Database::query($sql);
} }
@ -357,7 +364,6 @@ class Blog
*/ */
public static function edit_post($post_id, $title, $full_text, $blog_id) public static function edit_post($post_id, $title, $full_text, $blog_id)
{ {
// Init
$tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS);
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
@ -420,7 +426,7 @@ class Blog
$upload_ok = true; $upload_ok = true;
$has_attachment = false; $has_attachment = false;
$current_date = date('Y-m-d H:i:s', time()); $current_date = api_get_utc_datetime();
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
if (!empty($_FILES['user_upload']['name'])) { if (!empty($_FILES['user_upload']['name'])) {
@ -732,7 +738,6 @@ class Blog
{ {
$_user = api_get_user_info(); $_user = api_get_user_info();
// Init
$tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER); $tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER);
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
@ -741,16 +746,18 @@ class Blog
if ($_user['user_id']) { if ($_user['user_id']) {
$sql = "SELECT task_rel_user.*, task.title, blog.blog_name $sql = "SELECT task_rel_user.*, task.title, blog.blog_name
FROM $tbl_blogs_tasks_rel_user task_rel_user FROM $tbl_blogs_tasks_rel_user task_rel_user
INNER JOIN $tbl_blogs_tasks task ON task_rel_user.task_id = task.task_id INNER JOIN $tbl_blogs_tasks task
INNER JOIN $tbl_blogs blog ON task_rel_user.blog_id = blog.blog_id ON task_rel_user.task_id = task.task_id
AND blog.blog_id = ".intval($_GET['blog_id'])." INNER JOIN $tbl_blogs blog
WHERE ON task_rel_user.blog_id = blog.blog_id
task.c_id = $course_id AND AND blog.blog_id = ".intval($_GET['blog_id'])."
blog.c_id = $course_id AND WHERE
task_rel_user.c_id = $course_id AND task.c_id = $course_id AND
task_rel_user.user_id = ".(int)$_user['user_id']." blog.c_id = $course_id AND
ORDER BY target_date ASC"; task_rel_user.c_id = $course_id AND
task_rel_user.user_id = ".(int)$_user['user_id']."
ORDER BY target_date ASC";
$result = Database::query($sql); $result = Database::query($sql);
@ -791,11 +798,11 @@ class Blog
// Change visibility state, remove from course home. // Change visibility state, remove from course home.
$sql = "UPDATE $tbl_blogs SET visibility = '0' $sql = "UPDATE $tbl_blogs SET visibility = '0'
WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."' LIMIT 1"; WHERE c_id = $course_id AND blog_id ='".(int)$blog_id."' LIMIT 1";
$result = Database::query($sql); Database::query($sql);
$sql = "DELETE FROM $tbl_tool $sql = "DELETE FROM $tbl_tool
WHERE c_id = $course_id AND name = '".Database::escape_string($title)."' LIMIT 1"; WHERE c_id = $course_id AND name = '".Database::escape_string($title)."' LIMIT 1";
$result = Database::query($sql); Database::query($sql);
} else { } else {
// Change visibility state, add to course home. // Change visibility state, add to course home.
$sql = "UPDATE $tbl_blogs SET visibility = '1' $sql = "UPDATE $tbl_blogs SET visibility = '1'
@ -826,7 +833,6 @@ class Blog
$tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS);
$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS); $tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
$tbl_users = Database::get_main_table(TABLE_MAIN_USER); $tbl_users = Database::get_main_table(TABLE_MAIN_USER);
global $dateFormatLong;
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
@ -844,11 +850,14 @@ class Blog
// Display // Display
if(Database::num_rows($result) > 0) { if(Database::num_rows($result) > 0) {
$limit = 200; $limit = 200;
while($blog_post = Database::fetch_array($result)) { while ($blog_post = Database::fetch_array($result)) {
// Get number of comments // Get number of comments
$sql = "SELECT COUNT(1) as number_of_comments $sql = "SELECT COUNT(1) as number_of_comments
FROM $tbl_blogs_comments FROM $tbl_blogs_comments
WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND post_id = '" . (int)$blog_post['post_id']."'"; WHERE
c_id = $course_id AND
blog_id = '".(int)$blog_id."' AND
post_id = '" . (int)$blog_post['post_id']."'";
$tmp = Database::query($sql); $tmp = Database::query($sql);
$blog_post_comments = Database::fetch_array($tmp); $blog_post_comments = Database::fetch_array($tmp);
@ -931,7 +940,6 @@ class Blog
*/ */
public static function display_day_results($blog_id, $query_string) public static function display_day_results($blog_id, $query_string)
{ {
// Init
$date_output = $query_string; $date_output = $query_string;
$date = explode('-',$query_string); $date = explode('-',$query_string);
$query_string = ' DAYOFMONTH(date_creation) =' . intval($date[2]) . ' AND MONTH(date_creation) =' . intval($date[1]) . ' AND YEAR(date_creation) =' . intval($date[0]); $query_string = ' DAYOFMONTH(date_creation) =' . intval($date[2]) . ' AND MONTH(date_creation) =' . intval($date[1]) . ' AND YEAR(date_creation) =' . intval($date[0]);
@ -952,7 +960,6 @@ class Blog
*/ */
public static function display_post($blog_id, $post_id) public static function display_post($blog_id, $post_id)
{ {
// Init
$tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS);
$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS); $tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
$tbl_users = Database::get_main_table(TABLE_MAIN_USER); $tbl_users = Database::get_main_table(TABLE_MAIN_USER);
@ -961,20 +968,22 @@ class Blog
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
// Get posts and author // Get posts and author
$sql = "SELECT post.*, user.lastname, user.firstname, user.username FROM $tbl_blogs_posts post $sql = "SELECT post.*, user.lastname, user.firstname, user.username
INNER JOIN $tbl_users user ON post.author_id = user.user_id FROM $tbl_blogs_posts post
WHERE INNER JOIN $tbl_users user
post.c_id = $course_id AND ON post.author_id = user.user_id
post.blog_id = '".(int)$blog_id."' AND WHERE
post.post_id = '".(int)$post_id."' post.c_id = $course_id AND
ORDER BY post_id DESC"; post.blog_id = '".(int)$blog_id."' AND
post.post_id = '".(int)$post_id."'
ORDER BY post_id DESC";
$result = Database::query($sql); $result = Database::query($sql);
$blog_post = Database::fetch_array($result); $blog_post = Database::fetch_array($result);
// Get number of comments // Get number of comments
$sql = "SELECT COUNT(1) as number_of_comments FROM $tbl_blogs_comments $sql = "SELECT COUNT(1) as number_of_comments
FROM $tbl_blogs_comments
WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND post_id = '".(int)$post_id."'"; WHERE c_id = $course_id AND blog_id = '".(int)$blog_id."' AND post_id = '".(int)$post_id."'";
$result = Database::query($sql); $result = Database::query($sql);
$blog_post_comments = Database::fetch_array($result); $blog_post_comments = Database::fetch_array($result);
@ -1057,18 +1066,19 @@ class Blog
// Check if the user has already rated this post/comment // Check if the user has already rated this post/comment
$sql = "SELECT rating_id FROM $tbl_blogs_rating $sql = "SELECT rating_id FROM $tbl_blogs_rating
WHERE c_id = $course_id AND WHERE
blog_id = '".(int)$blog_id."' c_id = $course_id AND
AND item_id = '".(int)$item_id."' blog_id = '".(int)$blog_id."' AND
AND rating_type = '".Database::escape_string($type)."' item_id = '".(int)$item_id."' AND
AND user_id = '".(int)$_user['user_id']."'"; rating_type = '".Database::escape_string($type)."' AND
user_id = '".(int)$_user['user_id']."'";
$result = Database::query($sql); $result = Database::query($sql);
// Add rating // Add rating
if (Database::num_rows($result) == 0) { if (Database::num_rows($result) == 0) {
$sql = "INSERT INTO $tbl_blogs_rating (c_id, blog_id, rating_type, item_id, user_id, rating ) $sql = "INSERT INTO $tbl_blogs_rating (c_id, blog_id, rating_type, item_id, user_id, rating )
VALUES ($course_id, '".(int)$blog_id."', '".Database::escape_string($type)."', '".(int)$item_id."', '".(int)$_user['user_id']."', '".Database::escape_string($rating)."')"; VALUES ($course_id, '".(int)$blog_id."', '".Database::escape_string($type)."', '".(int)$item_id."', '".(int)$_user['user_id']."', '".Database::escape_string($rating)."')";
$result = Database::query($sql); Database::query($sql);
$id = Database::insert_id(); $id = Database::insert_id();
if ($id) { if ($id) {
@ -1168,30 +1178,34 @@ class Blog
*/ */
public static function get_threaded_comments($current = 0, $current_level = 0, $blog_id, $post_id, $task_id = 0) public static function get_threaded_comments($current = 0, $current_level = 0, $blog_id, $post_id, $task_id = 0)
{ {
// Init $tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS);
$tbl_blogs_comments = Database::get_course_table(TABLE_BLOGS_COMMENTS); $tbl_users = Database::get_main_table(TABLE_MAIN_USER);
$tbl_users = Database::get_main_table(TABLE_MAIN_USER); $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); global $charset;
global $charset,$dateFormatLong;
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
// Select top level comments // Select top level comments
$next_level = $current_level + 1; $next_level = $current_level + 1;
$sql = "SELECT comments.*, user.lastname, user.firstname, user.username, task.color $sql = "SELECT comments.*, user.lastname, user.firstname, user.username, task.color
FROM $tbl_blogs_comments comments FROM $tbl_blogs_comments comments
INNER JOIN $tbl_users user ON comments.author_id = user.user_id INNER JOIN $tbl_users user
LEFT JOIN $tbl_blogs_tasks task ON comments.task_id = task.task_id AND task.c_id = $course_id ON comments.author_id = user.user_id
WHERE comments.c_id = $course_id AND LEFT JOIN $tbl_blogs_tasks task
parent_comment_id = $current AND ON comments.task_id = task.task_id AND task.c_id = $course_id
comments.blog_id = '".(int)$blog_id."' AND WHERE
comments.post_id = '".(int)$post_id."'"; comments.c_id = $course_id AND
parent_comment_id = $current AND
comments.blog_id = '".(int)$blog_id."' AND
comments.post_id = '".(int)$post_id."'";
$result = Database::query($sql); $result = Database::query($sql);
while($comment = Database::fetch_array($result)) { while($comment = Database::fetch_array($result)) {
// Select the children recursivly // Select the children recursivly
$tmp = "SELECT comments.*, user.lastname, user.firstname, user.username FROM $tbl_blogs_comments comments $tmp = "SELECT comments.*, user.lastname, user.firstname, user.username
INNER JOIN $tbl_users user ON comments.author_id = user.user_id FROM $tbl_blogs_comments comments
INNER JOIN $tbl_users user
ON comments.author_id = user.user_id
WHERE WHERE
comments.c_id = $course_id AND comments.c_id = $course_id AND
comment_id = $current comment_id = $current
@ -1213,7 +1227,7 @@ class Blog
$border_color = ' border-left: 3px solid #' . $comment['color']; $border_color = ' border-left: 3px solid #' . $comment['color'];
} }
$comment_text=stripslashes($comment_text); $comment_text = stripslashes($comment_text);
// Output... // Output...
$margin = $current_level * 30; $margin = $current_level * 30;
@ -1306,7 +1320,6 @@ class Blog
$blog_post = Database::fetch_array($result); $blog_post = Database::fetch_array($result);
// Form // Form
$form = new FormValidator( $form = new FormValidator(
'edit_post', 'edit_post',
'post', 'post',
@ -1343,7 +1356,6 @@ class Blog
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
if (api_is_allowed('BLOG_' . $blog_id, 'article_add')) { if (api_is_allowed('BLOG_' . $blog_id, 'article_add')) {
// Init
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
$counter = 0; $counter = 0;
global $color2; global $color2;
@ -1367,16 +1379,16 @@ class Blog
$sql = " SELECT $sql = " SELECT
blog_id, blog_id,
task_id, task_id,
blog_id, blog_id,
title, title,
description, description,
color, color,
system_task system_task
FROM " . $tbl_blogs_tasks . " FROM " . $tbl_blogs_tasks . "
WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . " WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . "
ORDER BY system_task, title"; ORDER BY system_task, title";
$result = Database::query($sql); $result = Database::query($sql);
@ -1438,9 +1450,10 @@ class Blog
FROM $tbl_blogs_tasks_rel_user task_rel_user FROM $tbl_blogs_tasks_rel_user task_rel_user
INNER JOIN $tbl_blogs_tasks task ON task_rel_user.task_id = task.task_id INNER JOIN $tbl_blogs_tasks task ON task_rel_user.task_id = task.task_id
INNER JOIN $tbl_users user ON task_rel_user.user_id = user.user_id INNER JOIN $tbl_users user ON task_rel_user.user_id = user.user_id
WHERE task_rel_user.c_id = $course_id AND WHERE
task.c_id = $course_id AND task_rel_user.c_id = $course_id AND
task_rel_user.blog_id = '".(int)$blog_id."' task.c_id = $course_id AND
task_rel_user.blog_id = '".(int)$blog_id."'
ORDER BY target_date ASC"; ORDER BY target_date ASC";
$result = Database::query($sql); $result = Database::query($sql);
@ -1531,22 +1544,22 @@ class Blog
' . get_lang('TaskManager') . ' ' . get_lang('TaskManager') . '
</label> </label>
<div class="controls">'; <div class="controls">';
echo "\t\t\t" . '<table class="data_table" cellspacing="0" style="border-collapse:collapse; width:446px;">'; echo '<table class="data_table" cellspacing="0" style="border-collapse:collapse; width:446px;">';
echo "\t\t\t\t" . '<tr>'; echo '<tr>';
echo '<th colspan="2" style="width:223px;">' . get_lang('ArticleManager') . '</th>'; echo '<th colspan="2" style="width:223px;">' . get_lang('ArticleManager') . '</th>';
echo '<th width:223px;>' . get_lang('CommentManager') . '</th>'; echo '<th width:223px;>' . get_lang('CommentManager') . '</th>';
echo "\t\t\t\t" . '</tr>'; echo '</tr>';
echo "\t\t\t\t" . '<tr>'; echo '<tr>';
echo '<th style="width:111px;"><label for="articleDelete">' . get_lang('Delete') . '</label></th>'; echo '<th style="width:111px;"><label for="articleDelete">' . get_lang('Delete') . '</label></th>';
echo '<th style="width:112px;"><label for="articleEdit">' . get_lang('Edit') . '</label></th>'; echo '<th style="width:112px;"><label for="articleEdit">' . get_lang('Edit') . '</label></th>';
echo '<th style="width:223px;"><label for="commentsDelete">' . get_lang('Delete') . '</label></th>'; echo '<th style="width:223px;"><label for="commentsDelete">' . get_lang('Delete') . '</label></th>';
echo "\t\t\t\t" . '</tr>'; echo '</tr>';
echo "\t\t\t\t" . '<tr>'; echo '<tr>';
echo '<td style="text-align:center;"><input id="articleDelete" name="chkArticleDelete" type="checkbox" /></td>'; echo '<td style="text-align:center;"><input id="articleDelete" name="chkArticleDelete" type="checkbox" /></td>';
echo '<td style="text-align:center;"><input id="articleEdit" name="chkArticleEdit" type="checkbox" /></td>'; echo '<td style="text-align:center;"><input id="articleEdit" name="chkArticleEdit" type="checkbox" /></td>';
echo '<td style="border:1px dotted #808080; text-align:center;"><input id="commentsDelete" name="chkCommentsDelete" type="checkbox" /></td>'; echo '<td style="border:1px dotted #808080; text-align:center;"><input id="commentsDelete" name="chkCommentsDelete" type="checkbox" /></td>';
echo "\t\t\t\t" . '</tr>'; echo '</tr>';
echo "\t\t\t" . '</table>'; echo '</table>';
echo ' </div> echo ' </div>
</div>'; </div>';
@ -1557,13 +1570,12 @@ class Blog
' . get_lang('Color') . ' ' . get_lang('Color') . '
</label> </label>
<div class="controls">'; <div class="controls">';
echo ' <select name="task_color" id="color" style="width: 150px; background-color: #eeeeee" onchange="document.getElementById(\'color\').style.backgroundColor=\'#\'+document.getElementById(\'color\').value" onkeypress="document.getElementById(\'color\').style.backgroundColor=\'#\'+document.getElementById(\'color\').value">'; echo '<select name="task_color" id="color" style="width: 150px; background-color: #eeeeee" onchange="document.getElementById(\'color\').style.backgroundColor=\'#\'+document.getElementById(\'color\').value" onkeypress="document.getElementById(\'color\').style.backgroundColor=\'#\'+document.getElementById(\'color\').value">';
foreach ($colors as $color) foreach ($colors as $color) {
{ $style = 'style="background-color: #' . $color . '"';
$style = 'style="background-color: #' . $color . '"'; echo '<option value="' . $color . '" ' . $style . '>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>';
echo '<option value="' . $color . '" ' . $style . '>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>'; }
} echo '</select>';
echo ' </select>';
echo ' </div> echo ' </div>
</div>'; </div>';
@ -1575,7 +1587,6 @@ class Blog
<button class="save" type="submit" name="Submit">' . get_lang('Save') . '</button> <button class="save" type="submit" name="Submit">' . get_lang('Save') . '</button>
</div> </div>
</div>'; </div>';
echo '</form>'; echo '</form>';
echo '<div style="clear:both; margin-bottom: 10px;"></div>'; echo '<div style="clear:both; margin-bottom: 10px;"></div>';
@ -1622,39 +1633,38 @@ class Blog
while ($row = Database::fetch_array($result)) while ($row = Database::fetch_array($result))
$arrPermissions[] = $row['action']; $arrPermissions[] = $row['action'];
echo "\t" . '<tr>'; echo '<tr>';
echo "\t\t" . '<td style="text-align:right; vertical-align:top;">' . get_lang('TaskManager') . ':&nbsp;&nbsp;</td>'; echo '<td style="text-align:right; vertical-align:top;">' . get_lang('TaskManager') . ':&nbsp;&nbsp;</td>';
echo "\t\t" . '<td>'; echo '<td>';
echo "\t\t\t" . '<table class="data_table" cellspacing="0" style="border-collapse:collapse; width:446px;">'; echo '<table class="data_table" cellspacing="0" style="border-collapse:collapse; width:446px;">';
echo "\t\t\t\t" . '<tr>'; echo '<tr>';
echo '<th colspan="2" style="width:223px;">' . get_lang('ArticleManager') . '</th>'; echo '<th colspan="2" style="width:223px;">' . get_lang('ArticleManager') . '</th>';
echo '<th width:223px;>' . get_lang('CommentManager') . '</th>'; echo '<th width:223px;>' . get_lang('CommentManager') . '</th>';
echo "\t\t\t\t" . '</tr>'; echo '</tr>';
echo "\t\t\t\t" . '<tr>'; echo '<tr>';
echo '<th style="width:111px;"><label for="articleDelete">' . get_lang('Delete') . '</label></th>'; echo '<th style="width:111px;"><label for="articleDelete">' . get_lang('Delete') . '</label></th>';
echo '<th style="width:112px;"><label for="articleEdit">' . get_lang('Edit') . '</label></th>'; echo '<th style="width:112px;"><label for="articleEdit">' . get_lang('Edit') . '</label></th>';
echo '<th style="width:223px;"><label for="commentsDelete">' . get_lang('Delete') . '</label></th>'; echo '<th style="width:223px;"><label for="commentsDelete">' . get_lang('Delete') . '</label></th>';
echo "\t\t\t\t" . '</tr>'; echo '</tr>';
echo "\t\t\t\t" . '<tr>'; echo '<tr>';
echo '<td style="text-align:center;"><input ' . ((in_array('article_delete', $arrPermissions)) ? 'checked ' : '') . 'id="articleDelete" name="chkArticleDelete" type="checkbox" /></td>'; echo '<td style="text-align:center;"><input ' . ((in_array('article_delete', $arrPermissions)) ? 'checked ' : '') . 'id="articleDelete" name="chkArticleDelete" type="checkbox" /></td>';
echo '<td style="text-align:center;"><input ' . ((in_array('article_edit', $arrPermissions)) ? 'checked ' : '') . 'id="articleEdit" name="chkArticleEdit" type="checkbox" /></td>'; echo '<td style="text-align:center;"><input ' . ((in_array('article_edit', $arrPermissions)) ? 'checked ' : '') . 'id="articleEdit" name="chkArticleEdit" type="checkbox" /></td>';
echo '<td style="text-align:center;"><input ' . ((in_array('article_comments_delete', $arrPermissions)) ? 'checked ' : '') . 'id="commentsDelete" name="chkCommentsDelete" type="checkbox" /></td>'; echo '<td style="text-align:center;"><input ' . ((in_array('article_comments_delete', $arrPermissions)) ? 'checked ' : '') . 'id="commentsDelete" name="chkCommentsDelete" type="checkbox" /></td>';
echo "\t\t\t\t" . '</tr>'; echo '</tr>';
echo "\t\t\t" . '</table>'; echo '</table>';
echo "\t\t" . '</td>'; echo '</td>';
echo "\t" . '</tr>'; echo '</tr>';
/* end of edit */ /* end of edit */
echo '<tr> echo '<tr>
<td align="right">' . get_lang('Color') . ':&nbsp;&nbsp;</td> <td align="right">' . get_lang('Color') . ':&nbsp;&nbsp;</td>
<td> <td>
<select name="task_color" id="color" style="width: 150px; background-color: #' . $task['color'] . '" onchange="document.getElementById(\'color\').style.backgroundColor=\'#\'+document.getElementById(\'color\').value" onkeypress="document.getElementById(\'color\').style.backgroundColor=\'#\'+document.getElementById(\'color\').value">'; <select name="task_color" id="color" style="width: 150px; background-color: #' . $task['color'] . '" onchange="document.getElementById(\'color\').style.backgroundColor=\'#\'+document.getElementById(\'color\').value" onkeypress="document.getElementById(\'color\').style.backgroundColor=\'#\'+document.getElementById(\'color\').value">';
foreach ($colors as $color) foreach ($colors as $color) {
{ $selected = ($color == $task['color']) ? ' selected' : '';
$selected = ($color == $task['color']) ? ' selected' : ''; $style = 'style="background-color: #' . $color . '"';
$style = 'style="background-color: #' . $color . '"'; echo '<option value="' . $color . '" ' . $style . ' ' . $selected . ' >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>';
echo '<option value="' . $color . '" ' . $style . ' ' . $selected . ' >&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</option>'; }
}
echo ' </select> echo ' </select>
</td> </td>
</tr> </tr>
@ -1676,7 +1686,6 @@ class Blog
*/ */
public static function getTaskForm($blog_id) public static function getTaskForm($blog_id)
{ {
// Init
$tbl_users = Database::get_main_table(TABLE_MAIN_USER); $tbl_users = Database::get_main_table(TABLE_MAIN_USER);
$tbl_blogs_rel_user = Database::get_course_table(TABLE_BLOGS_REL_USER); $tbl_blogs_rel_user = Database::get_course_table(TABLE_BLOGS_REL_USER);
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
@ -1692,7 +1701,6 @@ class Blog
$options = array(); $options = array();
while ($user = Database::fetch_array($result)) { while ($user = Database::fetch_array($result)) {
$username = api_htmlentities(sprintf(get_lang('LoginX'), $user['username']), ENT_QUOTES);
$options[$user['user_id']] = api_get_person_name($user['firstname'], $user['lastname']); $options[$user['user_id']] = api_get_person_name($user['firstname'], $user['lastname']);
} }
@ -1706,7 +1714,7 @@ class Blog
description, description,
color, color,
system_task system_task
FROM " . $tbl_blogs_tasks . " FROM $tbl_blogs_tasks
WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . " WHERE c_id = $course_id AND blog_id = " . (int)$blog_id . "
ORDER BY system_task, title"; ORDER BY system_task, title";
$result = Database::query($sql); $result = Database::query($sql);
@ -1731,6 +1739,7 @@ class Blog
$form->addHidden('action', ''); $form->addHidden('action', '');
$form->addButtonSave(get_lang('Ok')); $form->addButtonSave(get_lang('Ok'));
return $form; return $form;
} }
@ -1754,9 +1763,6 @@ class Blog
*/ */
public static function display_edit_assigned_task_form($blog_id, $task_id, $user_id) public static function display_edit_assigned_task_form($blog_id, $task_id, $user_id)
{ {
$tbl_users = Database::get_main_table(TABLE_MAIN_USER);
$tbl_blogs_rel_user = Database::get_course_table(TABLE_BLOGS_REL_USER);
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
$tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER); $tbl_blogs_tasks_rel_user = Database::get_course_table(TABLE_BLOGS_TASKS_REL_USER);
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
@ -1829,7 +1835,7 @@ class Blog
'" . Database::escape_string($target_date) . "' '" . Database::escape_string($target_date) . "'
)"; )";
$result = Database::query($sql); Database::query($sql);
} }
} }
@ -1881,8 +1887,7 @@ class Blog
task_id = " . (int)$old_task_id . " AND task_id = " . (int)$old_task_id . " AND
target_date = '" . Database::escape_string($old_target_date) . "' target_date = '" . Database::escape_string($old_target_date) . "'
"; ";
Database::query($sql);
$result = @Database::query($sql);
} }
} }
@ -1894,7 +1899,6 @@ class Blog
*/ */
public static function display_select_task_post($blog_id, $task_id) public static function display_select_task_post($blog_id, $task_id)
{ {
// Init
$tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS); $tbl_blogs_tasks = Database::get_course_table(TABLE_BLOGS_TASKS);
$tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS); $tbl_blogs_posts = Database::get_course_table(TABLE_BLOGS_POSTS);
$tbl_users = Database::get_main_table(TABLE_MAIN_USER); $tbl_users = Database::get_main_table(TABLE_MAIN_USER);
@ -1947,12 +1951,12 @@ class Blog
// Subscribe the user // Subscribe the user
$sql = "INSERT INTO $tbl_blogs_rel_user (c_id, blog_id, user_id ) $sql = "INSERT INTO $tbl_blogs_rel_user (c_id, blog_id, user_id )
VALUES ($course_id, '".(int)$blog_id."', '".(int)$user_id."');"; VALUES ($course_id, '".(int)$blog_id."', '".(int)$user_id."');";
$result = Database::query($sql); Database::query($sql);
// Give this user basic rights // Give this user basic rights
$sql = "INSERT INTO $tbl_user_permissions (c_id, user_id,tool,action) $sql = "INSERT INTO $tbl_user_permissions (c_id, user_id,tool,action)
VALUES ($course_id, '".(int)$user_id."','BLOG_" . (int)$blog_id."','article_add')"; VALUES ($course_id, '".(int)$user_id."','BLOG_" . (int)$blog_id."','article_add')";
$result = Database::query($sql); Database::query($sql);
$id = Database::insert_id(); $id = Database::insert_id();
if ($id) { if ($id) {
@ -1962,7 +1966,7 @@ class Blog
$sql = "INSERT INTO $tbl_user_permissions (c_id, user_id,tool,action) $sql = "INSERT INTO $tbl_user_permissions (c_id, user_id,tool,action)
VALUES ($course_id, '".(int)$user_id."','BLOG_" . (int)$blog_id."','article_comments_add')"; VALUES ($course_id, '".(int)$user_id."','BLOG_" . (int)$blog_id."','article_comments_add')";
$result = Database::query($sql); Database::query($sql);
$id = Database::insert_id(); $id = Database::insert_id();
if ($id) { if ($id) {
@ -1988,12 +1992,12 @@ class Blog
// Unsubscribe the user // Unsubscribe the user
$sql = "DELETE FROM $tbl_blogs_rel_user $sql = "DELETE FROM $tbl_blogs_rel_user
WHERE blog_id = '".(int)$blog_id."' AND user_id = '".(int)$user_id."'"; WHERE blog_id = '".(int)$blog_id."' AND user_id = '".(int)$user_id."'";
$result = Database::query($sql); Database::query($sql);
// Remove this user's permissions. // Remove this user's permissions.
$sql = "DELETE FROM $tbl_user_permissions $sql = "DELETE FROM $tbl_user_permissions
WHERE user_id = '".(int)$user_id."'"; WHERE user_id = '".(int)$user_id."'";
$result = Database::query($sql); Database::query($sql);
} }
/** /**
@ -2115,7 +2119,7 @@ class Blog
$is_western_name_order = api_is_western_name_order(); $is_western_name_order = api_is_western_name_order();
// Init // Init
$tbl_users = Database::get_main_table(TABLE_MAIN_USER); $tbl_users = Database::get_main_table(TABLE_MAIN_USER);
$tbl_blogs_rel_user = Database::get_course_table(TABLE_BLOGS_REL_USER); $tbl_blogs_rel_user = Database::get_course_table(TABLE_BLOGS_REL_USER);
echo '<legend>'.get_lang('UnsubscribeMembers').'</legend>'; echo '<legend>'.get_lang('UnsubscribeMembers').'</legend>';
@ -2214,11 +2218,8 @@ class Blog
* *
* @param Integer $blog_id * @param Integer $blog_id
*/ */
public static function display_form_user_rights ($blog_id) { public static function display_form_user_rights ($blog_id)
// Init {
$tbl_users = Database::get_main_table(TABLE_MAIN_USER);
$tbl_blogs_rel_user = Database::get_course_table(TABLE_BLOGS_REL_USER);
echo '<legend>'.get_lang('RightsManager').'</legend>'; echo '<legend>'.get_lang('RightsManager').'</legend>';
echo '<br />'; echo '<br />';
@ -2461,14 +2462,16 @@ class Blog
$blog_id= intval($blog_id); $blog_id= intval($blog_id);
$tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$sql = "SELECT blog_id, blog_name, blog_subtitle FROM $tbl_blogs WHERE c_id = $course_id AND blog_id = '".$blog_id."'"; $sql = "SELECT blog_id, blog_name, blog_subtitle
FROM $tbl_blogs
WHERE c_id = $course_id AND blog_id = '".$blog_id."'";
$result = Database::query($sql); $result = Database::query($sql);
$blog = Database::fetch_array($result); $blog = Database::fetch_array($result);
// the form contained errors but we do not want to lose the changes the user already did // the form contained errors but we do not want to lose the changes the user already did
if ($_POST) { if ($_POST) {
$blog['blog_name'] = Security::remove_XSS($_POST['blog_name']); $blog['blog_name'] = Security::remove_XSS($_POST['blog_name']);
$blog['blog_subtitle'] = Security::remove_XSS($_POST['blog_subtitle']); $blog['blog_subtitle'] = Security::remove_XSS($_POST['blog_subtitle']);
} }
$form = new FormValidator('edit_blog', 'post','blog_admin.php?action=edit&blog_id='.intval($_GET['blog_id'])); $form = new FormValidator('edit_blog', 'post','blog_admin.php?action=edit&blog_id='.intval($_GET['blog_id']));
@ -2490,12 +2493,11 @@ class Blog
/** /**
* Blog admin | Returns table with blogs in this course * Blog admin | Returns table with blogs in this course
*/ */
public static function display_blog_list () { public static function display_blog_list()
{
global $charset; global $charset;
$_user = api_get_user_info(); $_user = api_get_user_info();
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
// Init
$counter = 0;
$tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_blogs = Database::get_course_table(TABLE_BLOGS);
@ -2516,7 +2518,6 @@ class Blog
$list_content_blog = array(); $list_content_blog = array();
$list_body_blog = array(); $list_body_blog = array();
$_user = api_get_user_info();
if (is_array($list_info)) { if (is_array($list_info)) {
foreach ($list_info as $key => $info_log) { foreach ($list_info as $key => $info_log) {
@ -2599,7 +2600,8 @@ function get_blog_attachment($blog_id, $post_id=null,$comment_id=null)
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$sql = 'SELECT path, filename, comment FROM '. $blog_table_attachment.' WHERE c_id = '.$course_id.' AND blog_id ="'.intval($blog_id).'" '.$where; $sql = 'SELECT path, filename, comment FROM '. $blog_table_attachment.'
WHERE c_id = '.$course_id.' AND blog_id ="'.intval($blog_id).'" '.$where;
$result=Database::query($sql); $result=Database::query($sql);
if (Database::num_rows($result)!=0) { if (Database::num_rows($result)!=0) {
@ -2629,19 +2631,16 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
$where = null; $where = null;
// delete files in DB // delete files in DB
if (!empty ($post_id) && is_numeric($post_id) ) if (!empty ($post_id) && is_numeric($post_id)) {
{ $where .= ' AND post_id ="'.$post_id.'" ';
$where.=' AND post_id ="'.$post_id.'" '; }
}
if (!empty ($comment_id) && is_numeric($comment_id) ) if (!empty ($comment_id) && is_numeric($comment_id)) {
{ if (!empty ($post_id)) {
if (!empty ($post_id) ) $where .= ' AND ';
{ }
$where.= ' AND '; $where .= ' comment_id ="'.$comment_id.'" ';
} }
$where.=' comment_id ="'.$comment_id.'" ';
}
// delete all files in directory // delete all files in directory
$courseDir = $_course['path'].'/upload/blog'; $courseDir = $_course['path'].'/upload/blog';
@ -2659,7 +2658,8 @@ function delete_all_blog_attachment($blog_id,$post_id=null,$comment_id=null)
@ unlink($file); @ unlink($file);
} }
} }
$sql = 'DELETE FROM '. $blog_table_attachment.' WHERE c_id = '.$course_id.' AND blog_id ="'.intval($blog_id).'" '.$where; $sql = 'DELETE FROM '. $blog_table_attachment.'
WHERE c_id = '.$course_id.' AND blog_id ="'.intval($blog_id).'" '.$where;
Database::query($sql); Database::query($sql);
} }
@ -2676,7 +2676,8 @@ function get_blog_post_from_user($course_code, $user_id)
$course_id = $course_info['real_id']; $course_id = $course_info['real_id'];
$sql = "SELECT DISTINCT blog.blog_id, post_id, title, full_text, post.date_creation $sql = "SELECT DISTINCT blog.blog_id, post_id, title, full_text, post.date_creation
FROM $tbl_blogs blog INNER JOIN $tbl_blog_post post FROM $tbl_blogs blog
INNER JOIN $tbl_blog_post post
ON (blog.blog_id = post.blog_id) ON (blog.blog_id = post.blog_id)
WHERE WHERE
blog.c_id = $course_id AND blog.c_id = $course_id AND
@ -2705,12 +2706,12 @@ function get_blog_post_from_user($course_code, $user_id)
*/ */
function get_blog_comment_from_user($course_code, $user_id) function get_blog_comment_from_user($course_code, $user_id)
{ {
$tbl_blogs = Database::get_course_table(TABLE_BLOGS); $tbl_blogs = Database::get_course_table(TABLE_BLOGS);
$tbl_blog_comment = Database::get_course_table(TABLE_BLOGS_COMMENTS); $tbl_blog_comment = Database::get_course_table(TABLE_BLOGS_COMMENTS);
$user_id = intval($user_id); $user_id = intval($user_id);
$course_info = api_get_course_info($course_code); $course_info = api_get_course_info($course_code);
$course_id = $course_info['real_id']; $course_id = $course_info['real_id'];
$sql = "SELECT DISTINCT blog.blog_id, comment_id, title, comment, comment.date_creation $sql = "SELECT DISTINCT blog.blog_id, comment_id, title, comment, comment.date_creation
FROM $tbl_blogs blog INNER JOIN $tbl_blog_comment comment FROM $tbl_blogs blog INNER JOIN $tbl_blog_comment comment

2
main/inc/lib/certificate.lib.php
Unescape View File

@ -323,7 +323,6 @@ class Certificate extends Model
*/ */
public function parse_certificate_variables($array) public function parse_certificate_variables($array)
{ {
$text = '';
$headers = $array[0]; $headers = $array[0];
$content = $array[1]; $content = $array[1];
$final_content = array(); $final_content = array();
@ -361,6 +360,7 @@ class Certificate extends Model
get_lang('Date'). ': '.$final_content['date_certificate'].$break_space. get_lang('Date'). ': '.$final_content['date_certificate'].$break_space.
get_lang('Score'). ': '.$final_content['gradebook_grade'].$break_space. get_lang('Score'). ': '.$final_content['gradebook_grade'].$break_space.
'URL'. ': '.$final_content['certificate_link']; 'URL'. ': '.$final_content['certificate_link'];
return $text; return $text;
} }

3
main/inc/lib/course_description.lib.php
Unescape View File

@ -339,7 +339,8 @@ class CourseDescription
/** /**
* Get description id by description type * Get description id by description type
* @param int description type * @param int $description_type
*
* @return int description id * @return int description id
*/ */
public function get_id_by_description_type($description_type) public function get_id_by_description_type($description_type)

6
main/inc/lib/course_home.lib.php
Unescape View File

@ -994,8 +994,6 @@ class CourseHome
*/ */
public static function show_session_data($id_session) public static function show_session_data($id_session)
{ {
$session_table = Database::get_main_table(TABLE_MAIN_SESSION);
$user_table = Database::get_main_table(TABLE_MAIN_USER);
$session_category_table = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY); $session_category_table = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
$sessionInfo = api_get_session_info($id_session); $sessionInfo = api_get_session_info($id_session);
@ -1332,9 +1330,7 @@ class CourseHome
/** /**
* @param int $id * @param int $id
* @param int $courseId * @param array $values
* @param int $sessionId
* @param $values
*/ */
public static function updateTool($id, $values) public static function updateTool($id, $values)
{ {

7
main/inc/lib/course_request.lib.php
Unescape View File

@ -37,6 +37,7 @@ class CourseRequestManager
$wanted_course_code $wanted_course_code
); );
$result = Database::fetch_array(Database::query($sql)); $result = Database::fetch_array(Database::query($sql));
return $result['number'] > 0; return $result['number'] > 0;
} }
@ -349,7 +350,8 @@ class CourseRequestManager
public static function delete_course_request($id) public static function delete_course_request($id)
{ {
$id = (int)$id; $id = (int)$id;
$sql = "DELETE FROM ".Database :: get_main_table(TABLE_MAIN_COURSE_REQUEST)." WHERE id = ".$id; $sql = "DELETE FROM ".Database :: get_main_table(TABLE_MAIN_COURSE_REQUEST)."
WHERE id = ".$id;
$result = Database::query($sql); $result = Database::query($sql);
return $result !== false; return $result !== false;
} }
@ -365,7 +367,8 @@ class CourseRequestManager
$sql = "SELECT COUNT(id) AS number FROM ".$course_table; $sql = "SELECT COUNT(id) AS number FROM ".$course_table;
} else { } else {
$status = (int)$status; $status = (int)$status;
$sql = "SELECT COUNT(id) AS number FROM ".$course_table." WHERE status = ".$status; $sql = "SELECT COUNT(id) AS number FROM ".$course_table."
WHERE status = ".$status;
} }
$result = Database::fetch_array(Database::query($sql)); $result = Database::fetch_array(Database::query($sql));
if (is_array($result)) { if (is_array($result)) {

458
main/inc/lib/dashboard.lib.php
Unescape View File

@ -21,237 +21,237 @@ class DashboardManager
*/ */
public static function handle_dashboard_plugins() public static function handle_dashboard_plugins()
{ {
$token = Security::get_existing_token(); $token = Security::get_existing_token();
$tokenCondition = '&amp;sec_token='.$token; $tokenCondition = '&amp;sec_token='.$token;
/* We scan the plugin directory. Each folder is a potential plugin. */ /* We scan the plugin directory. Each folder is a potential plugin. */
$dashboard_pluginpath = api_get_path(SYS_PLUGIN_PATH).'dashboard/'; $dashboard_pluginpath = api_get_path(SYS_PLUGIN_PATH).'dashboard/';
$possibleplugins = self::get_posible_dashboard_plugins_path(); $possibleplugins = self::getPossibleDashboardPluginsPath();
$table_cols = array('name', 'version', 'description'); $table_cols = array('name', 'version', 'description');
echo Display::page_subheader(get_lang('DashboardPlugins')); echo Display::page_subheader(get_lang('DashboardPlugins'));
echo '<form name="plugins" method="post" action="'.api_get_self().'?category='.Security::remove_XSS($_GET['category']).$tokenCondition.'">'; echo '<form name="plugins" method="post" action="'.api_get_self().'?category='.Security::remove_XSS($_GET['category']).$tokenCondition.'">';
echo '<table class="data_table">'; echo '<table class="data_table">';
echo '<tr>'; echo '<tr>';
echo '<th width="50px">'.get_lang('Enabled').'</th>'; echo '<th width="50px">'.get_lang('Enabled').'</th>';
echo '<th width="250px">'.get_lang('Name').'</th>'; echo '<th width="250px">'.get_lang('Name').'</th>';
echo '<th width="100px">'.get_lang('Version').'</th>'; echo '<th width="100px">'.get_lang('Version').'</th>';
echo '<th>'.get_lang('Description').'</th>'; echo '<th>'.get_lang('Description').'</th>';
echo '</tr>'; echo '</tr>';
$disabled_blocks_data = self::get_block_data_without_plugin(); $disabled_blocks_data = self::get_block_data_without_plugin();
// We display all the possible enabled or disabled plugins // We display all the possible enabled or disabled plugins
foreach ($possibleplugins as $testplugin) { foreach ($possibleplugins as $testplugin) {
$plugin_info_file = $dashboard_pluginpath.$testplugin."/$testplugin.info"; $plugin_info_file = $dashboard_pluginpath.$testplugin."/$testplugin.info";
if (file_exists($plugin_info_file) && is_readable($plugin_info_file)) { if (file_exists($plugin_info_file) && is_readable($plugin_info_file)) {
$plugin_info = parse_info_file($plugin_info_file); $plugin_info = parse_info_file($plugin_info_file);
// change index to lower case // change index to lower case
$plugin_info = array_change_key_case($plugin_info); $plugin_info = array_change_key_case($plugin_info);
echo '<tr>'; echo '<tr>';
self::display_dashboard_plugin_checkboxes($testplugin); self::display_dashboard_plugin_checkboxes($testplugin);
for ($i = 0 ; $i < count($table_cols); $i++) { for ($i = 0 ; $i < count($table_cols); $i++) {
if (isset($plugin_info[strtolower($table_cols[$i])])) { if (isset($plugin_info[strtolower($table_cols[$i])])) {
echo '<td>'; echo '<td>';
echo $plugin_info[$table_cols[$i]]; echo $plugin_info[$table_cols[$i]];
echo '</td>'; echo '</td>';
} else { } else {
echo '<td></td>'; echo '<td></td>';
} }
} }
echo '</tr>'; echo '</tr>';
} else { } else {
if ($testplugin != 'css') { if ($testplugin != 'css') {
echo Display::tag( echo Display::tag(
'tr', 'tr',
Display::tag('td', Display::tag('td',
get_lang('CheckFilePermissions') . ' ' . Security::remove_XSS($plugin_info_file), get_lang('CheckFilePermissions') . ' ' . Security::remove_XSS($plugin_info_file),
array('colspan' => '3')) array('colspan' => '3'))
); );
} }
} }
} }
// display all disabled block data // display all disabled block data
if (count($disabled_blocks_data) > 0) { if (count($disabled_blocks_data) > 0) {
foreach ($disabled_blocks_data as $disabled_block) { foreach ($disabled_blocks_data as $disabled_block) {
echo '<tr style="background-color:#eee">'; echo '<tr style="background-color:#eee">';
echo '<td><center><input type="checkbox" name="disabled_block" value="true" checked disabled /></center>'; echo '<td><center><input type="checkbox" name="disabled_block" value="true" checked disabled /></center>';
for ($j = 0 ; $j < count($table_cols); $j++) { for ($j = 0 ; $j < count($table_cols); $j++) {
if (isset($disabled_block[strtolower($table_cols[$j])])) { if (isset($disabled_block[strtolower($table_cols[$j])])) {
if ($j == 2) { if ($j == 2) {
echo '<td>'; echo '<td>';
echo '<font color="#aaa">'.$disabled_block[$table_cols[$j]].'</font><br />'; echo '<font color="#aaa">'.$disabled_block[$table_cols[$j]].'</font><br />';
echo '<font color="red">'.get_lang('ThisPluginHasbeenDeletedFromDashboardPluginDirectory').'</font>'; echo '<font color="red">'.get_lang('ThisPluginHasbeenDeletedFromDashboardPluginDirectory').'</font>';
echo '</td>'; echo '</td>';
} else { } else {
echo '<td>'; echo '<td>';
echo '<font color="#aaa">'.$disabled_block[$table_cols[$j]].'</font>'; echo '<font color="#aaa">'.$disabled_block[$table_cols[$j]].'</font>';
echo '</td>'; echo '</td>';
} }
} else { } else {
echo '<td>&nbsp;</td>'; echo '<td>&nbsp;</td>';
} }
} }
echo '</tr>'; echo '</tr>';
} }
} }
echo '</table>'; echo '</table>';
echo '<br />'; echo '<br />';
echo '<button class="btn btn-default" type="submit" name="submit_dashboard_plugins" value="'.get_lang('EnableDashboardPlugins').'">'. echo '<button class="btn btn-default" type="submit" name="submit_dashboard_plugins" value="'.get_lang('EnableDashboardPlugins').'">'.
get_lang('EnableDashboardPlugins').'</button></form>'; get_lang('EnableDashboardPlugins').'</button></form>';
} }
/** /**
* display checkboxes for dashboard plugin list * display checkboxes for dashboard plugin list
* @param string plugin path * @param string plugin path
* @return void * @return void
*/ */
public static function display_dashboard_plugin_checkboxes($plugin_path) { public static function display_dashboard_plugin_checkboxes($plugin_path) {
$tbl_block = Database::get_main_table(TABLE_MAIN_BLOCK); $tbl_block = Database::get_main_table(TABLE_MAIN_BLOCK);
$sql = "SELECT * FROM $tbl_block $sql = "SELECT * FROM $tbl_block
WHERE path = '".Database::escape_string($plugin_path)."' AND active = 1"; WHERE path = '".Database::escape_string($plugin_path)."' AND active = 1";
$rs = Database::query($sql); $rs = Database::query($sql);
$checked = ''; $checked = '';
if (Database::num_rows($rs) > 0) { if (Database::num_rows($rs) > 0) {
$checked = "checked"; $checked = "checked";
} }
echo "<td align=\"center\">"; echo "<td align=\"center\">";
echo '<input type="checkbox" name="'.$plugin_path.'" value="true" '.$checked.'/>'; echo '<input type="checkbox" name="'.$plugin_path.'" value="true" '.$checked.'/>';
echo "</td>"; echo "</td>";
} }
/** /**
* This function allows easy activating and inactivating * This function allows easy activating and inactivating
* of plugins and save them inside db * of plugins and save them inside db
* @param array $plugin_paths dashboard plugin paths * @param array $plugin_paths dashboard plugin paths
* return int affected rows * return int affected rows
*/ */
public static function store_dashboard_plugins($plugin_paths) public static function store_dashboard_plugins($plugin_paths)
{ {
$tbl_block = Database :: get_main_table(TABLE_MAIN_BLOCK); $tbl_block = Database :: get_main_table(TABLE_MAIN_BLOCK);
$affected_rows = 0; $affected_rows = 0;
// get all plugins path inside plugin directory // get all plugins path inside plugin directory
$dashboard_pluginpath = api_get_path(SYS_PLUGIN_PATH).'dashboard/'; $dashboard_pluginpath = api_get_path(SYS_PLUGIN_PATH).'dashboard/';
$possibleplugins = self::get_posible_dashboard_plugins_path(); $possibleplugins = self::getPossibleDashboardPluginsPath();
if (count($possibleplugins) > 0) { if (count($possibleplugins) > 0) {
$selected_plugins = array_intersect(array_keys($plugin_paths), $possibleplugins); $selected_plugins = array_intersect(array_keys($plugin_paths), $possibleplugins);
$not_selected_plugins = array_diff($possibleplugins, array_keys($plugin_paths)); $not_selected_plugins = array_diff($possibleplugins, array_keys($plugin_paths));
// get blocks id from not selected path // get blocks id from not selected path
$not_selected_blocks_id = array(); $not_selected_blocks_id = array();
foreach ($not_selected_plugins as $plugin) { foreach ($not_selected_plugins as $plugin) {
$block_data = self::get_enabled_dashboard_blocks($plugin); $block_data = self::get_enabled_dashboard_blocks($plugin);
if (!empty($block_data[$plugin])) { if (!empty($block_data[$plugin])) {
$not_selected_blocks_id[] = $block_data[$plugin]['id']; $not_selected_blocks_id[] = $block_data[$plugin]['id'];
} }
} }
/* clean not selected plugins for extra user data and block data */ /* clean not selected plugins for extra user data and block data */
// clean from extra user data // clean from extra user data
$field_variable = 'dashboard'; $field_variable = 'dashboard';
$extra_user_data = UserManager::get_extra_user_data_by_field_variable($field_variable); $extra_user_data = UserManager::get_extra_user_data_by_field_variable($field_variable);
foreach ($extra_user_data as $key => $user_data) { foreach ($extra_user_data as $key => $user_data) {
$user_id = $key; $user_id = $key;
$user_block_data = self::get_user_block_data($user_id); $user_block_data = self::get_user_block_data($user_id);
$user_block_id = array_keys($user_block_data); $user_block_id = array_keys($user_block_data);
// clean disabled block data // clean disabled block data
foreach ($user_block_id as $block_id) { foreach ($user_block_id as $block_id) {
if (in_array($block_id, $not_selected_blocks_id)) { if (in_array($block_id, $not_selected_blocks_id)) {
unset($user_block_data[$block_id]); unset($user_block_data[$block_id]);
} }
} }
// get columns and blocks id for updating extra user data // get columns and blocks id for updating extra user data
$columns = array(); $columns = array();
$user_blocks_id = array(); $user_blocks_id = array();
foreach ($user_block_data as $data) { foreach ($user_block_data as $data) {
$user_blocks_id[$data['block_id']] = true; $user_blocks_id[$data['block_id']] = true;
$columns[$data['block_id']] = $data['column']; $columns[$data['block_id']] = $data['column'];
} }
// update extra user blocks data // update extra user blocks data
$upd_extra_field = self::store_user_blocks($user_id, $user_blocks_id, $columns); $upd_extra_field = self::store_user_blocks($user_id, $user_blocks_id, $columns);
} }
// clean from block data // clean from block data
if (!empty($not_selected_blocks_id)) { if (!empty($not_selected_blocks_id)) {
$sql_check = "SELECT id FROM $tbl_block WHERE id IN(".implode(',',$not_selected_blocks_id).")"; $sql_check = "SELECT id FROM $tbl_block WHERE id IN(".implode(',',$not_selected_blocks_id).")";
$rs_check = Database::query($sql_check); $rs_check = Database::query($sql_check);
if (Database::num_rows($rs_check) > 0) { if (Database::num_rows($rs_check) > 0) {
$del = "DELETE FROM $tbl_block WHERE id IN(".implode(',',$not_selected_blocks_id).")"; $del = "DELETE FROM $tbl_block WHERE id IN(".implode(',',$not_selected_blocks_id).")";
Database::query($del); Database::query($del);
} }
} }
// store selected plugins // store selected plugins
foreach ($selected_plugins as $testplugin) { foreach ($selected_plugins as $testplugin) {
$selected_path = Database::escape_string($testplugin); $selected_path = Database::escape_string($testplugin);
// check if the path already stored inside block table for updating or adding it // check if the path already stored inside block table for updating or adding it
$sql = "SELECT path FROM $tbl_block WHERE path = '$selected_path'"; $sql = "SELECT path FROM $tbl_block WHERE path = '$selected_path'";
$rs = Database::query($sql); $rs = Database::query($sql);
if (Database::num_rows($rs) > 0) { if (Database::num_rows($rs) > 0) {
// update // update
$upd = "UPDATE $tbl_block SET active = 1 WHERE path = '$selected_path'"; $upd = "UPDATE $tbl_block SET active = 1 WHERE path = '$selected_path'";
$result = Database::query($upd); $result = Database::query($upd);
$affected_rows = Database::affected_rows($result); $affected_rows = Database::affected_rows($result);
} else { } else {
// insert // insert
$plugin_info_file = $dashboard_pluginpath.$testplugin."/$testplugin.info"; $plugin_info_file = $dashboard_pluginpath.$testplugin."/$testplugin.info";
$plugin_info = array(); $plugin_info = array();
if (file_exists($plugin_info_file)) { if (file_exists($plugin_info_file)) {
$plugin_info = parse_info_file($plugin_info_file); $plugin_info = parse_info_file($plugin_info_file);
} }
// change keys to lower case // change keys to lower case
$plugin_info = array_change_key_case($plugin_info); $plugin_info = array_change_key_case($plugin_info);
// setting variables // setting variables
$plugin_name = $testplugin; $plugin_name = $testplugin;
$plugin_description = ''; $plugin_description = '';
$plugin_controller = ''; $plugin_controller = '';
$plugin_path = $testplugin; $plugin_path = $testplugin;
if (isset($plugin_info['name'])) { if (isset($plugin_info['name'])) {
$plugin_name = Database::escape_string($plugin_info['name']); $plugin_name = Database::escape_string($plugin_info['name']);
} }
if (isset($plugin_info['description'])) { if (isset($plugin_info['description'])) {
$plugin_description = Database::escape_string($plugin_info['description']); $plugin_description = Database::escape_string($plugin_info['description']);
} }
if (isset($plugin_info['controller'])) { if (isset($plugin_info['controller'])) {
$plugin_controller = Database::escape_string($plugin_info['controller']); $plugin_controller = Database::escape_string($plugin_info['controller']);
} }
$ins = "INSERT INTO $tbl_block(name, description, path, controller) $ins = "INSERT INTO $tbl_block(name, description, path, controller)
VALUES ('$plugin_name', '$plugin_description', '$plugin_path', '$plugin_controller')"; VALUES ('$plugin_name', '$plugin_description', '$plugin_path', '$plugin_controller')";
$result = Database::query($ins); $result = Database::query($ins);
$affected_rows = Database::affected_rows($result); $affected_rows = Database::affected_rows($result);
} }
} }
} }
return $affected_rows; return $affected_rows;
} }
/** /**
* Get all plugins path inside dashboard directory * Get all plugins path inside dashboard directory
* @return array name plugins directories * @return array name plugins directories
*/ */
public static function get_posible_dashboard_plugins_path() { public static function getPossibleDashboardPluginsPath() {
// get all plugins path inside plugin directory // get all plugins path inside plugin directory
/* We scan the plugin directory. Each folder is a potential plugin. */ /* We scan the plugin directory. Each folder is a potential plugin. */
@ -274,7 +274,7 @@ class DashboardManager
public static function get_block_data_without_plugin() { public static function get_block_data_without_plugin() {
$tbl_block = Database :: get_main_table(TABLE_MAIN_BLOCK); $tbl_block = Database :: get_main_table(TABLE_MAIN_BLOCK);
$possibleplugins = self::get_posible_dashboard_plugins_path(); $possibleplugins = self::getPossibleDashboardPluginsPath();
// We check if plugin exists inside directory for updating active field // We check if plugin exists inside directory for updating active field
$sql = "SELECT * FROM $tbl_block"; $sql = "SELECT * FROM $tbl_block";
@ -311,7 +311,8 @@ class DashboardManager
* @param string plugin path * @param string plugin path
* @return array data * @return array data
*/ */
public static function get_enabled_dashboard_blocks($path = '') { public static function get_enabled_dashboard_blocks($path = '')
{
$tbl_block = Database :: get_main_table(TABLE_MAIN_BLOCK); $tbl_block = Database :: get_main_table(TABLE_MAIN_BLOCK);
$condition_path = ''; $condition_path = '';
if (!empty($path)) { if (!empty($path)) {
@ -505,7 +506,6 @@ class DashboardManager
$upd_extra_field = self::store_user_blocks($user_id, $user_blocks_id, $columns); $upd_extra_field = self::store_user_blocks($user_id, $user_blocks_id, $columns);
return $upd_extra_field; return $upd_extra_field;
} }
/** /**

14
main/inc/lib/event_email_template.class.php
Unescape View File

@ -1,10 +1,5 @@
<?php <?php
/* For licensing terms, see /license.txt */ /* For licensing terms, see /license.txt */
/**
* This class provides methods for the notebook management.
* Include/require it in your code to use its features.
* @package chamilo.library
*/
/** /**
* Class EventEmailTemplate * Class EventEmailTemplate
@ -58,10 +53,10 @@ class EventEmailTemplate extends Model
/** /**
* Returns a Form validator Obj * Returns a Form validator Obj
* @todo the form should be auto generated * @param string $url
* @param string url * @param string $action add, edit
* @param string action add, edit *
* @return obj form validator obj * @return FormValidator
*/ */
public function return_form($url, $action) public function return_form($url, $action)
{ {
@ -114,6 +109,7 @@ class EventEmailTemplate extends Model
// Setting the rules // Setting the rules
$form->addRule('name', get_lang('ThisFieldIsRequired'), 'required'); $form->addRule('name', get_lang('ThisFieldIsRequired'), 'required');
return $form; return $form;
} }

58
main/inc/lib/exercise_show_functions.lib.php
Unescape View File

@ -114,37 +114,37 @@ class ExerciseShowFunctions
static function display_oral_expression_answer($feedback_type, $answer, $id, $questionId, $nano = null) static function display_oral_expression_answer($feedback_type, $answer, $id, $questionId, $nano = null)
{ {
if (isset($nano)) { if (isset($nano)) {
echo $nano->show_audio_file(); echo $nano->show_audio_file();
} }
if (empty($id)) { if (empty($id)) {
echo '<tr>'; echo '<tr>';
echo Display::tag('td', nl2br(Security::remove_XSS($answer)), array('width'=>'55%')); echo Display::tag('td', nl2br(Security::remove_XSS($answer)), array('width'=>'55%'));
echo '</tr>'; echo '</tr>';
if ($feedback_type != EXERCISE_FEEDBACK_TYPE_EXAM) { if ($feedback_type != EXERCISE_FEEDBACK_TYPE_EXAM) {
echo '<tr>'; echo '<tr>';
echo Display::tag('td',get_lang('notCorrectedYet'), array('width'=>'45%')); echo Display::tag('td',get_lang('notCorrectedYet'), array('width'=>'45%'));
echo '</tr>'; echo '</tr>';
} else { } else {
echo '<tr><td>&nbsp;</td></tr>'; echo '<tr><td>&nbsp;</td></tr>';
} }
} else { } else {
echo '<tr>'; echo '<tr>';
echo '<td>'; echo '<td>';
if (!empty($answer)) { if (!empty($answer)) {
echo nl2br(Security::remove_XSS($answer)); echo nl2br(Security::remove_XSS($answer));
} }
echo '</td>'; echo '</td>';
if (!api_is_allowed_to_edit(null,true) && $feedback_type != EXERCISE_FEEDBACK_TYPE_EXAM) { if (!api_is_allowed_to_edit(null,true) && $feedback_type != EXERCISE_FEEDBACK_TYPE_EXAM) {
echo '<td>'; echo '<td>';
$comm = Event::get_comments($id,$questionId); $comm = Event::get_comments($id,$questionId);
echo '</td>'; echo '</td>';
} }
echo '</tr>'; echo '</tr>';
} }
} }
/** /**
* Displays the answer to a hotspot question * Displays the answer to a hotspot question

58
main/inc/lib/export.lib.inc.php
Unescape View File

@ -29,16 +29,16 @@ class Export
/** /**
* Constructor * Constructor
*/ */
private function __construct() public function __construct()
{ {
} }
/** /**
* Export tabular data to CSV-file * Export tabular data to CSV-file
* @param array $data * @param array $data
* @param string $filename * @param string $filename
*/ */
public static function arrayToCsv($data, $filename = 'export') public static function arrayToCsv($data, $filename = 'export')
{ {
if (empty($data)) { if (empty($data)) {
return false; return false;
@ -126,27 +126,27 @@ class Export
$wrapper_tagname = null, $wrapper_tagname = null,
$encoding = null $encoding = null
) { ) {
if (empty($encoding)) { if (empty($encoding)) {
$encoding = api_get_system_encoding(); $encoding = api_get_system_encoding();
} }
$file = api_get_path(SYS_ARCHIVE_PATH).'/'.uniqid('').'.xml'; $file = api_get_path(SYS_ARCHIVE_PATH).'/'.uniqid('').'.xml';
$handle = fopen($file, 'a+'); $handle = fopen($file, 'a+');
fwrite($handle, '<?xml version="1.0" encoding="'.$encoding.'"?>'."\n"); fwrite($handle, '<?xml version="1.0" encoding="'.$encoding.'"?>'."\n");
if (!is_null($wrapper_tagname)) { if (!is_null($wrapper_tagname)) {
fwrite($handle, "\t".'<'.$wrapper_tagname.'>'."\n"); fwrite($handle, "\t".'<'.$wrapper_tagname.'>'."\n");
} }
foreach ($data as $row) { foreach ($data as $row) {
fwrite($handle, '<'.$item_tagname.'>'."\n"); fwrite($handle, '<'.$item_tagname.'>'."\n");
foreach ($row as $key => $value) { foreach ($row as $key => $value) {
fwrite($handle, "\t\t".'<'.$key.'>'.$value.'</'.$key.'>'."\n"); fwrite($handle, "\t\t".'<'.$key.'>'.$value.'</'.$key.'>'."\n");
} }
fwrite($handle, "\t".'</'.$item_tagname.'>'."\n"); fwrite($handle, "\t".'</'.$item_tagname.'>'."\n");
} }
if (!is_null($wrapper_tagname)) { if (!is_null($wrapper_tagname)) {
fwrite($handle, '</'.$wrapper_tagname.'>'."\n"); fwrite($handle, '</'.$wrapper_tagname.'>'."\n");
} }
fclose($handle); fclose($handle);
DocumentManager :: file_send_for_download($file, true, $filename.'.xml'); DocumentManager :: file_send_for_download($file, true, $filename.'.xml');
exit; exit;
} }

2
main/inc/lib/redirect.class.php
Unescape View File

@ -140,7 +140,7 @@ class Redirect
*/ */
protected static function navigate($url) protected static function navigate($url)
{ {
session_write_close(); //should not be neeeded session_write_close(); //should not be needed
header("Location: $url"); header("Location: $url");
exit; exit;
} }

29
main/newscorm/learnpath.class.php
Unescape View File

@ -7914,8 +7914,8 @@ class learnpath
$return .= '<tr>'; $return .= '<tr>';
$return .= '<td class="label"><label for="idParent">' . get_lang('Parent') . '</label></td>'; $return .= '<td class="label"><label for="idParent">' . get_lang('Parent') . '</label></td>';
$return .= '<td class="input">'; $return .= '<td class="input">';
$return .= "\t\t\t\t" . '<select id="idParent" name="parent" style="width:100%;" onChange="javascript: load_cbo(this.value);" class="learnpath_item_form" size="1">'; $return .= '<select id="idParent" name="parent" style="width:100%;" onChange="javascript: load_cbo(this.value);" class="learnpath_item_form" size="1">';
//$parent_item_id = $_SESSION['parent_item_id'];
$return .= '<option class="top" value="0">' . $this->name . '</option>'; $return .= '<option class="top" value="0">' . $this->name . '</option>';
$arrHide = array ( $arrHide = array (
$id $id
@ -7979,35 +7979,14 @@ class learnpath
} }
} }
// Commented the prerequisites, only visible in edit (work).
/*
$return .= '<tr>';
$return .= '<td class="label"><label for="idPrerequisites">'.get_lang('LearnpathPrerequisites').'</label></td>';
$return .= '<td class="input"><select name="prerequisites" id="prerequisites" class="learnpath_item_form"><option value="0">'.get_lang('NoPrerequisites').'</option>';
foreach($arrHide as $key => $value) {
if ($key == $s_selected_position && $action == 'add') {
$return .= '<option value="'.$key.'" selected="selected">'.$value['value'].'</option>';
}
elseif ($key == $id_prerequisite && $action == 'edit') {
$return .= '<option value="'.$key.'" selected="selected">'.$value['value'].'</option>';
}
else {
$return .= '<option value="'.$key.'">'.$value['value'].'</option>';
}
}
$return .= "</select></td>";
*/
$return .= '</tr>'; $return .= '</tr>';
} }
$return .= '<tr>'; $return .= '<tr>';
if ($action == 'add') { if ($action == 'add') {
$return .= '<td>&nbsp</td><td><button class="save" name="submit_button" type="submit">' . get_lang('AddAssignmentToCourse') . '</button></td>'; $return .= '<td>&nbsp</td><td><button class="btn btn-primary" name="submit_button" type="submit">' . get_lang('AddAssignmentToCourse') . '</button></td>';
} else { } else {
$return .= '<td>&nbsp</td><td><button class="save" name="submit_button" type="submit">' . get_lang('EditCurrentStudentPublication') . '</button></td>'; $return .= '<td>&nbsp</td><td><button class="btn btn-primary" name="submit_button" type="submit">' . get_lang('EditCurrentStudentPublication') . '</button></td>';
} }
$return .= '</tr>'; $return .= '</tr>';
$return .= '</table>'; $return .= '</table>';

77
main/permissions/blog_permissions.inc.php
Unescape View File

@ -9,9 +9,31 @@
/** /**
* Init * Init
*/ */
$rights_full=array("article_add","article_delete","article_edit","article_rate","article_comments_add","article_comments_delete","article_comments_rate","task_management","member_management","role_management"); $rights_full = array(
$rights_limited=array("Add","Edit","Delete"); "article_add",
$rights_blog=array("article_add","article_delete","article_edit","article_rate","article_comments_add","article_comments_delete","article_comments_rate","task_management","member_management","role_management"); "article_delete",
"article_edit",
"article_rate",
"article_comments_add",
"article_comments_delete",
"article_comments_rate",
"task_management",
"member_management",
"role_management",
);
$rights_limited = array("Add", "Edit", "Delete");
$rights_blog = array(
"article_add",
"article_delete",
"article_edit",
"article_rate",
"article_comments_add",
"article_comments_delete",
"article_comments_rate",
"task_management",
"member_management",
"role_management",
);
$course_tool_table = Database::get_course_table(TABLE_TOOL_LIST); $course_tool_table = Database::get_course_table(TABLE_TOOL_LIST);
// Get all user // Get all user
@ -31,32 +53,32 @@ while ($user = Database::fetch_assoc($result)) {
} }
//$user_id=$userIdViewed; //$user_id=$userIdViewed;
if ($mainUserInfo['status']==1) if ($mainUserInfo['status'] == 1) {
{ $course_admin = 1;
$course_admin=1;
} }
include_once('permissions_functions.inc.php'); include_once('permissions_functions.inc.php');
include_once(api_get_path(LIBRARY_PATH) . "/groupmanager.lib.php");
// ACTIONS // ACTIONS
if (isset($_GET['do'])) if (isset($_GET['do'])) {
{ if (isset($_GET['permission']) AND isset($_GET['tool']) AND ($_GET['do'] == 'grant' OR $_GET['do'] == 'revoke')) {
if ( isset($_GET['permission']) AND isset($_GET['tool']) AND ($_GET['do']=='grant' OR $_GET['do']=='revoke')) $result_message = store_one_permission(
{ 'user',
$result_message=store_one_permission('user', $_GET['do'], $_GET['user_id'], $_GET['tool'], $_GET['permission']); $_GET['do'],
} $_GET['user_id'],
if (isset($_GET['role']) AND ($_GET['do']=='grant' OR $_GET['do']=='revoke')) $_GET['tool'],
{ $_GET['permission']
$result_message=assign_role('user', $_GET['do'], $user_id, $_GET['role'], $_GET['scope']); );
} }
if (isset($_GET['role']) AND ($_GET['do'] == 'grant' OR $_GET['do'] == 'revoke')) {
$result_message = assign_role(
'user',
$_GET['do'],
$user_id,
$_GET['role'],
$_GET['scope']
);
}
} }
/*
if (isset($result_message))
{
Display::display_normal_message($result_message);
}
*/
// ------------------------------------------------------------------ // ------------------------------------------------------------------
// RETRIEVING THE PERMISSIONS OF THE ROLES OF THE USER // RETRIEVING THE PERMISSIONS OF THE ROLES OF THE USER
@ -80,17 +102,14 @@ if (api_get_setting('user_roles')=='true') {
// ------------------------------------------------------------------ // ------------------------------------------------------------------
// RETRIEVING THE PERMISSIONS OF THE ROLES OF THE GROUPS OF THE USER // RETRIEVING THE PERMISSIONS OF THE ROLES OF THE GROUPS OF THE USER
// ------------------------------------------------------------------ // ------------------------------------------------------------------
if (api_get_setting('group_roles')=='true') if (api_get_setting('group_roles')=='true') {
{
// NOTE: DIT MOET NOG VERDER UITGEWERKT WORDEN // NOTE: DIT MOET NOG VERDER UITGEWERKT WORDEN
foreach ($groups_of_user as $group) foreach ($groups_of_user as $group) {
{
$this_current_group_role_permissions_of_user=get_roles_permissions('user',$user_id); $this_current_group_role_permissions_of_user=get_roles_permissions('user',$user_id);
//$inherited_permissions[$tool][]=$permission; //$inherited_permissions[$tool][]=$permission;
} }
} }
echo "<form method=\"post\" action=\"".str_replace('&', '&amp;', $_SERVER['REQUEST_URI'])."\">"; echo "<form method=\"post\" action=\"".str_replace('&', '&amp;', $_SERVER['REQUEST_URI'])."\">";
// --------------------------------------------------- // ---------------------------------------------------

Write Preview
Loading…
Cancel
Save