chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #347 - Tests (Exercices), External modules, Forums: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls.

Browse Source
skala
Ivan Tcholakov 15 years ago
parent 5d1c5b9ee8
commit e43010ba9e
28 changed files with 336 additions and 342 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/exercice/addlimits.php
  2. 30
      main/exercice/answer.class.php
  3. 74
      main/exercice/exercice.php
  4. 4
      main/exercice/exercice_history.php
  5. 28
      main/exercice/exercice_submit.php
  6. 96
      main/exercice/exercise.class.php
  7. 44
      main/exercice/exercise_result.class.php
  8. 4
      main/exercice/exercise_result.php
  9. 26
      main/exercice/exercise_show.php
  10. 2
      main/exercice/exercise_submit_modal.php
  11. 6
      main/exercice/hotpotatoes.lib.php
  12. 2
      main/exercice/hotpotatoes.php
  13. 2
      main/exercice/hotspot_actionscript.as.php
  14. 5
      main/exercice/hotspot_actionscript_admin.as.php
  15. 3
      main/exercice/hotspot_answers.as.php
  16. 3
      main/exercice/hotspot_save.inc.php
  17. 2
      main/exercice/hotspot_savescore.inc.php
  18. 3
      main/exercice/hotspot_updatescore.inc.php
  19. 10
      main/exercice/mark_free_answer.php
  20. 44
      main/exercice/question.class.php
  21. 2
      main/exercice/question_create.php
  22. 46
      main/exercice/question_pool.php
  23. 2
      main/exercice/savescores.php
  24. 6
      main/external_module/external_module.php
  25. 2
      main/forum/download.php
  26. 216
      main/forum/forumfunction.inc.php
  27. 2
      main/forum/iframe_thread.php
  28. 6
      main/forum/viewforum.php

8
main/exercice/addlimits.php
Unescape View File

@ -233,19 +233,19 @@ if (isset($_POST['ok'])) {
if ($_POST['limit']==1) {
$minutes = Database::escape_string($_POST['minutes']);
$query = "UPDATE ".$TBL_EXERCICES." SET ques_time_limit= $minutes where id= $exercise_id";
Database::query($query,__FILE__,__LINE__);
Database::query($query);
} else {
$query = "UPDATE ".$TBL_EXERCICES." SET ques_time_limit= 0 WHERE id= $exercise_id";
Database::query($query,__FILE__,__LINE__);
Database::query($query);
}
if ($_POST['attempt']==1) {
$attempts = Database::escape_string($_POST['attempts']);
$query = "UPDATE ".$TBL_EXERCICES." SET num_attempts = $attempts WHERE id= $exercise_id";
Database::query($query,__FILE__,__LINE__);
Database::query($query);
} else {
$query = "UPDATE ".$TBL_EXERCICES." SET num_attempts = 0 WHERE id= $exercise_id";
Database::query($query,__FILE__,__LINE__);
Database::query($query);
}
}
?>

30
main/exercice/answer.class.php
Unescape View File

@ -81,7 +81,7 @@ class Answer
// fills arrays
$objExercise = new Exercise();
$objExercise->read($_REQUEST['exerciseId']);
$objExercise->read($_REQUEST['exerciseId']);
if($objExercise->random_answers=='1')
{
$this->readOrderedBy('rand()', '');// randomize answers
@ -126,7 +126,7 @@ class Answer
$sql="SELECT id,answer,correct,comment,ponderation, position, hotspot_coordinates, hotspot_type, destination, id_auto FROM
$TBL_ANSWER WHERE question_id ='".Database::escape_string($questionId)."' ORDER BY position";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$i=1;
@ -175,7 +175,7 @@ class Answer
"FROM $TBL_ANSWER WHERE question_id='".Database::escape_string($questionId)."' " .
"ORDER BY $field $order";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$i=1;
@ -252,25 +252,25 @@ class Answer
{
return $this->answer[$id];
}
/**
* return array answer by id else return a bool
* return array answer by id else return a bool
*/
function selectAnswerByAutoId($auto_id) {
$TBL_ANSWER = Database::get_course_table(TABLE_QUIZ_ANSWER);
$auto_id = intval($auto_id);
$sql="SELECT id, answer FROM $TBL_ANSWER WHERE id_auto='$auto_id'";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
if (Database::num_rows($rs)>0) {
$row = Database::fetch_array($rs);
return $row;
}
return false;
return false;
}
/**
* returns the answer title from an answer's position
*
@ -336,7 +336,7 @@ class Answer
{
$TBL_QUESTIONS = Database::get_course_table(TABLE_QUIZ_QUESTION);
$sql = "SELECT type FROM $TBL_QUESTIONS WHERE id = '".Database::escape_string($this->questionId)."'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)<=0){
return null;
}
@ -466,7 +466,7 @@ class Answer
"WHERE id = '".Database::escape_string($position)."' " .
"AND question_i` = '".Database::escape_string($questionId)."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
/**
@ -482,7 +482,7 @@ class Answer
// removes old answers before inserting of new ones
$sql="DELETE FROM $TBL_REPONSES WHERE question_id='".Database::escape_string($questionId)."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
// inserts new answers into data base
$sql="INSERT INTO $TBL_REPONSES" .
@ -504,7 +504,7 @@ class Answer
'$weighting','$position','$hotspot_coordinates','$hotspot_type','$destination'),";
}
$sql = api_substr($sql,0,-1);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
// moves $new_* arrays
$this->answer=$this->new_answer;
@ -554,7 +554,7 @@ class Answer
}
$sql=api_substr($sql,0,-1);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
}

74
main/exercice/exercice.php
Unescape View File

@ -121,7 +121,7 @@ if ($origin == 'learnpath') {
if ($_GET['delete'] == 'delete' && ($is_allowedToEdit || api_is_coach()) && !empty ($_GET['did']) && $_GET['did'] == strval(intval($_GET['did']))) {
$sql = 'DELETE FROM ' . Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_EXERCICES) . ' WHERE exe_id = ' . $_GET['did']; //_GET[did] filtered by entry condition
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$filter=Security::remove_XSS($_GET['filter']);
header('Location: exercice.php?cidReq=' . Security::remove_XSS($_GET['cidReq']) . '&show=result&filter=' . $filter . '');
exit;
@ -168,25 +168,25 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
}
$my_questionid=$array_content_id_exe[$i];
$sql = "SELECT question from $TBL_QUESTIONS WHERE id = '$my_questionid'";
$result =Database::query($sql, __FILE__, __LINE__);
$result =Database::query($sql);
$ques_name = Database::result($result,0,"question");
$query = "UPDATE $TBL_TRACK_ATTEMPT SET marks = '$my_marks',teacher_comment = '$my_comments'
WHERE question_id = '".$my_questionid."'
AND exe_id='".$id."'";
Database::query($query, __FILE__, __LINE__);
Database::query($query);
$qry = 'SELECT sum(marks) as tot
FROM '.$TBL_TRACK_ATTEMPT.' WHERE exe_id = '.intval($id).'
GROUP BY question_id';
$res = Database::query($qry,__FILE__,__LINE__);
$res = Database::query($qry);
$tot = Database::result($res,0,'tot');
//updating also the total weight
$totquery = "UPDATE $TBL_TRACK_EXERCICES SET exe_result = '".Database::escape_string($tot)."', exe_weighting = '".Database::escape_string($total_weighting)."'
WHERE exe_Id='".Database::escape_string($id)."'";
Database::query($totquery, __FILE__, __LINE__);
Database::query($totquery);
$recording_changes = 'INSERT INTO '.$TBL_RECORDING.' ' .
'(exe_id,
question_id,
@ -196,7 +196,7 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
teacher_comment)
VALUES
('."'$id','".$my_questionid."','$my_marks','".date('Y-m-d H:i:s')."','".api_get_user_id()."'".',"'.$my_comments.'")';
Database::query($recording_changes, __FILE__, __LINE__);
Database::query($recording_changes);
}
@ -211,25 +211,25 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
if ($keyexp[0] == "marks") {
$sql = "SELECT question from $TBL_QUESTIONS WHERE id = '$my_questionid'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$ques_name = Database :: result($result, 0, "question");
$query = "UPDATE $TBL_TRACK_ATTEMPT SET marks = '" . $v . "'
WHERE question_id = '" . $my_questionid . "'
AND exe_id='" . $id . "'";
Database::query($query, __FILE__, __LINE__);
Database::query($query);
$qry = 'SELECT sum(marks) as tot
FROM ' . $TBL_TRACK_ATTEMPT . ' WHERE exe_id = ' . intval($id) . '
GROUP BY question_id';
$res = Database::query($qry, __FILE__, __LINE__);
$res = Database::query($qry);
$tot = Database :: result($res, 0, 'tot');
//updating also the total weight
$totquery = "UPDATE $TBL_TRACK_EXERCICES SET exe_result = '" . Database :: escape_string($tot) . "', exe_weighting = '" . Database :: escape_string($total_weighting) . "'
WHERE exe_Id='" . Database :: escape_string($id) . "'";
Database::query($totquery, __FILE__, __LINE__);
Database::query($totquery);
$recording_changes = 'INSERT INTO ' . $TBL_RECORDING . ' ' .
'(exe_id,
@ -239,12 +239,12 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
author)
VALUES
(' . "'$id','" . $my_questionid . "','$v','" . date('Y-m-d H:i:s') . "','" . api_get_user_id() . "'" . ')';
Database::query($recording_changes, __FILE__, __LINE__);
Database::query($recording_changes);
} else {
$query = "UPDATE $TBL_TRACK_ATTEMPT SET teacher_comment = '" . $v . "'
WHERE question_id = '" . $my_questionid . "'
AND exe_id = '" . $id . "'";
Database::query($query, __FILE__, __LINE__);
Database::query($query);
$recording_changes = 'INSERT INTO ' . $TBL_RECORDING . ' ' .
'(exe_id,
@ -254,7 +254,7 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
author)
VALUES
(' . "'$id','" . $my_questionid . "','$v','" . date('Y-m-d H:i:s') . "','" . api_get_user_id() . "'" . ')';
Database::query($recording_changes, __FILE__, __LINE__);
Database::query($recording_changes);
}
}*/
@ -262,7 +262,7 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
FROM ' . $TBL_TRACK_ATTEMPT . ' where exe_id = ' . intval($id) . '
GROUP BY question_id';
$res = Database::query($qry, __FILE__, __LINE__);
$res = Database::query($qry);
$tot = 0;
while ($row = Database :: fetch_array($res, 'ASSOC')) {
$tot += $row['marks'];
@ -274,15 +274,15 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
if (isset($_POST['my_exe_exo_id']) && isset($_POST['student_id'])) {
$sql_lp='SELECT li.id as lp_item_id,li.lp_id,li.item_type,li.path,liv.id AS lp_view_id,liv.user_id,max(liv.view_count) AS view_count FROM '.$TBL_LP_ITEM.' li
INNER JOIN '.$TBL_LP_VIEW.' liv ON li.lp_id=liv.lp_id WHERE li.path="'.Database::escape_string(Security::remove_XSS($_POST['my_exe_exo_id'])).'" AND li.item_type="quiz" AND user_id="'.Database::escape_string(Security::remove_XSS($_POST['student_id'])).'" ';
$rs_lp=Database::query($sql_lp,__FILE__,__LINE__);
$rs_lp=Database::query($sql_lp);
if (!($rs_lp===false)) {
$row_lp=Database::fetch_array($rs_lp);
//update score in learnig path
$sql_lp_view='UPDATE '.$TBL_LP_ITEM_VIEW.' liv SET score ="'.$tot.'" WHERE liv.lp_item_id="'.(int)$row_lp['lp_item_id'].'" AND liv.lp_view_id="'.(int)$row_lp['lp_view_id'].'" AND liv.view_count="'.(int)$row_lp['view_count'].'" ;';
$rs_lp_view=Database::query($sql_lp_view,__FILE__, __LINE__);
$rs_lp_view=Database::query($sql_lp_view);
}
}
Database::query($totquery, __FILE__, __LINE__);
Database::query($totquery);
$subject = get_lang('ExamSheetVCC');
$htmlmessage = '<html>' .
@ -357,24 +357,24 @@ if ($show == 'result' && $_REQUEST['comments'] == 'update' && ($is_allowedToEdit
// get max view_count from lp_item_view
/*$sql = "SELECT MAX(view_count) FROM $TBL_LP_ITEM_VIEW WHERE lp_item_id = '" . (int) $lp_item_view_id . "'
AND lp_view_id = (SELECT id from $TBL_LP_VIEW WHERE user_id = '" . (int) $student_id . "' and lp_id='" . (int) $lp_item_id . "')";
$res_max_view_count = Database::query($sql, __FILE__, __LINE__);
$res_max_view_count = Database::query($sql);
$row_max_view_count = Database :: fetch_row($res_max_view_count);
$max_view_count = (int) $row_max_view_count[0];
// update score and total_time from last attempt when you qualify the exercise in Learning path detail
$sql_update_score = "UPDATE $TBL_LP_ITEM_VIEW SET score = '" . (float) $score . "',total_time = '" . (int) $total_time . "' WHERE lp_item_id = '" . (int) $lp_item_view_id . "'
AND lp_view_id = (SELECT id from $TBL_LP_VIEW WHERE user_id = '" . (int) $student_id . "' and lp_id='" . (int) $lp_item_id . "') AND view_count = '$max_view_count'";
Database::query($sql_update_score, __FILE__, __LINE__);
Database::query($sql_update_score);
// update score and total_time from last attempt when you qualify the exercise in Learning path detail
$sql_update_score = "UPDATE $TBL_LP_ITEM_VIEW SET score = '" . (float) $score . "',total_time = '" . (int) $total_time . "' WHERE lp_item_id = '" . (int) $lp_item_view_id . "'
AND lp_view_id = (SELECT id from $TBL_LP_VIEW WHERE user_id = '" . (int) $student_id . "' and lp_id='" . (int) $lp_item_id . "') AND view_count = '$max_view_count'";
Database::query($sql_update_score, __FILE__, __LINE__);*/
Database::query($sql_update_score);*/
// update max_score from a exercise in lp
$sql_update_max_score = "UPDATE $TBL_LP_ITEM SET max_score = '" . (float) $totalWeighting . "' WHERE id = '" . (int) $lp_item_view_id . "'";
Database::query($sql_update_max_score, __FILE__, __LINE__);
Database::query($sql_update_max_score);
}
}
@ -509,7 +509,7 @@ Display :: display_introduction_section(TOOL_QUIZ);
// selects $limitExPage exercises at the same time
$from = $page * $limitExPage;
$sql = "SELECT count(id) FROM $TBL_EXERCICES";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
list ($nbrexerc) = Database :: fetch_array($res);
HotPotGCt($documentPath, 1, $_user['user_id']);
@ -530,7 +530,7 @@ if ($is_allowedToEdit) {
//delete link of exercise of gradebook tool
$sql = 'SELECT gl.id FROM ' . $tbl_grade_link . ' gl WHERE gl.type="1" AND gl.ref_id="' . $exerciseId . '";';
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database :: fetch_array($result, 'ASSOC');
//see
if (!empty($row['id'])) {
@ -590,7 +590,7 @@ if ($is_allowedToEdit) {
case 'enable' : // enables an exercise
$newVisibilityStatus = "1"; //"visible"
$query = "SELECT id FROM $TBL_DOCUMENT WHERE path='" . Database :: escape_string($file) . "'";
$res = Database::query($query, __FILE__, __LINE__);
$res = Database::query($query);
$row = Database :: fetch_array($res, 'ASSOC');
api_item_property_update($_course, TOOL_DOCUMENT, $row['id'], 'visible', $_user['user_id']);
//$dialogBox = get_lang('ViMod');
@ -599,11 +599,11 @@ if ($is_allowedToEdit) {
case 'disable' : // disables an exercise
$newVisibilityStatus = "0"; //"invisible"
$query = "SELECT id FROM $TBL_DOCUMENT WHERE path='" . Database :: escape_string($file) . "'";
$res = Database::query($query, __FILE__, __LINE__);
$res = Database::query($query);
$row = Database :: fetch_array($res, 'ASSOC');
api_item_property_update($_course, TOOL_DOCUMENT, $row['id'], 'invisible', $_user['user_id']);
#$query = "UPDATE $TBL_DOCUMENT SET visibility='$newVisibilityStatus' WHERE path=\"".$file."\""; //added by Toon
#Database::query($query,__FILE__,__LINE__);
#Database::query($query);
//$dialogBox = get_lang('ViMod');
break;
default :
@ -613,13 +613,13 @@ if ($is_allowedToEdit) {
if ($show == 'test') {
$sql = "SELECT id,title,type,active,description, results_disabled FROM $TBL_EXERCICES WHERE active<>'-1' ORDER BY title LIMIT " . (int) $from . "," . (int) ($limitExPage +1);
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
}
elseif ($show == 'test') { // only for students //fin
$sql = "SELECT id,title,type,description, results_disabled FROM $TBL_EXERCICES WHERE active='1' ORDER BY title LIMIT " . (int) $from . "," . (int) ($limitExPage +1);
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
// the actions
@ -628,7 +628,7 @@ echo '<div class="actions">';
// display the next and previous link if needed
$from = $page * $limitExPage;
$sql = "SELECT count(id) FROM $TBL_EXERCICES";
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
list ($nbrexerc) = Database :: fetch_array($res);
HotPotGCt($documentPath, 1, $_user['user_id']);
@ -640,12 +640,12 @@ $condition_session = api_get_session_condition($session_id);
if ($is_allowedToEdit) {
if ($show == 'test') {
$sql = "SELECT id, title, type, active, description, results_disabled, session_id FROM $TBL_EXERCICES WHERE active<>'-1' $condition_session ORDER BY title LIMIT " . (int) $from . "," . (int) ($limitExPage +1);
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
}
elseif ($show == 'test') { // only for students
$sql = "SELECT id, title, type, description, results_disabled, session_id FROM $TBL_EXERCICES WHERE active='1' $condition_session ORDER BY title LIMIT " . (int) $from . "," . (int) ($limitExPage +1);
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
}
if ($show == 'test') {
$nbrExercises = Database :: num_rows($result);
@ -654,14 +654,14 @@ if ($show == 'test') {
$res = Database::query("SELECT *
FROM $TBL_DOCUMENT
WHERE
path LIKE '" . Database :: escape_string($uploadPath) . "/%/%'", __FILE__, __LINE__);
path LIKE '" . Database :: escape_string($uploadPath) . "/%/%'");
$nbrTests = Database :: num_rows($res);
$res = Database::query("SELECT *
FROM $TBL_DOCUMENT d, $TBL_ITEM_PROPERTY ip
WHERE d.id = ip.ref
AND ip.tool = '" . TOOL_DOCUMENT . "'
AND d.path LIKE '" . Database :: escape_string($uploadPath) . "/%/%'
AND ip.visibility='1'", __FILE__, __LINE__);
AND ip.visibility='1'");
$nbrActiveTests = Database :: num_rows($res);
if ($is_allowedToEdit) {
@ -883,7 +883,7 @@ if ($show == 'test') {
//count number random exercice - teacher
$sql_random_query = 'SELECT type,random,active,results_disabled,max_attempt FROM ' . $TBL_EXERCICES . ' WHERE id="' . Database :: escape_string($exid) . '" ';
$rs_random = Database::query($sql_random_query, __FILE__, __LINE__);
$rs_random = Database::query($sql_random_query);
$row_random = Database :: fetch_array($rs_random);
if ($row_random['random'] > 0) {
echo $row_random['random'] . ' ' . api_strtolower(get_lang(($row_random['random'] > 1 ? 'Questions' : 'Question'))) . '</td>';
@ -945,7 +945,7 @@ if ($show == 'test') {
$rowi = Database :: result($sqlresult, 0);
//count number random exercice
$sql_random_query = 'SELECT type,random,active,results_disabled,max_attempt FROM ' . $TBL_EXERCICES . ' WHERE id="' . Database :: escape_string($exid) . '" ';
$rs_random = Database::query($sql_random_query, __FILE__, __LINE__);
$rs_random = Database::query($sql_random_query);
$row_random = Database :: fetch_array($rs_random);
if ($row_random['random'] > 0) {
echo $row_random['random'] . ' ' . api_strtolower(get_lang(($row_random['random'] > 1 ? 'Questions' : 'Question')));
@ -1021,7 +1021,7 @@ if ($show == 'test') {
AND d.path LIKE '" . Database :: escape_string($uploadPath) . "/%/%' AND ip.visibility='1' LIMIT " . (int) $from . "," . (int) $to;
}
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database :: fetch_array($result, 'ASSOC')) {
$attribute['path'][] = $row['path'];
@ -1203,7 +1203,7 @@ if ($_configuration['tracking_enabled'] && ($show == 'result')) {
$revised = false;
$sql_exe = 'SELECT exe_id FROM ' . Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_ATTEMPT_RECORDING) . '
WHERE author != ' . "''" . ' AND exe_id = ' . "'" . Database :: escape_string($results[$i][5]) . "'" . ' LIMIT 1';
$query = Database::query($sql_exe, __FILE__, __LINE__);
$query = Database::query($sql_exe);
if (Database :: num_rows($query) > 0) {
$revised = true;

4
main/exercice/exercice_history.php
Unescape View File

@ -107,10 +107,10 @@ Display::display_header($nameTools,"Exercise");
//Display::display_introduction_section(TOOL_QUIZ);
/*
$sql = 'SELECT * FROM '.$TBL_EXERCICES;
$query = Database::query($sql,__FILE__,__LINE__);
$query = Database::query($sql);
*/
$sql = "SELECT *, quiz_question.question, firstname, lastname FROM $TBL_TRACK_ATTEMPT_RECORDING t,$TBL_USER,$TBL_EXERCICES_QUESTION quiz_question WHERE quiz_question.id = question_id AND user_id = author AND exe_id = '".(int)$_GET['exe_id']."' ORDER BY t.insert_date desc,question ASC";
$query = Database::query($sql,__FILE__,__LINE__);
$query = Database::query($sql);
while($row = Database::fetch_array($query)){
echo '<tr';
if($i%2==0) echo 'class="row_odd"'; else echo 'class="row_even"';

28
main/exercice/exercice_submit.php
Unescape View File

@ -182,7 +182,7 @@ $condition = ' WHERE ' .
$TBL_EXERCICES = Database :: get_course_table(TABLE_QUIZ_TEST);
$sql_track_exercice = "SELECT type,feedback_type,expired_time FROM $TBL_EXERCICES WHERE id=$exerciseId";
$result = Database::query($sql_track_exercice, __FILE__, __LINE__);
$result = Database::query($sql_track_exercice);
$exercise_row = Database :: fetch_array($result);
$exerciseType = $exercise_row['type'];
$exerciseFeedbackType = $exercise_row['feedback_type'];
@ -199,7 +199,7 @@ $total_minutes = $exercise_row["expired_time"];
$total_seconds = $total_minutes*60;
$current_timestamp = time();
$current_expired_time_key = $course_code.'_'.$session_id.'_'.$exerciseId;
$current_expired_time_key = $course_code.'_'.$session_id.'_'.$exerciseId;
//Disable for learning path
if ($exercise_row['expired_time'] != 0 && $origin != 'learnpath') {
@ -214,14 +214,14 @@ if ($exercise_row['expired_time'] != 0 && $origin != 'learnpath') {
'session_id = '."'".$session_id."'";
$sql_track = 'SELECT exe_id,expired_time_control FROM '.$stat_table.$condition;
$rs_sql = Database::query($sql_track,__FILE__,__LINE__);
$rs_sql = Database::query($sql_track);
$exists_into_database = Database::num_rows($rs_sql);
$track_exercice_row = Database::fetch_array($rs_sql);
$expired_time_of_this_attempt = $track_exercice_row['expired_time_control'];
//Get the last attempt of an exercice
$sql_track_attempt = 'SELECT max(tms) as last_attempt_date FROM '.$exercice_attemp_table.' WHERE exe_id="'.$track_exercice_row['exe_id'].'"';
$rs_last_attempt = Database::query($sql_track_attempt,__FILE__,__LINE__);
$rs_last_attempt = Database::query($sql_track_attempt);
$row_last_attempt = Database::fetch_array($rs_last_attempt);
$my_last_attempt_date = $row_last_attempt['last_attempt_date'];//Get the date of last attempt
$date_of_last_attempt = $my_last_attempt_date;// Necessary for to change the last attempt
@ -242,11 +242,11 @@ if ($exercise_row['expired_time'] != 0 && $origin != 'learnpath') {
//We modify the "expired_time_control" field in track_e_exercices for this attempt
$sql_track_e_exe = "UPDATE $stat_table SET expired_time_control = '".$clock_expired_time."' WHERE exe_id = '".$track_exercice_row['exe_id']."'";
Database::query($sql_track_e_exe,__FILE__,__LINE__);
Database::query($sql_track_e_exe);
// How the expired time is changed into "track_e_exercices" table,then the last attempt for this student should be changed too,so
$sql_track_e_exe = "UPDATE $exercice_attemp_table SET tms = '".$new_last_attempt."' WHERE exe_id = '".$track_exercice_row['exe_id']."' and tms = '".$date_of_last_attempt."' ";
Database::query($sql_track_e_exe,__FILE__,__LINE__);
Database::query($sql_track_e_exe);
//Sessions that contain the expired time
$_SESSION['expired_time'][$current_expired_time_key] = $clock_expired_time;
@ -297,7 +297,7 @@ if ($exercise_row['expired_time'] != 0 && $origin != 'learnpath') { //Sends the
if ($_configuration['live_exercise_tracking'] == true && $exerciseType == ONE_PER_PAGE && $exerciseFeedbackType != EXERCISE_FEEDBACK_TYPE_DIRECT) {
$query = 'SELECT * FROM ' . $stat_table . $condition;
$result_select = Database::query($query, __FILE__, __LINE__);
$result_select = Database::query($query);
if (Database :: num_rows($result_select) > 0) {
$getIncomplete = Database :: fetch_array($result_select);
$exe_id = $getIncomplete['exe_id'];
@ -305,7 +305,7 @@ if ($_configuration['live_exercise_tracking'] == true && $exerciseType == ONE_PE
define('QUESTION_LIST_ALREADY_LOGGED', 1);
$recorded['questionList'] = explode(',', $getIncomplete['data_tracking']);
$query = 'SELECT * FROM ' . $exercice_attemp_table . ' WHERE exe_id = ' . $getIncomplete['exe_id'] . ' ORDER BY tms ASC';
$result = Database::query($query, __FILE__, __LINE__);
$result = Database::query($query);
while ($row = Database :: fetch_array($result)) {
$recorded['exerciseResult'][$row['question_id']] = 1;
}
@ -714,7 +714,7 @@ if ($formSent) {
//at loops over all questions
if (isset($exe_id)) {
$sql_update = 'UPDATE ' . $stat_table . ' SET exe_result = exe_result + ' . (int) $totalScore . ',exe_weighting = exe_weighting + ' . (int) $totalWeighting . ' WHERE exe_id = ' . Database::escape_string($exe_id);
Database::query($sql_update, __FILE__, __LINE__);
Database::query($sql_update);
}
//END of saving and qualifying
@ -765,7 +765,7 @@ if ($formSent) {
//clean incomplete
$update_query = 'UPDATE ' . $stat_table . ' SET ' . "status = '', data_tracking='', exe_date = '" . date('Y-m-d H:i:s') . "' $sql_exe_result " . ' WHERE exe_id = ' . Database::escape_string($exe_id);
Database::query($update_query, __FILE__, __LINE__);
Database::query($update_query);
}
header("Location: exercise_show.php?id=$exe_id&exerciseType=$exerciseType&origin=$origin&learnpath_id=$learnpath_id&learnpath_item_id=$learnpath_item_id");
}
@ -838,7 +838,7 @@ if (!isset ($_SESSION['questionList'])) {
$questionList = ($randomQuestions ? $objExercise->selectRandomList() : $objExercise->selectQuestionList());
// saves the question list into the session
$sql = 'SELECT random FROM ' . $table_quiz_test . ' WHERE id="' . Database :: escape_string($my_exe_id) . '";';
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$row_number = Database :: fetch_array($rs);
$z = 0;
@ -1052,7 +1052,7 @@ if ($exerciseAttempts > 0) {
AND orig_lp_item_id = $safe_lp_item_id
AND exe_cours_id = '$course_code' AND session_id = '" . (int) $session_id . "'";
$aquery = Database::query($sql, __FILE__, __LINE__);
$aquery = Database::query($sql);
$attempt = Database :: fetch_array($aquery);
if ($attempt[0] >= $exerciseAttempts) {
@ -1254,11 +1254,11 @@ if ($_configuration['live_exercise_tracking'] == true && $exerciseFeedbackType !
$sql = "INSERT INTO $stat_table($sql_fields exe_exo_id,exe_user_id,exe_cours_id,status,session_id,data_tracking,start_date,orig_lp_id,orig_lp_item_id)
VALUES($sql_fields_values '$exerciseId','" . api_get_user_id() . "','" . $_course['id'] . "','incomplete','" . $session_id . "','" . implode(',', $questionList) . "','" . date('Y-m-d H:i:s') . "',$safe_lp_id,$safe_lp_item_id)";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
} else {
echo $sql = "INSERT INTO $stat_table ($sql_fields exe_exo_id,exe_user_id,exe_cours_id,status,session_id,start_date,orig_lp_id,orig_lp_item_id)
VALUES($sql_fields_values '$exerciseId','" . api_get_user_id() . "','" . $_course['id'] . "','incomplete','" . $session_id . "','" . date('Y-m-d H:i:s') . "',$safe_lp_id,$safe_lp_item_id)";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
}

96
main/exercice/exercise.class.php
Unescape View File

@ -76,7 +76,7 @@ class Exercise
#$TBL_REPONSES = Database::get_course_table(TABLE_QUIZ_ANSWER);
$sql="SELECT title,description,sound,type,random, random_answers, active, results_disabled, max_attempt,start_time,end_time,feedback_type,expired_time FROM $TBL_EXERCICES WHERE id='".Database::escape_string($id)."'";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
// if the exercise has been found
if($object=Database::fetch_object($result))
@ -96,7 +96,7 @@ class Exercise
$this->start_time = $object->start_time;
$this->expired_time = $object->expired_time;
$sql="SELECT question_id, question_order FROM $TBL_EXERCICE_QUESTION,$TBL_QUESTIONS WHERE question_id=id AND exercice_id='".Database::escape_string($id)."' ORDER BY question_order";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
// fills the array with the question ID for this exercise
// the key of the array is the question position
@ -239,7 +239,7 @@ class Exercise
return false;
}
}
/**
* returns random answers status.
*
@ -247,13 +247,13 @@ class Exercise
*/
function selectRandomAnswers()
{
$this->random_answers;
return $this->random_answers;
}
}
/**
* Same as isRandom() but has a name applied to values different than 0 or 1
*/
@ -399,7 +399,7 @@ class Exercise
{
$this->description=$description;
}
/**
* changes the exercise expired_time
*
@ -410,7 +410,7 @@ class Exercise
{
$this->expired_time = $expired_time;
}
/**
* changes the exercise sound file
*
@ -432,13 +432,13 @@ class Exercise
{
$query="SELECT 1 FROM $TBL_DOCUMENT "
." WHERE path='".str_replace($documentPath,'',$audioPath).'/'.$this->sound."'";
$result=Database::query($query,__FILE__,__LINE__);
$result=Database::query($query);
if(!Database::num_rows($result))
{
/*$query="INSERT INTO $TBL_DOCUMENT(path,filetype) VALUES "
." ('".str_replace($documentPath,'',$audioPath).'/'.$this->sound."','file')";
Database::query($query,__FILE__,__LINE__);*/
Database::query($query);*/
$id = add_document($_course,str_replace($documentPath,'',$audioPath).'/'.$this->sound,'file',$sound['size'],$sound['name']);
//$id = Database::insert_id();
@ -449,7 +449,7 @@ class Exercise
."(tool, ref, insert_user_id,to_group_id, insert_date, lastedit_date, lastedit_type) "
." VALUES "
."('".TOOL_DOCUMENT."', $id, $_user['user_id'], 0, '$time', '$time', 'DocumentAdded' )";
Database::query($query,__FILE__,__LINE__);*/
Database::query($query);*/
api_item_property_update($_course, TOOL_DOCUMENT, $id, 'DocumentAdded',$_user['user_id']);
item_property_update_on_folder($_course,str_replace($documentPath,'',$audioPath),$_user['user_id']);
}
@ -560,7 +560,7 @@ class Exercise
$active = $this->active;
$session_id = api_get_session_id();
$expired_time = $this->expired_time;
if ($feedbacktype==1){
$results_disabled = 1;
} else {
@ -593,7 +593,7 @@ class Exercise
$sql .= " WHERE id='".Database::escape_string($id)."'";
// echo $sql;
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
// update into the item_property table
api_item_property_update($_course, TOOL_QUIZ, $id,'QuizUpdated',$_user['user_id']);
@ -630,7 +630,7 @@ class Exercise
'".Database::escape_string($expired_time)."',
'".Database::escape_string($session_id)."'
)";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$this->id=Database::insert_id();
// insert into the item_property table
@ -653,7 +653,7 @@ class Exercise
//$sql="UPDATE $TBL_QUESTIONS SET position='".Database::escape_string($position)."' WHERE id='".Database::escape_string($questionId)."'";
$sql="UPDATE $TBL_QUIZ_QUESTION SET question_order='".Database::escape_string($position)."' " .
"WHERE question_id='".Database::escape_string($questionId)."' and exercice_id=".Database::escape_string($this->id)."";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
@ -953,9 +953,9 @@ class Exercise
// test type
$radios = array();
$radios[] = FormValidator :: createElement ('radio', 'exerciseType', null, get_lang('QuestionsPerPageOne'),'2','onclick = "check_per_page_one() " ');
$radios[] = FormValidator :: createElement ('radio', 'exerciseType', null, get_lang('QuestionsPerPageAll'),'1',array('onclick' => 'check_per_page_all()', 'id'=>'OptionPageAll'));
$form -> addGroup($radios, null, get_lang('QuestionsPerPage'));
} else {
// if is Directfeedback but has not questions we can allow to modify the question type
@ -988,19 +988,19 @@ class Exercise
$random[] = FormValidator :: createElement ('static', 'help','help','<span style="font-style: italic;">'.get_lang('RandomQuestionsHelp').'</span>');
//$random[] = FormValidator :: createElement ('text', 'randomQuestions', null,null,'0');
$form -> addGroup($random,null,get_lang('RandomQuestions'),'<br />');
//random answers
$radios_random_answers = array();
$radios_random_answers[] = FormValidator :: createElement ('radio', 'randomAnswers', null, get_lang('Yes'),'1');
$radios_random_answers[] = FormValidator :: createElement ('radio', 'randomAnswers', null, get_lang('No'),'0');
$form -> addGroup($radios_random_answers, null, get_lang('RandomAnswers'));
//Attempts
$attempt_option=range(0,10);
$attempt_option[0]=get_lang('Infinite');
$form -> addElement('select', 'exerciseAttempts',get_lang('ExerciseAttempts'),$attempt_option);
$form -> addElement('checkbox', 'enabletimelimit',get_lang('EnableTimeLimits'),null,'onclick = " return timelimit() "');
$var= Exercise::selectTimeLimit();
@ -1013,10 +1013,10 @@ class Exercise
//$form -> addElement('date', 'end_time', get_lang('ExeEndTime'), array('language'=>'es','format' => 'dMYHi'));
$form->addElement('datepicker', 'start_time', get_lang('ExeStartTime'), array('form_name'=>'exercise_admin'));
$form->addElement('datepicker', 'end_time', get_lang('ExeEndTime'), array('form_name'=>'exercise_admin'));
//$form -> addElement('select', 'enabletimercontroltotalminutes',get_lang('ExerciseTimerControlMinutes'),$time_minutes_option);
$form -> addElement('html','</div>');
$check_option=$this -> selectType();
// var_dump($check_option);
@ -1025,14 +1025,14 @@ class Exercise
$diplay = 'none';
} else {
$diplay = 'block';
}
}
$form -> addElement('html','<div id="divtimecontrol" style="display:'.$diplay.';">');
//Timer control
$time_hours_option = range(0,12);
$time_minutes_option = range(0,59);
$form -> addElement('checkbox', 'enabletimercontrol',get_lang('EnableTimerControl'),null,array('onclick' =>'option_time_expired()','id'=>'enabletimercontrol','onload'=>'check_load_time()'));
$form -> addElement('checkbox', 'enabletimercontrol',get_lang('EnableTimerControl'),null,array('onclick' =>'option_time_expired()','id'=>'enabletimercontrol','onload'=>'check_load_time()'));
$expired_date = (int)$this->selectExpiredTime();
if(($expired_date!='0')) {
@ -1040,14 +1040,14 @@ class Exercise
} else {
$form -> addElement('html','<div id="timercontrol" style="display:none;">');
}
$form -> addElement('text', 'enabletimercontroltotalminutes',get_lang('ExerciseTotalDurationInMinutes'),array('style' => 'width : 35px','id' => 'enabletimercontroltotalminutes'));
$form -> addElement('html','</div>');
//$form -> addElement('text', 'exerciseAttempts', get_lang('ExerciseAttempts').' : ',array('size'=>'2'));
//$form -> addElement('text', 'exerciseAttempts', get_lang('ExerciseAttempts').' : ',array('size'=>'2'));
$form -> addElement('html','</div>'); //End advanced setting
$form -> addElement('html','</div>');
$form -> addElement('html','</div>');
$defaults = array();
if (api_get_setting('search_enabled') === 'true') {
@ -1111,7 +1111,7 @@ class Exercise
$defaults['start_time'] = ($this->start_time!='0000-00-00 00:00:00')? $this -> start_time : date('Y-m-d 12:00:00');
$defaults['end_time'] = ($this->end_time!='0000-00-00 00:00:00')?$this -> end_time : date('Y-m-d 12:00:00',time()+84600);
//Get expired time
if($this -> expired_time != '0') {
$defaults['enabletimercontrol'] = 1;
@ -1119,7 +1119,7 @@ class Exercise
} else {
$defaults['enabletimercontroltotalminutes'] = 0;
}
} else {
$defaults['exerciseType'] = 2;
$defaults['exerciseAttempts'] = 0;
@ -1160,7 +1160,7 @@ class Exercise
$this -> updateRandomAnswers($form -> getSubmitValue('randomAnswers'));
$this -> updateResultsDisabled($form -> getSubmitValue('results_disabled'));
$this -> updateExpiredTime($form -> getSubmitValue('enabletimercontroltotalminutes'));
if($form -> getSubmitValue('enabletimelimit')==1) {
$start_time = $form -> getSubmitValue('start_time');
$this->start_time = $start_time['Y'].'-'.$start_time['F'].'-'.$start_time['d'].' '.$start_time['H'].':'.$start_time['i'].':00';
@ -1174,19 +1174,19 @@ class Exercise
if($form -> getSubmitValue('enabletimercontrol') == 1) {
$expired_total_time = $form -> getSubmitValue('enabletimercontroltotalminutes');
if ($this->expired_time == 0) {
$this->expired_time = $expired_total_time;
$this->expired_time = $expired_total_time;
}
} else {
$this->expired_time = 0;
}
if($form -> getSubmitValue('randomAnswers') == 1) {
$this->random_answers=1;
} else {
$this->random_answers=0;
}
$this -> save($type);
}
@ -1246,7 +1246,7 @@ class Exercise
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, $this->id, $did);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
@ -1261,7 +1261,7 @@ class Exercise
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, $this->id);
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
require_once(api_get_path(LIBRARY_PATH) . 'search/DokeosIndexer.class.php');
@ -1312,12 +1312,12 @@ class Exercise
// save it to db
$sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=\'%s\'';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, $this->id);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
//var_dump($sql);
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, $this->id, $did);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
@ -1332,7 +1332,7 @@ class Exercise
$tbl_se_ref = Database::get_main_table(TABLE_MAIN_SEARCH_ENGINE_REF);
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s AND ref_id_second_level IS NULL LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, $this->id);
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
if (Database::num_rows($res) > 0) {
$row = Database::fetch_array($res);
require_once(api_get_path(LIBRARY_PATH) .'search/DokeosIndexer.class.php');
@ -1343,7 +1343,7 @@ class Exercise
foreach ( $this->questionList as $question_i) {
$sql = 'SELECT type FROM %s WHERE id=%s';
$sql = sprintf($sql, $tbl_quiz_question, $question_i);
$qres = Database::query($sql, __FILE__, __LINE__);
$qres = Database::query($sql);
if (Database::num_rows($qres) > 0) {
$qrow = Database::fetch_array($qres);
$objQuestion = Question::getInstance($qrow['type']);
@ -1355,7 +1355,7 @@ class Exercise
}
$sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s AND ref_id_second_level IS NULL LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, $this->id);
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
// remove terms from db
require_once(api_get_path(LIBRARY_PATH) .'specific_fields_manager.lib.php');

44
main/exercice/exercise_result.class.php
Unescape View File

@ -70,7 +70,7 @@ class ExerciseResult
$sql.= ' WHERE active=1';
}
$sql .= ' ORDER BY title';
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
// if the exercise has been found
while($row=Database::fetch_array($result,'ASSOC'))
@ -94,7 +94,7 @@ class ExerciseResult
" FROM $TBL_EXERCISE_QUESTION eq, $TBL_QUESTIONS q " .
" WHERE eq.question_id=q.id AND eq.exercice_id='".Database::escape_string($e_id)."' " .
" ORDER BY eq.question_order";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
// fills the array with the question ID for this exercise
// the key of the array is the question position
@ -128,7 +128,7 @@ class ExerciseResult
$session_id_and = ' AND ce.session_id = ' . api_get_session_id() . ' ';
if(empty($user_id))
{
$sql="SELECT ".(api_is_western_name_order() ? "CONCAT(firstname,' ',lastname)" : "CONCAT(lastname,' ',firstname)").", ce.title, te.exe_result ,
te.exe_weighting, UNIX_TIMESTAMP(te.exe_date), te.exe_id, user.email, user.user_id
FROM $TBL_EXERCISES AS ce , $TBL_TRACK_EXERCISES AS te, $TBL_USER AS user,$TBL_COURSE_REL_USER AS cuser
@ -141,8 +141,8 @@ class ExerciseResult
FROM $TBL_TRACK_HOTPOTATOES tth, $TBL_USER tu
WHERE tu.user_id=tth.exe_user_id AND tth.exe_cours_id = '" . Database :: escape_string($cid) . " $user_id_and '
ORDER BY tth.exe_cours_id ASC, tth.exe_date ASC";
}
else
{ // get only this user's results
@ -153,7 +153,7 @@ class ExerciseResult
WHERE user.user_id=cuser.user_id AND te.exe_exo_id = ce.id AND te.status != 'incomplete' AND cuser.user_id=te.exe_user_id AND te.exe_cours_id='" . Database :: escape_string($cid) . "'
AND cuser.status<>1 AND te.exe_user_id='".Database::escape_string($user_id)."' $session_id_and AND ce.active <>-1 AND orig_lp_id = 0 AND orig_lp_item_id = 0
AND cuser.course_code=te.exe_cours_id ORDER BY te.exe_cours_id ASC, ce.title ASC, te.exe_date DESC";
$hpsql = "SELECT '',exe_name, exe_result , exe_weighting, UNIX_TIMESTAMP(exe_date)
FROM $TBL_TRACK_HOTPOTATOES
WHERE exe_user_id = '" . $user_id . "' AND exe_cours_id = '" . Database :: escape_string($cid) . "'
@ -166,8 +166,8 @@ class ExerciseResult
$NoTestRes = 0;
$NoHPTestRes = 0;
$j=0;
$j=0;
if ($filter) {
switch ($filter) {
case 1 :
@ -180,22 +180,22 @@ class ExerciseResult
null;
}
}
//Print the results of tests
if(is_array($results))
{
for($i = 0; $i < sizeof($results); $i++)
{
$revised = false;
$sql_exe = 'SELECT exe_id FROM ' . Database :: get_statistic_table(TABLE_STATISTIC_TRACK_E_ATTEMPT_RECORDING) . '
WHERE author != ' . "''" . ' AND exe_id = ' . "'" . Database :: escape_string($results[$i][5]) . "'" . ' LIMIT 1';
$query = Database::query($sql_exe, __FILE__, __LINE__);
$query = Database::query($sql_exe);
if (Database :: num_rows($query) > 0) $revised = true;
if ($filter_by_not_revised && $revised == true) continue;
if ($filter_by_not_revised && $revised == true) continue;
if ($filter_by_revised && $revised == false) continue;
$return[$i] = array();
$id = $results[$i][5];
$mailid = $results[$i][6];
@ -240,7 +240,7 @@ class ExerciseResult
$return[$j+$i]['max'] = $hpresults[$i][3];
}
}
$this->results = $return;
$this->results = $return;
return true;
}
/**
@ -332,7 +332,7 @@ class ExerciseResult
* Exports the complete report as an XLS file
* @return boolean False on error
*/
public function exportCompleteReportXLS($document_path='',$user_id=null, $export_user_fields=array(), $export_filter = 0)
public function exportCompleteReportXLS($document_path='',$user_id=null, $export_user_fields=array(), $export_filter = 0)
{
global $charset;
$this->_getExercisesReporting($document_path,$user_id,$export_filter);
@ -347,10 +347,10 @@ class ExerciseResult
$worksheet =& $workbook->addWorksheet('Report '.date('YmdGis'));
$line = 0;
$column = 0; //skip the first column (row titles)
// check if exists column 'user'
$with_column_user = false;
foreach ($this->results as $result) {
$with_column_user = false;
foreach ($this->results as $result) {
if (!empty($result['user'])) {
$with_column_user = true;
break;
@ -361,9 +361,9 @@ class ExerciseResult
$worksheet->write($line,$column,get_lang('User'));
$column++;
}
$export_user_fields = true;
if($export_user_fields)
{
//show user fields section with a big th colspan that spans over all fields
@ -394,7 +394,7 @@ class ExerciseResult
}
if($export_user_fields)
{
{
//show user fields data, if any, for this user
$user_fields_values = UserManager::get_extra_user_data(intval($row['user_id']),false,false);
foreach($user_fields_values as $value)

4
main/exercice/exercise_result.php
Unescape View File

@ -129,7 +129,7 @@ if(!is_array($exerciseResult) || !is_array($questionList) || !is_object($objExer
}
$sql_fb_type='SELECT feedback_type FROM '.$TBL_EXERCICES.' WHERE id ="'.Database::escape_string($objExercise->selectId()).'"';
$res_fb_type=Database::query($sql_fb_type,__FILE__,__LINE__);
$res_fb_type=Database::query($sql_fb_type);
$row_fb_type=Database::fetch_row($res_fb_type);
$feedback_type = $row_fb_type[0];
@ -603,7 +603,7 @@ foreach ($questionList as $questionId) {
// get answer list for matching
$sql_answer = 'SELECT id, answer FROM '.$table_ans.' WHERE question_id="'.Database::escape_string($questionId).'" ';
$res_answer = Database::query($sql_answer, __FILE__, __LINE__);
$res_answer = Database::query($sql_answer);
$answer_matching =array();
while ($real_answer = Database::fetch_array($res_answer)) {
$answer_matching[$real_answer['id']]= $real_answer['answer'];

26
main/exercice/exercise_show.php
Unescape View File

@ -104,7 +104,7 @@ $marks = $_REQUEST['res'];
$id = $_REQUEST['id'];
$sql_fb_type='SELECT feedback_type, exercises.id FROM '.$TBL_EXERCICES.' as exercises, '.$TBL_TRACK_EXERCICES.' as track_exercises WHERE exercises.id=track_exercises.exe_exo_id AND track_exercises.exe_id="'.Database::escape_string($id).'"';
$res_fb_type=Database::query($sql_fb_type,__FILE__,__LINE__);
$res_fb_type=Database::query($sql_fb_type);
$row_fb_type=Database::fetch_row($res_fb_type);
$feedback_type = $row_fb_type[0];
$exercise_id = intval($row_fb_type[1]);
@ -121,7 +121,7 @@ if (isset($_SESSION['expired_time'][$current_expired_time_key])) { //Only for ex
$total_time_allowed = $expired_time + 30;
if ($total_time_allowed < $current_time) {
$sql_fraud = "UPDATE $TBL_TRACK_ATTEMPT SET answer = 0, marks=0, position=0 WHERE exe_id = '$current_attempt' ";
Database::query($sql_fraud,__FILE__,__LINE__);
Database::query($sql_fraud);
}
}
@ -306,7 +306,7 @@ if (Database::num_rows($result)>0 && isset($id)) {
WHERE attempts.exe_id='".Database::escape_string($id)."' $user_restriction
GROUP BY quizz_rel_questions.question_order, attempts.question_id";
//GROUP BY questions.position, attempts.question_id";
$result =Database::query($query, __FILE__, __LINE__);
$result =Database::query($query);
}
} else {
Display::display_warning_message(get_lang('CantViewResults'));
@ -446,7 +446,7 @@ if ($show_results) {
$answerCorrect=$objAnswerTmp->isCorrect($answerId);
$answerWeighting=$objAnswerTmp->selectWeighting($answerId);
$queryans = "select * from ".$TBL_TRACK_ATTEMPT." where exe_id = '".Database::escape_string($id)."' and question_id= '".Database::escape_string($questionId)."'";
$resultans = Database::query($queryans, __FILE__, __LINE__);
$resultans = Database::query($queryans);
while ($row = Database::fetch_array($resultans)) {
$ind = $row['answer'];
$choice[$ind] = 1;
@ -500,7 +500,7 @@ if ($show_results) {
$answerCorrect=$objAnswerTmp->isCorrect($answerId);
$answerWeighting=$objAnswerTmp->selectWeighting($answerId);
$queryans = "select * from ".$TBL_TRACK_ATTEMPT." where exe_id = '".Database::escape_string($id)."' and question_id= '".Database::escape_string($questionId)."'";
$resultans = Database::query($queryans, __FILE__, __LINE__);
$resultans = Database::query($queryans);
while ($row = Database::fetch_array($resultans)) {
$ind = $row['answer'];
$choice[$ind] = 1;
@ -576,7 +576,7 @@ if ($show_results) {
$answerCorrect=$objAnswerTmp->isCorrect($answerId);
$answerWeighting=$objAnswerTmp->selectWeighting($answerId);
$queryans = "select answer from ".$TBL_TRACK_ATTEMPT." where exe_id = '".Database::escape_string($id)."' and question_id= '".Database::escape_string($questionId)."'";
$resultans = Database::query($queryans, __FILE__, __LINE__);
$resultans = Database::query($queryans);
$choice = Database::result($resultans,0,"answer");
$numAnswer=$objAnswerTmp->selectAutoId($answerId);
@ -676,7 +676,7 @@ if ($show_results) {
}
$queryfill = "select answer from ".$TBL_TRACK_ATTEMPT." where exe_id = '".Database::escape_string($id)."' and question_id= '".Database::escape_string($questionId)."'";
$resfill = Database::query($queryfill, __FILE__, __LINE__);
$resfill = Database::query($queryfill);
$str = Database::result($resfill,0,"answer");
preg_match_all('#\[([^[]*)\]#', $str, $arr);
@ -727,7 +727,7 @@ if ($show_results) {
}
$queryfill = "SELECT answer FROM ".$TBL_TRACK_ATTEMPT." WHERE exe_id = '".Database::escape_string($id)."' and question_id= '".Database::escape_string($questionId)."'";
$resfill = Database::query($queryfill, __FILE__, __LINE__);
$resfill = Database::query($queryfill);
$str=Database::result($resfill,0,"answer");
preg_match_all ('#\[([^[/]*)/#', $str, $arr);
$choice = $arr[1];
@ -803,7 +803,7 @@ if ($show_results) {
$table_ans = Database :: get_course_table(TABLE_QUIZ_ANSWER);
$TBL_TRACK_ATTEMPT= Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ATTEMPT);
$sql_answer = 'SELECT id, answer FROM '.$table_ans.' WHERE question_id="'.Database::escape_string($questionId).'" AND correct=0';
$res_answer = Database::query($sql_answer, __FILE__, __LINE__);
$res_answer = Database::query($sql_answer);
// getting the real answer
$real_list =array();
while ($real_answer = Database::fetch_array($res_answer)) {
@ -811,7 +811,7 @@ if ($show_results) {
}
$sql_select_answer = 'SELECT id, answer, correct, id_auto FROM '.$table_ans.' WHERE question_id="'.Database::escape_string($questionId).'" AND correct<>0';
$res_answers = Database::query($sql_select_answer, __FILE__, __LINE__);
$res_answers = Database::query($sql_select_answer);
echo '<table width="100%" height="71" border="0" cellspacing="3" cellpadding="3" >';
echo '<tr><td colspan="2">&nbsp;</td></tr>';
@ -833,7 +833,7 @@ if ($show_results) {
$sql_user_answer = "SELECT answer
FROM $TBL_TRACK_ATTEMPT
WHERE exe_id = '$id' AND question_id = '$questionId' AND position='$i_answer_id_auto'";
$res_user_answer = Database::query($sql_user_answer, __FILE__, __LINE__);
$res_user_answer = Database::query($sql_user_answer);
if (Database::num_rows($res_user_answer)>0 ) {
$s_user_answer = Database::result($res_user_answer,0,0); // rich - good looking
@ -886,7 +886,7 @@ if ($show_results) {
$i++;
}
$queryfree = "select marks from ".$TBL_TRACK_ATTEMPT." where exe_id = '".Database::escape_string($id)."' and question_id= '".Database::escape_string($questionId)."'";
$resfree = Database::query($queryfree, __FILE__, __LINE__);
$resfree = Database::query($queryfree);
$questionScore= Database::result($resfree,0,"marks");
$totalScore+=$questionScore;
echo '</table></td></tr>';
@ -1003,7 +1003,7 @@ if ($show_results) {
if ($origin!='learnpath' || ($origin == 'learnpath' && isset($_GET['fb_type']))) {
//$query = "update ".$TBL_TRACK_EXERCICES." set exe_result = $totalScore where exe_id = '$id'";
//Database::query($query,__FILE__,__LINE__);
//Database::query($query);
if ($show_results) {
echo '<div id="question_score">'.get_lang('YourTotalScore')." ";
if($dsp_percent == true) {

2
main/exercice/exercise_submit_modal.php
Unescape View File

@ -233,7 +233,7 @@ if (!empty($choice_value))
$sql = "INSERT INTO $tbl_track_e_hotspot (hotspot_user_id, hotspot_course_code, hotspot_exe_id, hotspot_question_id, hotspot_answer_id, hotspot_correct, hotspot_coordinate )
VALUES ('".Database::escape_string($_user['user_id'])."', '".Database::escape_string($_course['id'])."', '".Database::escape_string($exeId)."', '".Database::escape_string($questionId)."', '".Database::escape_string($answerId)."', '".Database::escape_string($studentChoice)."', '".Database::escape_string($user_array)."')";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$user_answer = $user_array;
//$_SESSION['exerciseResultCoordinates'][$questionId]=$exerciseResultCoordinates;

6
main/exercice/hotpotatoes.lib.php
Unescape View File

@ -5,7 +5,7 @@
* @package dokeos.exercise
* @author Istvan Mandak (original author)
*/
$dbTable = Database::get_course_table(TABLE_DOCUMENT);
$dbTable = Database::get_course_table(TABLE_DOCUMENT);
/**
* Creates a hotpotato directory
*
@ -87,7 +87,7 @@ function GetComment($path,$course_code='') {
}
$path = Database::escape_string($path);
$query = "select comment from $dbTable where path='$path'";
$result = Database::query($query,__FILE__,__LINE__);
$result = Database::query($query);
while ($row = Database::fetch_array($result)) {
return $row[0];
@ -106,7 +106,7 @@ function SetComment($path,$comment) {
$path = Database::escape_string($path);
$comment = Database::escape_string($comment);
$query = "UPDATE $dbTable set comment='$comment' where path='$path'";
$result = Database::query($query,__FILE__,__LINE__);
$result = Database::query($query);
return "$result";
}

2
main/exercice/hotpotatoes.php
Unescape View File

@ -188,7 +188,7 @@ if((api_is_allowed_to_edit(null,true)) && (($finish == 0) || ($finish == 2)))
$query = "UPDATE $dbTable SET comment='$newComment' WHERE path=\"".$uploadPath."/".$fld."/".$filename."\"";
/*, visibility='v' */
Database::query($query,__FILE__,__LINE__);
Database::query($query);
api_item_property_update($_course, TOOL_QUIZ, $id, "QuizAdded", $_user['user_id']);
}
else

2
main/exercice/hotspot_actionscript.as.php
Unescape View File

@ -32,7 +32,7 @@ $coursePath = $_course['path'];
// Query db for answers
$sql = "SELECT id, answer, hotspot_coordinates, hotspot_type, ponderation FROM $TBL_ANSWERS WHERE question_id = '".Database::escape_string($questionId)."' ORDER BY id";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
// Init
$output = "hotspot_lang=$courseLang&hotspot_image=$pictureName&hotspot_image_width=$pictureWidth&hotspot_image_height=$pictureHeight&courseCode=$coursePath";

5
main/exercice/hotspot_actionscript_admin.as.php
Unescape View File

@ -8,9 +8,6 @@
* @version $Id: admin.php 10680 2007-01-11 21:26:23Z pcool $
*/
include('exercise.class.php');
include('question.class.php');
include('answer.class.php');
@ -34,7 +31,7 @@ $coursePath = $_course['path'];
// Query db for answers
//$sql = "SELECT id, answer, hotspot_coordinates, hotspot_type, ponderation FROM $TBL_ANSWERS WHERE question_id = '$questionId' ORDER BY id";
//$result = Database::query($sql,__FILE__,__LINE__);
//$result = Database::query($sql);
// Init
$output = "hotspot_lang=$courseLang&hotspot_image=$pictureName&hotspot_image_width=$pictureWidth&hotspot_image_height=$pictureHeight&courseCode=$coursePath";

3
main/exercice/hotspot_answers.as.php
Unescape View File

@ -7,7 +7,6 @@
* @version $Id: admin.php 10680 2007-01-11 21:26:23Z pcool $
*/
include('exercise.class.php');
include('question.class.php');
include('answer.class.php');
@ -34,7 +33,7 @@ $coursePath = $_course['path'];
// Query db for answers
$sql = "SELECT id, answer, hotspot_coordinates, hotspot_type FROM $TBL_ANSWERS WHERE question_id = '".Database::escape_string($questionId)."' ORDER BY id";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
// Init
$output = "hotspot_lang=$courseLang&hotspot_image=$pictureName&hotspot_image_width=$pictureWidth&hotspot_image_height=$pictureHeight&courseCode=$coursePath";

3
main/exercice/hotspot_save.inc.php
Unescape View File

@ -8,7 +8,6 @@
* @version $Id: admin.php 10680 2007-01-11 21:26:23Z pcool $
*/
include('exercise.class.php');
include('question.class.php');
include('answer.class.php');
@ -45,6 +44,6 @@ if ($_GET['type'] == "poly" || $_GET['type'] == "delineation")
$hotspot_coordinates = api_substr($hotspot_coordinates,0,-2);
}
$sql = "UPDATE `$TBL_ANSWER` SET hotspot_coordinates = '".Database::escape_string($hotspot_coordinates)."',hotspot_type = '".Database::escape_string($hotspot_type)."' WHERE id = '".Database::escape_string($answerId)."' AND question_id ='".Database::escape_string($questionId)."' LIMIT 1 ;";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
echo "done=done";
?>

2
main/exercice/hotspot_savescore.inc.php
Unescape View File

@ -52,7 +52,7 @@ $sql = "INSERT INTO $TBL_TRACK_E_HOTSPOT (`user_id` , `course_id` , `quiz_id` ,
'".Database::escape_string($answerId)."',
'".Database::escape_string($hit)."',
'".Database::escape_string($coordinates)."')";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
// Save insert id into session if users changes answer.
$insert_id = Database::insert_id();
$_SESSION['exerciseResult'][$questionId]['ids'][$answerOrderId] = $insert_id;

3
main/exercice/hotspot_updatescore.inc.php
Unescape View File

@ -9,7 +9,6 @@
* @version $Id: admin.php 10680 2007-01-11 21:26:23Z pcool $
*/
include('exercise.class.php');
include('question.class.php');
include('answer.class.php');
@ -61,5 +60,5 @@ $TBL_TRACK_E_HOTSPOT = Database::get_statistic_table(STATISTIC_TRACK_E_HOTSPOT
// update db
$update_id = $_SESSION['exerciseResult'][$questionId]['ids'][$answerId];
$sql = "UPDATE $TBL_TRACK_E_HOTSPOT SET coordinate = '".Database::escape_string($coordinates)."' WHERE id ='".Database::escape_string($update_id)."' LIMIT 1 ;;";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
?>

10
main/exercice/mark_free_answer.php
Unescape View File

@ -137,7 +137,7 @@ if($action == 'mark'){
WHERE exe_user_id = '".Database::escape_string($my_usr)."' AND exe_cours_id = '".Database::escape_string($my_cid)."' AND exe_exo_id = '".Database::escape_string($my_exe)."'
ORDER BY exe_date DESC";
#echo $sql;
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if(Database::num_rows($res)>0){
$row = Database::fetch_array($res);
//@todo Check that just summing past score and the new free answer mark doesn't come up
@ -146,7 +146,7 @@ if($action == 'mark'){
$sql = "UPDATE $exercise_table SET exe_result = '$my_score'
WHERE exe_id = '".$row['exe_id']."'";
#echo $sql;
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$my_msg = get_lang('MarkIsUpdated');
}else{
$my_score = $_POST['score'];
@ -177,12 +177,12 @@ if($action == 'mark'){
# $user_id = '0';
# }
# $sql2 = "update `$tbl_learnpath_user` set score='$score' where (user_id=$user_id and learnpath_id='$learnpath_id' and learnpath_item_id='$learnpath_item_id')";
# $res2 = Database::query($sql2,__FILE__,__LINE__);
# $res2 = Database::query($sql2);
#}
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
$my_msg = get_lang('MarkInserted');
}
//$Database::query($sql, __FILE__, __LINE__);
//$Database::query($sql);
//return 0;
}
}else{

44
main/exercice/question.class.php
Unescape View File

@ -90,7 +90,7 @@ abstract class Question
$sql="SELECT question,description,ponderation,position,type,picture,level FROM $TBL_QUESTIONS WHERE id='".Database::escape_string($id)."'";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
// if the question has been found
if($object=Database::fetch_object($result))
@ -106,7 +106,7 @@ abstract class Question
$objQuestion->level=(int) $object->level;
$sql="SELECT exercice_id FROM $TBL_EXERCICE_QUESTION WHERE question_id='".intval($id)."'";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
// fills the array with the exercises which this question is in
while($object=Database::fetch_object($result))
@ -307,7 +307,7 @@ abstract class Question
{
// removes old answers
$sql="DELETE FROM $TBL_REPONSES WHERE question_id='".Database::escape_string($this->id)."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
$this->type=$type;
@ -492,7 +492,7 @@ abstract class Question
$picture='quiz-'.$questionId.'.'.$Extension;
$sql="UPDATE $TBL_QUESTIONS SET picture='".Database::escape_string($picture)."' WHERE id='".Database::escape_string($questionId)."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
return @copy($picturePath.'/'.$this->picture,$picturePath.'/'.$picture)?true:false;
}
@ -589,7 +589,7 @@ abstract class Question
picture ='".Database::escape_string($picture)."',
level ='".Database::escape_string($level)."'
WHERE id='".Database::escape_string($id)."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
if(!empty($exerciseId)) {
api_item_property_update($_course, TOOL_QUIZ, $id,'QuizQuestionUpdated',$_user['user_id']);
}
@ -620,7 +620,7 @@ abstract class Question
'".Database::escape_string($picture)."',
'".Database::escape_string($level)."'
)";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$this->id=Database::insert_id();
@ -631,7 +631,7 @@ abstract class Question
$TBL_ANSWERS = Database::get_course_table(TABLE_QUIZ_ANSWER);
$sql="INSERT INTO $TBL_ANSWERS (`id` , `question_id` , `answer` , `correct` , `comment` , `ponderation` , `position` , `hotspot_coordinates` , `hotspot_type` ) VALUES ('1', '".Database::escape_string($this->id)."', '', NULL , '', '10' , '1', '0;0|0|0', 'square')";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
@ -654,7 +654,7 @@ abstract class Question
SET max_score = '.intval($weighting).'
WHERE item_type = "'.TOOL_QUIZ.'"
AND path='.intval($exerciseId);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
*/
// adds the exercise into the exercise list of this question
$this->addToList($exerciseId, TRUE);
@ -675,7 +675,7 @@ abstract class Question
$sql = 'SELECT * FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=%s AND ref_id_second_level=%s LIMIT 1';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, $exerciseId, $this->id);
}
$res = Database::query($sql, __FILE__, __LINE__);
$res = Database::query($sql);
if (Database::num_rows($res) > 0 || $addQs) {
require_once(api_get_path(LIBRARY_PATH) . 'search/DokeosIndexer.class.php');
@ -746,19 +746,19 @@ abstract class Question
$sql = 'DELETE FROM %s WHERE course_code=\'%s\' AND tool_id=\'%s\' AND ref_id_high_level=\'%s\' AND ref_id_second_level=\'%s\'';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, $exerciseId, $this->id);
}
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
if ($rmQs) {
if (!empty($question_exercises)) {
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, ref_id_second_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, array_shift($question_exercises), $this->id, $did);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
} else {
$sql = 'INSERT INTO %s (id, course_code, tool_id, ref_id_high_level, ref_id_second_level, search_did)
VALUES (NULL , \'%s\', \'%s\', %s, %s, %s)';
$sql = sprintf($sql, $tbl_se_ref, $course_id, TOOL_QUIZ, $exerciseId, $this->id, $did);
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
}
@ -781,7 +781,7 @@ abstract class Question
if(!in_array($exerciseId,$this->exerciseList)) {
$this->exerciseList[]=$exerciseId;
$sql="INSERT INTO $TBL_EXERCICE_QUESTION (question_id, exercice_id) VALUES('".Database::escape_string($id)."','".Database::escape_string($exerciseId)."')";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
// we do not want to reindex if we had just saved adnd indexed the question
if (!$fromSave) {
$this->search_engine_edit($exerciseId, TRUE);
@ -812,17 +812,17 @@ abstract class Question
unset($this->exerciseList[$pos]);
//update order of other elements
$sql = "SELECT question_order FROM $TBL_EXERCICE_QUESTION WHERE question_id='".Database::escape_string($id)."' AND exercice_id='".Database::escape_string($exerciseId)."'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if (Database::num_rows($res)>0) {
$row = Database::fetch_array($res);
if (!empty($row['question_order'])) {
$sql = "UPDATE $TBL_EXERCICE_QUESTION SET question_order = question_order-1 WHERE exercice_id='".Database::escape_string($exerciseId)."' AND question_order > ".$row['question_order'];
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
}
}
$sql="DELETE FROM $TBL_EXERCICE_QUESTION WHERE question_id='".Database::escape_string($id)."' AND exercice_id='".Database::escape_string($exerciseId)."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
return true;
}
@ -850,23 +850,23 @@ abstract class Question
{
//update the question_order of each question to avoid inconsistencies
$sql = "SELECT exercice_id, question_order FROM $TBL_EXERCICE_QUESTION WHERE question_id='".Database::escape_string($id)."'";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if (Database::num_rows($res)>0) {
while ($row = Database::fetch_array($res)) {
if (!empty($row['question_order'])) {
$sql = "UPDATE $TBL_EXERCICE_QUESTION SET question_order = question_order-1 WHERE exercice_id='".Database::escape_string($row['exercice_id'])."' AND question_order > ".$row['question_order'];
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
}
}
}
$sql="DELETE FROM $TBL_EXERCICE_QUESTION WHERE question_id='".Database::escape_string($id)."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$sql="DELETE FROM $TBL_QUESTIONS WHERE id='".Database::escape_string($id)."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$sql="DELETE FROM $TBL_REPONSES WHERE question_id='".Database::escape_string($id)."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
api_item_property_update($_course, TOOL_QUIZ, $id,'QuizQuestionDeleted',$_user['user_id']);
$this->removePicture();
@ -902,7 +902,7 @@ abstract class Question
$type=$this->type;
$sql="INSERT INTO $TBL_QUESTIONS(question,description,ponderation,position,type) VALUES('".Database::escape_string($question)."','".Database::escape_string($description)."','".Database::escape_string($weighting)."','".Database::escape_string($position)."','".Database::escape_string($type)."')";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$id=Database::insert_id();
// duplicates the picture

2
main/exercice/question_create.php
Unescape View File

@ -74,7 +74,7 @@ $form->addElement('static','select_question_type', get_lang('QuestionType'),'<di
// the exercices
$tbl_exercices = Database :: get_course_table(TABLE_QUIZ_TEST);
$sql = "SELECT id,title,type,description, results_disabled FROM $tbl_exercices WHERE active<>'-1' ORDER BY title ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$exercises['-'] = '-'.get_lang('SelectExercice').'-';
while ($row = Database :: fetch_array($result))
{

46
main/exercice/question_pool.php
Unescape View File

@ -207,7 +207,7 @@ if($is_allowedToEdit)
<option value="-1" <?php if($exerciseId == -1) echo 'selected="selected"'; ?>><?php echo get_lang('OrphanQuestions'); ?></option>
<?php
$sql="SELECT id,title FROM $TBL_EXERCICES WHERE id<>'".Database::escape_string($fromExercise)."' AND active<>'-1' ORDER BY id";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
// shows a list-box allowing to filter questions
while($row=Database::fetch_array($result)) {
@ -238,26 +238,26 @@ if($is_allowedToEdit)
}
}
echo '</select> ';
//
echo get_lang('AnswerType');
echo ' : <select name="answerType">';
echo ' : <select name="answerType">';
//answer type
if (!isset($answerType)) $answerType = -1;
{
for ($answer_type = -1; $answer_type <=9; $answer_type++) {
$selected ='';
if ($answer_type!=0) {
if ($answerType == $answer_type)
$selected = ' selected="selected" ';
if ($answer_type==-1) {echo '<option value="-1" '.$selected.'>'.get_lang('Any').'</option>'; } // check 0 or -1
if ($answer_type==-1) {echo '<option value="-1" '.$selected.'>'.get_lang('Any').'</option>'; } // check 0 or -1
elseif ($answer_type==1) {echo '<option value="'.$answer_type.'" '.$selected.'>'.get_lang('UniqueAnswer').'</option>'; }
elseif ($answer_type==2) {echo '<option value="'.$answer_type.'" '.$selected.'>'.get_lang('MultipleAnswer').'</option>'; }
elseif ($answer_type==3) {echo '<option value="'.$answer_type.'" '.$selected.'>'.get_lang('langFillBlanks').'</option>'; }
elseif ($answer_type==3) {echo '<option value="'.$answer_type.'" '.$selected.'>'.get_lang('langFillBlanks').'</option>'; }
elseif ($answer_type==4) {echo '<option value="'.$answer_type.'" '.$selected.'>'.get_lang('langMatching').'</option>'; }
elseif ($answer_type==5) {echo '<option value="'.$answer_type.'" '.$selected.'>'.get_lang('FreeAnswer').'</option>'; }
elseif ($answer_type==5) {echo '<option value="'.$answer_type.'" '.$selected.'>'.get_lang('FreeAnswer').'</option>'; }
elseif ($answer_type==6) {echo '<option value="'.$answer_type.'" '.$selected.'>'.get_lang('HotSpot').'</option>'; }
elseif ($answer_type==9) {echo '<option value="'.$answer_type.'" '.$selected.'>'.get_lang('MultipleSelectCombination').'</option>'; }
}
@ -265,7 +265,7 @@ if($is_allowedToEdit)
}
echo '</select> ';
?>
<button class="save" type="submit" name="name" value="<?php echo get_lang('Ok') ?>"><?php echo get_lang('Ok') ?></button>
<?php
echo '<a href="admin.php?',api_get_cidreq(),'&exerciseId=',$fromExercise,'">'.Display::return_icon('message_reply_forum.png', get_lang('GoBackToQuestionList')),get_lang('GoBackToQuestionList'),'</a>';
@ -291,18 +291,18 @@ if($is_allowedToEdit)
if (isset($exerciseLevel) && $exerciseLevel != -1) {
$where .= ' level='.$exerciseLevel.' AND ';
}
}
if (isset($answerType) && $answerType != -1) {
$where .= ' type='.$answerType.' AND ';
}
}
$sql="SELECT id,question,type,level
FROM $TBL_EXERCICE_QUESTION,$TBL_QUESTIONS
WHERE $where question_id=id AND exercice_id='".Database::escape_string($exerciseId)."'
ORDER BY question_order";
} elseif($exerciseId == -1) {
// if we have selected the option 'Orphan questions' in the list-box 'Filter'
@ -339,12 +339,12 @@ if($is_allowedToEdit)
if (isset($exerciseLevel) && $exerciseLevel!= -1 ) {
$level_where = ' level='.$exerciseLevel.' AND ';
}
$answer_where = '';
if (isset($answerType) && $answerType!= -1 ) {
$answer_where = ' questions.type='.$answerType.' AND ';
}
$sql='SELECT questions.id, questions.question, questions.type, quizz_questions.exercice_id , level
FROM '.$TBL_QUESTIONS.' as questions LEFT JOIN '.$TBL_EXERCICE_QUESTION.' as quizz_questions
ON questions.id=quizz_questions.question_id LEFT JOIN '.$TBL_EXERCICES.' as exercices
@ -369,14 +369,14 @@ if($is_allowedToEdit)
else
$where = ' WHERE level='.$exerciseLevel.' ';
}
if (isset($answerType) && $answerType != -1) {
if (strlen($where)>0)
$where .= ' AND type='.$answerType.' ';
else
$where = ' WHERE type='.$answerType.' ';
}
}
$sql="SELECT id,question,type,level FROM $TBL_QUESTIONS $where ";
// forces the value to 0
@ -384,7 +384,7 @@ if($is_allowedToEdit)
$exerciseId=0;
}
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$nbrQuestions=Database::num_rows($result);
echo '<tr>',
@ -414,7 +414,7 @@ if($is_allowedToEdit)
<tr bgcolor="#e6e6e6">';
if(!empty($fromExercise)) {
echo '<th width="4%"> </th>',
echo '<th width="4%"> </th>',
'<th>',get_lang('Question'),'</th>',
'<th>',get_lang('Level'),'</th>',
'<th>',get_lang('Reuse'),'</th>';
@ -476,7 +476,7 @@ if($is_allowedToEdit)
'</tr>';
}
echo '</table>';
echo '<div style="width:100%; border-top:1px dotted #4171B5;">
echo '<div style="width:100%; border-top:1px dotted #4171B5;">
<button class="save" type="submit">'.get_lang('Reuse').'</button>
</div></form>';
Display::display_footer();

2
main/exercice/savescores.php
Unescape View File

@ -102,7 +102,7 @@ function save_scores($file, $score)
'".Database::escape_string($_cid)."',
'".Database::escape_string($score)."',
'".Database::escape_string($weighting)."')";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
if ($origin == 'learnpath')
{

6
main/external_module/external_module.php
Unescape View File

@ -75,7 +75,7 @@ if($is_allowedToEdit && $_POST['formSent'] && $toolid) // RH: new section
"', target='" . Database::escape_string($target) .
"' WHERE id='" . Database::escape_string($id) . "'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$linkAdded = TRUE;
}
@ -95,7 +95,7 @@ elseif($is_allowedToEdit && $_POST['formSent'])
$link='http://'.$link;
}
Database::query("INSERT INTO $tbl_courseHome(name,link,image,visibility,admin,address,target) VALUES('".Database::escape_string($name_link)."','".Database::escape_string($link)."','$iconForImportedTools','1','0','$iconForInactiveImportedTools','$target')",__FILE__,__LINE__);
Database::query("INSERT INTO $tbl_courseHome(name,link,image,visibility,admin,address,target) VALUES('".Database::escape_string($name_link)."','".Database::escape_string($link)."','$iconForImportedTools','1','0','$iconForInactiveImportedTools','$target')");
$linkAdded=true;
}
@ -125,7 +125,7 @@ else
$sql = "SELECT name,link,target FROM $tbl_courseHome" .
" WHERE id='" . Database::escape_string($toolid) . "'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
(Database::num_rows($result) == 1 && ($row = Database::fetch_array($result)))
or die('? Could not fetch data with ' . htmlspecialchars($sql));

2
main/forum/download.php
Unescape View File

@ -69,7 +69,7 @@ event_download($doc_url);
$sql='SELECT thread_id, forum_id,filename FROM '.$tbl_forum_post.' f INNER JOIN '.$tbl_forum_attachment.' a
ON a.post_id=f.post_id WHERE path LIKE BINARY "'.$doc_url.'"';
$result= Database::query($sql, __FILE__, __LINE__);
$result= Database::query($sql);
$row= Database::fetch_array($result);
$forum_thread_visibility=api_get_item_visibility(api_get_course_info($course_code),TOOL_FORUM_THREAD,$row['thread_id']);

216
main/forum/forumfunction.inc.php
Unescape View File

@ -89,7 +89,7 @@ function handle_forum_and_forumcategories() {
$messaje=delete_forum_forumcategory_thread('thread',$list_threads[$i]['thread_id']);
$table_link = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
$sql_link='DELETE FROM '.$table_link.' WHERE ref_id='.$list_threads[$i]['thread_id'].' and type=5 and course_code="'.api_get_course_id().'";';
Database::query($sql_link,__FILE__,__LINE__);
Database::query($sql_link);
}
$return_message=delete_forum_forumcategory_thread($_GET['content'],$_GET['id']);
Display :: display_confirmation_message($return_message,false);
@ -384,7 +384,7 @@ function delete_forum_image($forum_id)
$table_forums = Database::get_course_table(TABLE_FORUM);
$forum_id = Database::escape_string($forum_id);
$sql="SELECT forum_image FROM $table_forums WHERE forum_id = '".$forum_id."' ";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
if ($row['forum_image']!='') {
$del_file = api_get_path(SYS_COURSE_PATH).api_get_course_path().'/upload/forum/images/'.$row['forum_image'];
@ -466,7 +466,7 @@ function store_forumcategory($values) {
// find the max cat_order. The new forum category is added at the end => max cat_order + &
$sql="SELECT MAX(cat_order) as sort_max FROM ".Database::escape_string($table_categories);
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$new_max=$row['sort_max']+1;
$session_id = api_get_session_id();
@ -475,13 +475,13 @@ function store_forumcategory($values) {
if (isset($values['forum_category_id'])) { // storing an edit
$sql="UPDATE ".$table_categories." SET cat_title='".$clean_cat_title."', cat_comment='".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['forum_category_comment'])),COURSEMANAGERLOWSECURITY))."' WHERE cat_id='".Database::escape_string($values['forum_category_id'])."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$last_id=Database::insert_id();
api_item_property_update(api_get_course_info(), TOOL_FORUM_CATEGORY, $values['forum_category_id'], 'ForumCategoryUpdated', api_get_user_id());
$return_message=get_lang('ForumCategoryEdited');
} else {
$sql = "INSERT INTO ".$table_categories." (cat_title, cat_comment, cat_order, session_id) VALUES ('".$clean_cat_title."','".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['forum_category_comment'])),COURSEMANAGERLOWSECURITY))."','".Database::escape_string($new_max)."','".Database::escape_string($session_id)."')";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$last_id = Database::insert_id();
if ($last_id > 0) {
api_item_property_update(api_get_course_info(), TOOL_FORUM_CATEGORY, $last_id, 'ForumCategoryAdded', api_get_user_id());
@ -512,7 +512,7 @@ function store_forum($values) {
$new_max=null;
} else {
$sql="SELECT MAX(forum_order) as sort_max FROM ".$table_forums." WHERE forum_category='".Database::escape_string($values['forum_category'])."'";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$new_max=$row['sort_max']+1;
}
@ -591,7 +591,7 @@ function store_forum($values) {
default_view='".Database::escape_string($values['default_view_type_group']['default_view_type'])."',
forum_of_group='".Database::escape_string($values['group_forum'])."'
WHERE forum_id='".Database::escape_string($values['forum_id'])."'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
api_item_property_update($_course, TOOL_FORUM, Database::escape_string($values['forum_id']), 'ForumUpdated', api_get_user_id());
$return_message=get_lang('ForumEdited');
} else {
@ -618,7 +618,7 @@ function store_forum($values) {
'".Database::escape_string(isset($values['public_private_group_forum_group']['public_private_group_forum'])?$values['public_private_group_forum_group']['public_private_group_forum']:null)."',
'".Database::escape_string(isset($new_max)?$new_max:null)."',
".intval($session_id).")";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
$last_id = Database::insert_id();
if ($last_id > 0) {
api_item_property_update($_course, TOOL_FORUM, $last_id, 'ForumAdded', api_get_user_id());
@ -651,7 +651,7 @@ function delete_forum_forumcategory_thread($content, $id) {
// delete all attachment file about this tread id
$sql = "SELECT post_id FROM $table_forums_post WHERE thread_id = '".(int)$id."' ";
$res = Database::query($sql,__FILE__,__LINE__);
$res = Database::query($sql);
while ($poster_id = Database::fetch_row($res)) {
delete_attachment($poster_id[0]);
}
@ -662,7 +662,7 @@ function delete_forum_forumcategory_thread($content, $id) {
if (!empty($forum_list)){
$sql="SELECT forum_id FROM ". $table_forums . "WHERE forum_category='".$id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result);
foreach ($row as $arr_forum) {
$forum_id = $arr_forum['forum_id'];
@ -676,7 +676,7 @@ function delete_forum_forumcategory_thread($content, $id) {
if (!empty($number_threads)){
$sql="SELECT thread_id FROM". $table_forum_thread . "WHERE forum_id='".$id."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result);
foreach ($row as $arr_forum) {
$forum_id = $arr_forum['thread_id'];
@ -702,27 +702,27 @@ function delete_forum_forumcategory_thread($content, $id) {
* @todo write recursive function that deletes all the posts that have this message as parent
*
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
* @author Hubert Borderiou Function cleanead and fixed
* @author Hubert Borderiou Function cleanead and fixed
* @version february 2006
*/
function delete_post($post_id) {
global $table_posts;
global $table_threads;
$post_id = intval($post_id);
$post_id = intval($post_id);
// get parent_post_id of deleted post
$tab_post_info = get_post_information($post_id);
$post_parent_id_of_deleted_post = $tab_post_info['post_parent_id'];
$thread_id_of_deleted_post = $tab_post_info['thread_id'];
$forum_if_of_deleted_post = $tab_post_info['forum_id'];
$sql = "UPDATE $table_posts SET post_parent_id=$post_parent_id_of_deleted_post WHERE post_parent_id=$post_id AND thread_id=$thread_id_of_deleted_post AND forum_id=$forum_if_of_deleted_post;";
api_sql_query($sql,__FILE__,__LINE__);
api_sql_query($sql);
$sql="DELETE FROM $table_posts WHERE post_id='".Database::escape_string($post_id)."'"; // note: this has to be a recursive function that deletes all of the posts in this block.
api_sql_query($sql,__FILE__,__LINE__);
api_sql_query($sql);
//delete attachment file about this post id
delete_attachment($post_id);
delete_attachment($post_id);
$last_post_of_thread=check_if_last_post_of_thread(strval(intval($_GET['thread'])));
@ -732,13 +732,13 @@ function delete_post($post_id) {
thread_last_post='".Database::escape_string($last_post_of_thread['post_id'])."',
thread_date='".Database::escape_string($last_post_of_thread['post_date'])."'
WHERE thread_id='".intval($_GET['thread'])."'";
api_sql_query($sql,__FILE__,__LINE__);
api_sql_query($sql);
return 'PostDeleted';
}
if ($last_post_of_thread==false) {
// we deleted the very single post of the thread so we need to delete the entry in the thread table also.
$sql="DELETE FROM $table_threads WHERE thread_id='".intval($_GET['thread'])."'";
api_sql_query($sql,__FILE__,__LINE__);
api_sql_query($sql);
return 'PostDeletedSpecial';
}
}
@ -758,7 +758,7 @@ function check_if_last_post_of_thread($thread_id) {
global $table_posts;
$sql="SELECT * FROM $table_posts WHERE thread_id='".Database::escape_string($thread_id)."' ORDER BY post_date DESC";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
if ( Database::num_rows($result)>0 ) {
$row=Database::fetch_array($result);
return $row;
@ -961,7 +961,7 @@ function change_lock_status($content, $id, $action) {
// Doing the change in the database
$sql="UPDATE $table SET locked='".Database::escape_string($db_locked)."' WHERE $id_field='".Database::escape_string($id)."'";
if (Database::query($sql,__FILE__,__LINE__)) {
if (Database::query($sql)) {
return $return_message;
} else {
return get_lang('Error');
@ -1000,7 +1000,7 @@ function move_up_down($content, $direction, $id) {
$sort_column='forum_order';
// we also need the forum_category of this forum
$sql="SELECT forum_category FROM $table_forums WHERE forum_id=".Database::escape_string($id);
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$forum_category=$row['forum_category'];
} else {
@ -1028,7 +1028,7 @@ function move_up_down($content, $direction, $id) {
}
// echo $sql.'<br />';
// finding the items that need to be switched
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$found=false;
while ($row=Database::fetch_array($result)) {
//echo $row[$id_column].'-';
@ -1050,8 +1050,8 @@ function move_up_down($content, $direction, $id) {
if ($this_sort<>'' && $next_sort<>'' && $next_id<>'' && $this_id<>'') {
$sql_update1="UPDATE $table SET $sort_column='".Database::escape_string($this_sort)."' WHERE $id_column='".Database::escape_string($next_id)."'";
$sql_update2="UPDATE $table SET $sort_column='".Database::escape_string($next_sort)."' WHERE $id_column='".Database::escape_string($this_id)."'";
Database::query($sql_update1,__FILE__,__LINE__);
Database::query($sql_update2,__FILE__,__LINE__);
Database::query($sql_update1);
Database::query($sql_update2);
}
return get_lang(ucfirst($content).'Moved');
@ -1112,7 +1112,7 @@ function get_forum_categories($id='') {
AND forum_categories.cat_id='".Database::escape_string($id)."' $condition_session
ORDER BY forum_categories.cat_order ASC";
}
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
if ($id=='') {
$forum_categories_list[$row['cat_id']]=$row;
@ -1151,7 +1151,7 @@ function get_forums_in_category($cat_id)
AND item_properties.tool='".TOOL_FORUM."'
ORDER BY forum_order ASC";
}
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
$forum_list[$row['forum_id']]=$row;
}
@ -1260,7 +1260,7 @@ function get_forums($id='') {
ORDER BY post.post_id ASC";
}
// handling all the forum information
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
if ($id=='') {
$forum_list[$row['forum_id']]=$row;
@ -1270,7 +1270,7 @@ function get_forums($id='') {
}
// handling the threadcount information
$result2=Database::query($sql2,__FILE__,__LINE__);
$result2=Database::query($sql2);
while ($row2=Database::fetch_array($result2)) {
if ($id=='') {
$forum_list[$row2['forum_id']]['number_of_threads']=$row2['number_of_threads'];
@ -1279,7 +1279,7 @@ function get_forums($id='') {
}
}
// handling the postcount information
$result3=Database::query($sql3,__FILE__,__LINE__);
$result3=Database::query($sql3);
while ($row3=Database::fetch_array($result3)) {
if ($id=='') {
if (array_key_exists($row3['forum_id'],$forum_list)) {// this is needed because sql3 takes also the deleted forums into account
@ -1343,7 +1343,7 @@ function get_last_post_information($forum_id, $show_invisibles=false) {
AND post.forum_id=forum_properties.ref
AND forum_properties.tool='".TOOL_FORUM."'
ORDER BY post.post_id DESC";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
if ($show_invisibles==true) {
$row=Database::fetch_array($result);
$return_array['last_post_id']=$row['post_id'];
@ -1426,7 +1426,7 @@ function get_threads($forum_id) {
WHERE thread.forum_id='".Database::escape_string($forum_id)."'
ORDER BY thread.thread_sticky DESC, thread.thread_date DESC";
}
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ( $row=Database::fetch_array($result,'ASSOC') ) {
$thread_list[]=$row;
}
@ -1461,7 +1461,7 @@ function get_posts($thread_id) {
AND posts.visible='1'
ORDER BY posts.post_id ASC";
}
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
$post_list[]=$row;
}
@ -1510,7 +1510,7 @@ function get_post_information($post_id) {
global $table_users;
$sql="SELECT * FROM ".$table_posts."posts, ".$table_users." users WHERE posts.poster_id=users.user_id AND posts.post_id='".Database::escape_string($post_id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
return $row;
}
@ -1533,7 +1533,7 @@ function get_thread_information($thread_id) {
WHERE item_properties.tool='".TOOL_FORUM_THREAD."'
AND item_properties.ref='".Database::escape_string($thread_id)."'
AND threads.thread_id='".Database::escape_string($thread_id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
return $row;
}
@ -1559,7 +1559,7 @@ function get_thread_users_details($thread_id, $db_name = null) {
AND course_user.status NOT IN('1')
AND course_code = '".api_get_course_id()."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
return $result;
}
@ -1591,7 +1591,7 @@ function get_thread_users_qualify($thread_id, $db_name = null) {
AND course_user.status not in('1')
AND course_code = '".api_get_course_id()."'
GROUP BY post.poster_id ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
return $result;
}
@ -1611,7 +1611,7 @@ function get_thread_users_not_qualify($thread_id, $db_name = null) {
$t_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$sql1 = "select user_id FROM $t_qualify WHERE thread_id = '".$thread_id."'";
$result1 = Database::query($sql1,__FILE__,__LINE__);
$result1 = Database::query($sql1);
$cad='';
while ($row=Database::fetch_array($result1)) {
$cad .= $row['user_id'].',';
@ -1630,7 +1630,7 @@ function get_thread_users_not_qualify($thread_id, $db_name = null) {
AND course_user.status not in('1')
AND course_code = '".api_get_course_id()."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
return $result;
}
@ -1654,7 +1654,7 @@ function get_forum_information($forum_id) {
WHERE item_properties.tool='".TOOL_FORUM."'
AND item_properties.ref='".Database::escape_string($forum_id)."'
AND forums.forum_id='".Database::escape_string($forum_id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$row['approval_direct_post'] = 0; // we can't anymore change this option, so it should always be activated
return $row;
@ -1677,7 +1677,7 @@ function get_forumcategory_information($cat_id) {
WHERE item_properties.tool='".TOOL_FORUM_CATEGORY."'
AND item_properties.ref='".Database::escape_string($cat_id)."'
AND forumcategories.cat_id='".Database::escape_string($cat_id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
return $row;
}
@ -1697,7 +1697,7 @@ function count_number_of_forums_in_category($cat_id) {
global $table_forums;
$sql="SELECT count(*) AS number_of_forums FROM ".$table_forums." WHERE forum_category='".Database::escape_string($cat_id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
return $row['number_of_forums'];
}
@ -1753,7 +1753,7 @@ function store_thread($values) {
"'".Database::escape_string($values['numeric_calification'])."'," .
"'".Database::escape_string($values['weight_calification'])."'," .
"'".api_get_session_id()."')";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
$last_thread_id=Database::insert_id();
//add option gradebook qualify
@ -1794,12 +1794,12 @@ function store_thread($values) {
'".Database::escape_string($post_date)."',
'".Database::escape_string(isset($values['post_notification'])?$values['post_notification']:null)."','0',
'".Database::escape_string($visible)."')";
Database::query($sql, __FILE__,__LINE__);
Database::query($sql);
$last_post_id=Database::insert_id();
// now have to update the thread table to fill the thread_last_post field (so that we know when the thread has been updated for the last time)
$sql="UPDATE $table_threads SET thread_last_post='".Database::escape_string($last_post_id)."' WHERE thread_id='".Database::escape_string($last_thread_id)."'";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
$message=get_lang('NewThreadStored');
// Storing the attachments if any
if ($has_attachment) {
@ -2045,7 +2045,7 @@ function store_theme_qualify($user_id,$thread_id,$thread_qualify=0,$qualify_user
//testing
$sql_string="SELECT thread_qualify_max FROM ". $table_threads ." WHERE thread_id=".$thread_id.";";
$res_string=Database::query($sql_string,__FILE__,__LINE__);
$res_string=Database::query($sql_string);
$row_string=Database::fetch_array($res_string);
if ($thread_qualify<=$row_string[0]) {
@ -2058,13 +2058,13 @@ function store_theme_qualify($user_id,$thread_id,$thread_qualify=0,$qualify_user
"thread_id,qualify,qualify_user_id,qualify_time,session_id)" .
"VALUES('".$user_id."','".$thread_id."',".(float)$thread_qualify."," .
"'".$qualify_user_id."','".$qualify_time."','".$session_id."')";
$res=Database::query($sql,__FILE__,__LINE__);
$res=Database::query($sql);
return $res;
} else {
$sql1="SELECT qualify FROM ".$table_threads_qualify." WHERE user_id=".$user_id." and thread_id=".$thread_id.";";
$rs=Database::query($sql1,__FILE__,__LINE__);
$rs=Database::query($sql1);
$row=Database::fetch_array($rs);
$row[1]="update";
return $row;
@ -2095,7 +2095,7 @@ function store_theme_qualify($user_id,$thread_id,$thread_qualify=0,$qualify_user
if ($user_id==strval(intval($user_id)) && $thread_id==strval(intval($thread_id)) && $option==1) {
$sql="SELECT qualify FROM ".$table_threads_qualify." WHERE user_id=".$user_id." and thread_id=".$thread_id.";";
$rs=Database::query($sql,__FILE__,__LINE__);
$rs=Database::query($sql);
$row=Database::fetch_array($rs);
return $row[0];
}
@ -2103,7 +2103,7 @@ function store_theme_qualify($user_id,$thread_id,$thread_qualify=0,$qualify_user
if ($user_id==strval(intval($user_id)) && $option==2) {
$sql="SELECT thread_qualify_max FROM ".$table_threads." WHERE thread_id=".$thread_id.";";
$rs=Database::query($sql,__FILE__,__LINE__);
$rs=Database::query($sql);
$row=Database::fetch_array($rs);
return $row[0];
}
@ -2129,7 +2129,7 @@ function store_theme_qualify($user_id,$thread_id,$thread_qualify=0,$qualify_user
} else {
$sql="SELECT * FROM ".$table_threads_qualify_log." WHERE thread_id='".Database::escape_string($thread_id)."' and user_id='".Database::escape_string($user_id)."' ORDER BY qualify_time DESC";
}
$rs=Database::query($sql,__FILE__,__LINE__);
$rs=Database::query($sql);
while ($row=Database::fetch_array($rs,'ASSOC')) {
$my_qualify_log[]=$row;
}
@ -2162,7 +2162,7 @@ function store_qualify_historical($option,$couser_id,$forum_id,$user_id,$thread_
//extract information of thread_qualify
$sql="SELECT qualify,qualify_time FROM ".$table_threads_qualify." WHERE user_id=".$user_id." and thread_id=".$thread_id.";";
$rs=Database::query($sql,__FILE__,__LINE__);
$rs=Database::query($sql);
$row=Database::fetch_array($rs);
//insert thread_historical
@ -2170,11 +2170,11 @@ function store_qualify_historical($option,$couser_id,$forum_id,$user_id,$thread_
"thread_id,qualify,qualify_user_id,qualify_time,session_id)" .
"VALUES('".$user_id."','".$thread_id."',".(float)$row[0]."," .
"'".$qualify_user_id."','".$row[1]."','')";
Database::query($sql1,__FILE__,__LINE__);
Database::query($sql1);
//update
$sql2="UPDATE ".$table_threads_qualify." SET qualify=".$current_qualify.",qualify_time='".$current_date."' WHERE user_id=".$user_id." and thread_id=".$thread_id.";";
Database::query($sql2,__FILE__,__LINE__);
Database::query($sql2);
}
}
/**
@ -2236,7 +2236,7 @@ function store_reply($values) {
'".Database::escape_string(isset($values['post_notification'])?$values['post_notification']:null)."',
'".Database::escape_string(isset($values['post_parent_id'])?$values['post_parent_id']:null)."',
'".Database::escape_string($visible)."')";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
$new_post_id=Database::insert_id();
$values['new_post_id']=$new_post_id;
@ -2265,7 +2265,7 @@ function store_reply($values) {
if ($result) {
$sql='INSERT INTO '.$forum_table_attachment.'(filename,comment, path, post_id,size) '.
"VALUES ( '".Database::escape_string($file_name)."', '".Database::escape_string($comment)."', '".Database::escape_string($new_file_name)."' , '".$new_post_id."', '".$_FILES['user_upload']['size']."' )";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
$message.=' / '.get_lang('FileUploadSucces');
$last_id=Database::insert_id();
@ -2462,14 +2462,14 @@ function store_edit_post($values) {
"thread_weight='".Database::escape_string($values['weight_calification'])."'".
" WHERE thread_id='".Database::escape_string($values['thread_id'])."'";
Database::query($sql,__FILE__, __LINE__);
Database::query($sql);
//}
// update the post_title and the post_text
$sql="UPDATE $table_posts SET post_title='".Database::escape_string(Security::remove_XSS($values['post_title']))."',
post_text='".Database::escape_string(Security::remove_XSS(stripslashes(api_html_entity_decode($values['post_text'])),COURSEMANAGERLOWSECURITY))."',
post_notification='".Database::escape_string(isset($values['post_notification'])?$values['post_notification']:null)."'
WHERE post_id='".Database::escape_string($values['post_id'])."'";
Database::query($sql,__FILE__, __LINE__);
Database::query($sql);
if (!empty($values['remove_attach'])) {
delete_attachment($values['post_id']);
@ -2570,7 +2570,7 @@ function increase_thread_view($thread_id) {
global $table_threads;
$sql="UPDATE $table_threads SET thread_views=thread_views+1 WHERE thread_id='".Database::escape_string($thread_id)."'"; // this needs to be cleaned first
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
}
/**
@ -2588,7 +2588,7 @@ function update_thread($thread_id, $last_post_id,$post_date) {
$sql="UPDATE $table_threads SET thread_replies=thread_replies+1,
thread_last_post='".Database::escape_string($last_post_id)."',
thread_date='".Database::escape_string($post_date)."' WHERE thread_id='".Database::escape_string($thread_id)."'"; // this needs to be cleaned first
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
}
@ -2632,7 +2632,7 @@ function get_whats_new() {
if (!$_SESSION['last_forum_access']) {
$tracking_last_tool_access=Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LASTACCESS);
$sql="SELECT * FROM ".$tracking_last_tool_access." WHERE access_user_id='".Database::escape_string($_user['user_id'])."' AND access_cours_code='".Database::escape_string($_course['sysCode'])."' AND access_tool='".Database::escape_string($tool)."'";
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$_SESSION['last_forum_access']=$row['access_date'];
}
@ -2641,7 +2641,7 @@ function get_whats_new() {
if ($_SESSION['last_forum_access']<>'') {
$whatsnew_post_info = array();
$sql="SELECT * FROM".$table_posts."WHERE post_date>'".Database::escape_string($_SESSION['last_forum_access'])."'"; // note: check the performance of this query.
$result=Database::query($sql,__FILE__,__LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
$whatsnew_post_info[$row['forum_id']][$row['thread_id']][$row['post_id']]=$row['post_date'];
}
@ -2691,7 +2691,7 @@ function get_post_topics_of_forum($forum_id) {
AND item_property.tool='".TOOL_FORUM_THREAD."'
";
}
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$number_of_posts=$row['number_of_posts'];
@ -2713,7 +2713,7 @@ function get_post_topics_of_forum($forum_id) {
AND item_property.tool='".TOOL_FORUM_THREAD."'
";
}
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
$number_of_topics=$row['number_of_topics'];
if ($number_of_topics=='') {
@ -2745,7 +2745,7 @@ function approve_post($post_id, $action) {
}
$sql="UPDATE $table_posts SET visible='".Database::escape_string($visibility_value)."' WHERE post_id='".Database::escape_string($post_id)."'";
$return=Database::query($sql, __FILE__, __LINE__);
$return=Database::query($sql);
if ($return) {
return 'PostVisibilityChanged';
}
@ -2767,7 +2767,7 @@ function get_unaproved_messages($forum_id) {
$return_array=array();
$sql="SELECT DISTINCT thread_id FROM $table_posts WHERE forum_id='".Database::escape_string($forum_id)."' AND visible='0'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while($row=Database::fetch_array($result)) {
$return_array[]=$row['thread_id'];
}
@ -2813,7 +2813,7 @@ function send_notification_mails($thread_id, $reply_info) {
WHERE post.thread_id='".Database::escape_string($thread_id)."'
AND post.post_notification='1'
AND post.poster_id=user.user_id";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result))
{
send_mail($row, $current_thread);
@ -2822,14 +2822,14 @@ function send_notification_mails($thread_id, $reply_info) {
} else {
/*
$sql="SELECT * FROM $table_posts WHERE thread_id='".Database::escape_string($thread_id)."' AND post_notification='1'";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
*/
$table_notification = Database::get_course_table(TABLE_FORUM_NOTIFICATION);
$sql = "SELECT * FROM $table_notification WHERE forum_id = '".Database::escape_string($current_forum['forum_id'])."' OR thread_id = '".Database::escape_string($thread_id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
$sql_mailcue="INSERT INTO $table_mailcue (thread_id, post_id) VALUES ('".Database::escape_string($thread_id)."', '".Database::escape_string($reply_info['new_post_id'])."')";
$result_mailcue=Database::query($sql_mailcue, __LINE__, __FILE__);
$result_mailcue=Database::query($sql_mailcue);
}
}
}
@ -2863,14 +2863,14 @@ function handle_mail_cue($content, $id) {
AND mailcue.thread_id='".Database::escape_string($post_info['thread_id'])."'
AND users.user_id=posts.poster_id
GROUP BY users.email";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
send_mail($row, get_thread_information($post_info['thread_id']));
}
// deleting the relevant entries from the mailcue
$sql_delete_mailcue="DELETE FROM $table_mailcue WHERE post_id='".Database::escape_string($id)."' AND thread_id='".Database::escape_string($post_info['thread_id'])."'";
//$result=Database::query($sql_delete_mailcue, __LINE__, __FILE__);
//$result=Database::query($sql_delete_mailcue);
} elseif ($content=='thread') {
// sending the mail to all the users that wanted to be informed for replies on this thread.
$sql="SELECT users.firstname, users.lastname, users.user_id, users.email FROM $table_mailcue mailcue, $table_posts posts, $table_users users
@ -2879,23 +2879,23 @@ function handle_mail_cue($content, $id) {
AND mailcue.thread_id='".Database::escape_string($id)."'
AND users.user_id=posts.poster_id
GROUP BY users.email";
$result=Database::query($sql,__FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
send_mail($row, get_thread_information($id));
}
// deleting the relevant entries from the mailcue
$sql_delete_mailcue="DELETE FROM $table_mailcue WHERE thread_id='".Database::escape_string($id)."'";
$result=Database::query($sql_delete_mailcue, __FILE__, __LINE__);
$result=Database::query($sql_delete_mailcue);
} elseif ($content=='forum') {
$sql="SELECT * FROM $table_threads WHERE forum_id='".Database::escape_string($id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
handle_mail_cue('thread',$row['thread_id']);
}
} elseif ($content=='forum_category') {
$sql="SELECT * FROM $table_forums WHERE forum_category ='".Database::escape_string($id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
handle_mail_cue('forum',$row['forum_id']);
}
@ -3064,42 +3064,42 @@ function store_move_post($values) {
'".Database::escape_string($values['post_id'])."',
'".Database::escape_string($current_post['post_date'])."'
)";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$new_thread_id=Database::insert_id();
api_item_property_update($_course, TOOL_FORUM_THREAD, $new_thread_id,"visible", $current_post['poster_id']);
// moving the post to the newly created thread
$sql="UPDATE $table_posts SET thread_id='".Database::escape_string($new_thread_id)."', post_parent_id='0' WHERE post_id='".Database::escape_string($values['post_id'])."'";
$result=Database::query($sql,__FILE__, __LINE__);
$result=Database::query($sql);
//echo $sql.'<br />';
// resetting the parent_id of the thread to 0 for all those who had this moved post as parent
$sql="UPDATE $table_posts SET post_parent_id='0' WHERE post_parent_id='".Database::escape_string($values['post_id'])."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
//echo $sql.'<br />';
// updating updating the number of threads in the forum
$sql="UPDATE $table_forums SET forum_threads=forum_threads+1 WHERE forum_id='".Database::escape_string($current_post['forum_id'])."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
//echo $sql.'<br />';
// resetting the last post of the old thread and decreasing the number of replies and the thread
$sql="SELECT * FROM $table_posts WHERE thread_id='".Database::escape_string($current_post['thread_id'])."' ORDER BY post_id DESC";
//echo $sql.'<br />';
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$row=Database::fetch_array($result);
//my_print_r($row);
$sql="UPDATE $table_threads SET thread_last_post='".$row['post_id']."', thread_replies=thread_replies-1 WHERE thread_id='".Database::escape_string($current_post['thread_id'])."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
//echo $sql.'<br />';
} else {
// moving to the chosen thread
$sql="UPDATE $table_posts SET thread_id='".Database::escape_string($_POST['thread'])."', post_parent_id='0' WHERE post_id='".Database::escape_string($values['post_id'])."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
// resetting the parent_id of the thread to 0 for all those who had this moved post as parent
$sql="UPDATE $table_posts SET post_parent_id='0' WHERE post_parent_id='".Database::escape_string($values['post_id'])."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
}
return get_lang('ThreadMoved');
@ -3121,12 +3121,12 @@ function store_move_thread($values) {
// change the thread table: setting the forum_id to the new forum
$sql="UPDATE $table_threads SET forum_id='".Database::escape_string($_POST['forum'])."' WHERE thread_id='".Database::escape_string($_POST['thread_id'])."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
// changing all the posts of the thread: setting the forum_id to the new forum
$sql="UPDATE $table_posts SET forum_id='".Database::escape_string($_POST['forum'])."' WHERE thread_id='".Database::escape_string($_POST['thread_id'])."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
return get_lang('ThreadMoved');
}
@ -3234,7 +3234,7 @@ function display_forum_search_results($search_term) {
// getting all the information of the forums
$forum_list=get_forums();
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result,'ASSOC')) {
$display_result = false;
/*
@ -3341,7 +3341,7 @@ function add_forum_attachment_file($file_comment,$last_id) {
if ($result) {
$sql="INSERT INTO $agenda_forum_attachment(filename,comment, path,post_id,size)
VALUES ( '$safe_file_name', '$safe_file_comment', '$safe_new_file_name' , '$last_id', '".$_FILES['user_upload']['size']."' )";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
$message.=' / '.get_lang('FileUploadSucces').'<br />';
$last_id_file=Database::insert_id();
@ -3393,7 +3393,7 @@ function edit_forum_attachment_file($file_comment,$post_id,$id_attach) {
if ($result) {
$sql="UPDATE $table_forum_attachment SET filename = '$safe_file_name', comment = '$safe_file_comment', path = '$safe_new_file_name', post_id = '$safe_post_id', size ='".$_FILES['user_upload']['size']."'
WHERE id = '$safe_id_attach'";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
api_item_property_update($_course, TOOL_FORUM_ATTACH, $safe_id_attach ,'ForumAttachmentUpdated', api_get_user_id());
@ -3415,7 +3415,7 @@ function get_attachment($post_id) {
$row=array();
$post_id = intval($post_id);
$sql = 'SELECT id, path, filename,comment FROM '. $forum_table_attachment.' WHERE post_id ="'.$post_id.'"';
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
if (Database::num_rows($result)!=0) {
$row=Database::fetch_array($result);
}
@ -3436,7 +3436,7 @@ function delete_attachment($post_id,$id_attach=0) {
$cond = (!empty($id_attach))?" id = ".(int)$id_attach."" : " post_id = ".(int)$post_id."";
$sql="SELECT path FROM $forum_table_attachment WHERE $cond";
$res=Database::query($sql,__FILE__,__LINE__);
$res=Database::query($sql);
$row=Database::fetch_array($res);
$courseDir = $_course['path'].'/upload/forum';
@ -3451,7 +3451,7 @@ function delete_attachment($post_id,$id_attach=0) {
//Delete from forum_attachment table
$sql="DELETE FROM $forum_table_attachment WHERE $cond ";
$result=Database::query($sql, __LINE__, __FILE__);
$result=Database::query($sql);
$last_id_file=Database::insert_id();
// update item_property
api_item_property_update($_course, TOOL_FORUM_ATTACH, $id_attach ,'ForumAttachmentDelete', api_get_user_id());
@ -3524,13 +3524,13 @@ function get_forums_of_group($group_id) {
}
// handling all the forum information
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result,'ASSOC')) {
$forum_list[$row['forum_id']]=$row;
}
// handling the threadcount information
$result2=Database::query($sql2, __FILE__, __LINE__);
$result2=Database::query($sql2);
while ($row2=Database::fetch_array($result2,'ASSOC')) {
if (is_array($forum_list)) {
if (array_key_exists($row2['forum_id'],$forum_list)) {
@ -3540,7 +3540,7 @@ function get_forums_of_group($group_id) {
}
// handling the postcount information
$result3=Database::query($sql3, __FILE__, __LINE__);
$result3=Database::query($sql3);
while ($row3=Database::fetch_array($result3,'ASSOC')) {
if (is_array($forum_list)) {
if (array_key_exists($row3['forum_id'],$forum_list)) {// this is needed because sql3 takes also the deleted forums into account
@ -3589,20 +3589,20 @@ function set_notification($content,$id, $add_only = false) {
// first we check if the notification is already set for this
$sql = "SELECT * FROM $table_notification WHERE $database_field = '".Database::escape_string($id)."' AND user_id = '".Database::escape_string($_user['user_id'])."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$total = Database::num_rows($result);
// if the user did not indicate that (s)he wanted to be notified already then we store the notification request (to prevent double notification requests)
if ($total <= 0) {
$sql = "INSERT INTO $table_notification ($database_field, user_id) VALUES ('".Database::escape_string($id)."','".Database::escape_string($_user['user_id'])."')";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
api_session_unregister('forum_notification');
get_notifications_of_user(0,true);
return get_lang('YouWillBeNotifiedOfNewPosts');
} else {
if (!$add_only) {
$sql = "DELETE FROM $table_notification WHERE $database_field = '".Database::escape_string($id)."' AND user_id = '".Database::escape_string($_user['user_id'])."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
api_session_unregister('forum_notification');
get_notifications_of_user(0,true);
return get_lang('YouWillNoLongerBeNotifiedOfNewPosts');
@ -3636,7 +3636,7 @@ function get_notifications($content,$id) {
$sql = "SELECT user.user_id, user.firstname, user.lastname, user.email, user.user_id user FROM $table_users user, $table_notification notification
WHERE user.user_id = notification.user_id
AND notification.$database_field= '".Database::escape_string($id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
$return = array();
while ($row=Database::fetch_array($result)) {
$return['user'.$row['user_id']]=array('email' => $row['email'], 'user_id' => $row['user_id']);
@ -3727,7 +3727,7 @@ function get_notifications_of_user($user_id = 0, $force = false) {
$_SESSION['forum_notification']['course'] = $my_code;
$sql = "SELECT * FROM $table_notification WHERE user_id='".Database::escape_string($user_id)."'";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
if (!is_null($row['forum_id'])) {
$_SESSION['forum_notification']['forum'][] = $row['forum_id'];
@ -3749,7 +3749,7 @@ function get_notifications_of_user($user_id = 0, $force = false) {
function count_number_of_post_in_thread($thread_id) {
global $table_posts;
$sql = "SELECT * FROM $table_posts WHERE thread_id='".Database::escape_string($thread_id)."' ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
return count(Database::store_result($result));
}
@ -3765,7 +3765,7 @@ function count_number_of_post_for_user_thread($thread_id, $user_id) {
global $table_posts;
$sql = "SELECT * FROM $table_posts WHERE thread_id='".Database::escape_string($thread_id)."'
AND poster_id = '".Database::escape_string($user_id)."' ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
return count(Database::store_result($result));
}
@ -3779,7 +3779,7 @@ function count_number_of_post_for_user_thread($thread_id, $user_id) {
function count_number_of_user_in_course($course_id) {
$table_course_rel_user = Database::get_main_table("course_rel_user");
$sql = "SELECT * FROM $table_course_rel_user WHERE course_code ='".Database::escape_string($course_id)."' ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
return count(Database::store_result($result));
}
@ -3822,7 +3822,7 @@ function get_thread_user_post($course_db, $thread_id, $user_id )
AND posts.poster_id='".Database::escape_string($user_id)."'
ORDER BY posts.post_id ASC";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
$row['status'] = '1';
@ -3833,7 +3833,7 @@ function get_thread_user_post($course_db, $thread_id, $user_id )
WHERE posts.thread_id='".Database::escape_string($thread_id)."'
AND posts.post_parent_id='".$row['post_id']."'
ORDER BY posts.post_id ASC";
$result2=Database::query($sql, __FILE__, __LINE__);
$result2=Database::query($sql);
while ($row2=Database::fetch_array($result2))
{
$row2['status'] = '0';
@ -3851,7 +3851,7 @@ function get_thread_user_post($course_db, $thread_id, $user_id )
function get_name_user_by_id($user_id) {
$t_users = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT firstname, lastname FROM ".$t_users." WHERE user_id = '".$user_id."' ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result);
return api_get_person_name($row[0], $row[1]);
}
@ -3864,7 +3864,7 @@ function get_thread_user_post($course_db, $thread_id, $user_id )
function get_name_thread_by_id($thread_id) {
$t_forum_thread = Database::get_course_table(TABLE_FORUM_THREAD,'');
$sql ="SELECT thread_title FROM ".$t_forum_thread." WHERE thread_id = '".$thread_id."' ";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$row = Database::fetch_array($result);
return $row[0];
}
@ -3937,7 +3937,7 @@ function get_thread_user_post_limit($course_db, $thread_id, $user_id, $limit=10)
WHERE posts.thread_id='".Database::escape_string($thread_id)."'
AND posts.poster_id='".Database::escape_string($user_id)."'
ORDER BY posts.post_id DESC LIMIT $limit ";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
while ($row=Database::fetch_array($result)) {
$row['status'] = '1';

2
main/forum/iframe_thread.php
Unescape View File

@ -141,7 +141,7 @@ $sql="SELECT * FROM $table_posts posts, $table_users users
WHERE posts.thread_id='".$current_thread['thread_id']."'
AND posts.poster_id=users.user_id
ORDER BY posts.post_id ASC";
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
echo "<table width=\"100%\" cellspacing=\"5\" border=\"0\">\n";
while ($row=Database::fetch_array($result)) {

6
main/forum/viewforum.php
Unescape View File

@ -430,13 +430,13 @@ if(is_array($threads)) {
$last_post=$row['thread_date']." ".get_lang('By').' '.display_user_link($row['last_poster_user_id'], $name);
} elseif ($origin!='learnpath') {
$last_post_sql="SELECT post.*, user.firstname, user.lastname FROM $table_posts post, $table_users user WHERE post.poster_id=user.user_id AND visible='1' AND thread_id='".$row['thread_id']."' ORDER BY post_id DESC";
$last_post_result=Database::query($last_post_sql, __FILE__, __LINE__);
$last_post_result=Database::query($last_post_sql);
$last_post_row=Database::fetch_array($last_post_result);
$name=api_get_person_name($last_post_row['firstname'], $last_post_row['lastname']);
$last_post=$last_post_row['post_date']." ".get_lang('By').' '.display_user_link($last_post_row['poster_id'], $name);
} else {
$last_post_sql="SELECT post.*, user.firstname, user.lastname FROM $table_posts post, $table_users user WHERE post.poster_id=user.user_id AND visible='1' AND thread_id='".$row['thread_id']."' ORDER BY post_id DESC";
$last_post_result=Database::query($last_post_sql, __FILE__, __LINE__);
$last_post_result=Database::query($last_post_sql);
$last_post_row=Database::fetch_array($last_post_result);
$name=api_get_person_name($last_post_row['firstname'], $last_post_row['lastname']);
$last_post=$last_post_row['post_date']." ".get_lang('By').' '.$name;
@ -449,7 +449,7 @@ if(is_array($threads)) {
$id_attach = !empty($attachment_list)?$attachment_list['id']:'';
$sql_post_id="SELECT post_id FROM $table_posts WHERE post_title='".Database::escape_string($row['thread_title'])."'";
$result_post_id=Database::query($sql_post_id, __FILE__, __LINE__);
$result_post_id=Database::query($sql_post_id);
$row_post_id=Database::fetch_array($result_post_id);
if ($origin != 'learnpath') {

Write Preview
Loading…
Cancel
Save