chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #347 - Platform administration tool: All "magic" parameters __FILE__ and __LINE__, passed within the method Database::query() have been removed. They are not needed anymore, the method Database::query() has been upgraded to retrieve alone the corresponding values needed for error message creation.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent 6be32ffb80
commit e49f68df46
58 changed files with 565 additions and 565 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 6
      main/admin/access_url_add_courses_to_url.php
  2. 6
      main/admin/access_url_add_sessions_to_url.php
  3. 6
      main/admin/access_url_add_users_to_url.php
  4. 2
      main/admin/access_url_edit_courses_to_url.php
  5. 2
      main/admin/access_url_edit_sessions_to_url.php
  6. 2
      main/admin/access_url_edit_users_to_url.php
  7. 18
      main/admin/add_courses_to_session.php
  8. 10
      main/admin/add_many_session_to_category.php
  9. 184
      main/admin/add_users_to_group.php
  10. 16
      main/admin/add_users_to_session.php
  11. 64
      main/admin/calendar.lib.php
  12. 12
      main/admin/calendar.php
  13. 2
      main/admin/calendar_view_print.php
  14. 4
      main/admin/class_list.php
  15. 8
      main/admin/class_user_import.php
  16. 40
      main/admin/configure_extensions.php
  17. 2
      main/admin/configure_homepage.php
  18. 4
      main/admin/course_add.php
  19. 46
      main/admin/course_category.php
  20. 28
      main/admin/course_edit.php
  21. 32
      main/admin/course_import.php
  22. 8
      main/admin/course_information.php
  23. 6
      main/admin/course_list.php
  24. 6
      main/admin/course_user_import.php
  25. 2
      main/admin/course_virtual.php
  26. 16
      main/admin/group_edit.php
  27. 46
      main/admin/group_list.php
  28. 28
      main/admin/index.php
  29. 6
      main/admin/languages.php
  30. 6
      main/admin/ldap_import_students_to_session.php
  31. 18
      main/admin/ldap_synchro.php
  32. 34
      main/admin/resume_session.php
  33. 8
      main/admin/session_add.php
  34. 2
      main/admin/session_category_edit.php
  35. 6
      main/admin/session_category_list.php
  36. 8
      main/admin/session_course_edit.php
  37. 10
      main/admin/session_course_list.php
  38. 16
      main/admin/session_course_user.php
  39. 8
      main/admin/session_course_user_list.php
  40. 6
      main/admin/session_edit.php
  41. 14
      main/admin/session_export.php
  42. 86
      main/admin/session_import.php
  43. 76
      main/admin/session_list.php
  44. 40
      main/admin/settings.php
  45. 12
      main/admin/special_exports.php
  46. 34
      main/admin/statistics/statistics.lib.php
  47. 20
      main/admin/sub_language.class.php
  48. 10
      main/admin/sub_language_add.php
  49. 4
      main/admin/subscribe_class2course.php
  50. 6
      main/admin/subscribe_user2class.php
  51. 6
      main/admin/subscribe_user2course.php
  52. 4
      main/admin/user_add.php
  53. 6
      main/admin/user_edit.php
  54. 4
      main/admin/user_export.php
  55. 16
      main/admin/user_fields.php
  56. 10
      main/admin/user_fields_options.php
  57. 16
      main/admin/user_information.php
  58. 32
      main/admin/user_list.php

6
main/admin/access_url_add_courses_to_url.php
Unescape View File

@ -115,7 +115,7 @@ if ($_POST['form_sent']) {
if(empty($first_letter_user)) if(empty($first_letter_user))
{ {
$sql = "SELECT count(*) as num_courses FROM $tbl_course"; $sql = "SELECT count(*) as num_courses FROM $tbl_course";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$num_row = Database::fetch_array($result); $num_row = Database::fetch_array($result);
if($num_row['num_courses']>1000) if($num_row['num_courses']>1000)
{//if there are too much num_courses to gracefully handle with the HTML select list, {//if there are too much num_courses to gracefully handle with the HTML select list,
@ -130,12 +130,12 @@ $sql = "SELECT code, title FROM $tbl_course
WHERE title LIKE '".$first_letter_course."%' OR title LIKE '".api_strtolower($first_letter_course)."%' WHERE title LIKE '".$first_letter_course."%' OR title LIKE '".api_strtolower($first_letter_course)."%'
ORDER BY title, code DESC "; ORDER BY title, code DESC ";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_courses = Database::store_result($result); $db_courses = Database::store_result($result);
unset($result); unset($result);
$sql = "SELECT id, url FROM $tbl_access_url WHERE active=1 ORDER BY url"; $sql = "SELECT id, url FROM $tbl_access_url WHERE active=1 ORDER BY url";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_urls = Database::store_result($result); $db_urls = Database::store_result($result);
unset($result); unset($result);
?> ?>

6
main/admin/access_url_add_sessions_to_url.php
Unescape View File

@ -113,7 +113,7 @@ if ($_POST['form_sent']) {
/* /*
if(empty($first_letter_user)) { if(empty($first_letter_user)) {
$sql = "SELECT count(*) as num_courses FROM $tbl_course"; $sql = "SELECT count(*) as num_courses FROM $tbl_course";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$num_row = Database::fetch_array($result); $num_row = Database::fetch_array($result);
if($num_row['num_courses']>1000) if($num_row['num_courses']>1000)
{//if there are too much num_courses to gracefully handle with the HTML select list, {//if there are too much num_courses to gracefully handle with the HTML select list,
@ -128,12 +128,12 @@ $sql = "SELECT id, name FROM $tbl_session
WHERE name LIKE '".$first_letter_session."%' OR name LIKE '".api_strtolower($first_letter_session)."%' WHERE name LIKE '".$first_letter_session."%' OR name LIKE '".api_strtolower($first_letter_session)."%'
ORDER BY name DESC "; ORDER BY name DESC ";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_sessions = Database::store_result($result); $db_sessions = Database::store_result($result);
unset($result); unset($result);
$sql = "SELECT id, url FROM $tbl_access_url WHERE active=1 ORDER BY url"; $sql = "SELECT id, url FROM $tbl_access_url WHERE active=1 ORDER BY url";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_urls = Database::store_result($result); $db_urls = Database::store_result($result);
unset($result); unset($result);
?> ?>

6
main/admin/access_url_add_users_to_url.php
Unescape View File

@ -118,7 +118,7 @@ if ($_POST['form_sent']) {
if(empty($first_letter_user)) { if(empty($first_letter_user)) {
$sql = "SELECT count(*) as nb_users FROM $tbl_user"; $sql = "SELECT count(*) as nb_users FROM $tbl_user";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$num_row = Database::fetch_array($result); $num_row = Database::fetch_array($result);
if($num_row['nb_users']>1000) { if($num_row['nb_users']>1000) {
//if there are too much users to gracefully handle with the HTML select list, //if there are too much users to gracefully handle with the HTML select list,
@ -133,12 +133,12 @@ $target_name = api_sort_by_first_name() ? 'firstname' : 'lastname';
$sql = "SELECT user_id,lastname,firstname,username FROM $tbl_user $sql = "SELECT user_id,lastname,firstname,username FROM $tbl_user
WHERE ".$target_name." LIKE '".$first_letter_user."%' OR ".$target_name." LIKE '".api_strtolower($first_letter_user)."%' WHERE ".$target_name." LIKE '".$first_letter_user."%' OR ".$target_name." LIKE '".api_strtolower($first_letter_user)."%'
ORDER BY ". (count($users) > 0 ? "(user_id IN(".implode(',', $users).")) DESC," : "")." ".$target_name; ORDER BY ". (count($users) > 0 ? "(user_id IN(".implode(',', $users).")) DESC," : "")." ".$target_name;
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_users = Database::store_result($result); $db_users = Database::store_result($result);
unset($result); unset($result);
$sql = "SELECT id, url FROM $tbl_access_url WHERE active=1 ORDER BY url"; $sql = "SELECT id, url FROM $tbl_access_url WHERE active=1 ORDER BY url";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_urls = Database::store_result($result); $db_urls = Database::store_result($result);
unset($result); unset($result);
?> ?>

2
main/admin/access_url_edit_courses_to_url.php
Unescape View File

@ -165,7 +165,7 @@ if($ajax_search) {
$sql="SELECT code, title $sql="SELECT code, title
FROM $tbl_course u FROM $tbl_course u
ORDER BY title, code"; ORDER BY title, code";
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$courses=Database::store_result($result); $courses=Database::store_result($result);
$course_list_leys = array_keys($course_list); $course_list_leys = array_keys($course_list);
foreach($courses as $course) { foreach($courses as $course) {

2
main/admin/access_url_edit_sessions_to_url.php
Unescape View File

@ -164,7 +164,7 @@ if($ajax_search) {
$sql="SELECT id, name $sql="SELECT id, name
FROM $tbl_session u FROM $tbl_session u
ORDER BY name, id"; ORDER BY name, id";
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$sessions=Database::store_result($result); $sessions=Database::store_result($result);
$session_list_leys = array_keys($session_list); $session_list_leys = array_keys($session_list);
foreach($sessions as $session) { foreach($sessions as $session) {

2
main/admin/access_url_edit_users_to_url.php
Unescape View File

@ -159,7 +159,7 @@ if($ajax_search) {
$sql="SELECT u.user_id, lastname, firstname, username $sql="SELECT u.user_id, lastname, firstname, username
FROM $tbl_user u". FROM $tbl_user u".
$order_clause; $order_clause;
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Users=Database::store_result($result); $Users=Database::store_result($result);
$user_list_leys = array_keys($sessionUsersList); $user_list_leys = array_keys($sessionUsersList);
foreach($Users as $user) { foreach($Users as $user) {

18
main/admin/add_courses_to_session.php
Unescape View File

@ -54,7 +54,7 @@ if(isset($_GET['add_type']) && $_GET['add_type']!=''){
if (!api_is_platform_admin()) { if (!api_is_platform_admin()) {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session; $sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
$rs = Database::query($sql,__FILE__,__LINE__); $rs = Database::query($sql);
if (Database::result($rs,0,0)!=$_user['user_id']) { if (Database::result($rs,0,0)!=$_user['user_id']) {
api_not_allowed(true); api_not_allowed(true);
} }
@ -122,7 +122,7 @@ if ($_POST['formSent']) {
$sql="SELECT id_user $sql="SELECT id_user
FROM $tbl_session_rel_user FROM $tbl_session_rel_user
WHERE id_session = $id_session"; WHERE id_session = $id_session";
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$UserList=Database::store_result($result); $UserList=Database::store_result($result);
@ -136,19 +136,19 @@ if ($_POST['formSent']) {
} }
if(!$exists) { if(!$exists) {
$sql_insert_rel_course= "INSERT INTO $tbl_session_rel_course(id_session,course_code) VALUES('$id_session','$enreg_course')"; $sql_insert_rel_course= "INSERT INTO $tbl_session_rel_course(id_session,course_code) VALUES('$id_session','$enreg_course')";
Database::query($sql_insert_rel_course ,__FILE__,__LINE__); Database::query($sql_insert_rel_course );
//We add in the existing courses table the current course, to not try to add another time the current course //We add in the existing courses table the current course, to not try to add another time the current course
$existingCourses[]=array('course_code'=>$enreg_course); $existingCourses[]=array('course_code'=>$enreg_course);
$nbr_users=0; $nbr_users=0;
foreach ($UserList as $enreg_user) { foreach ($UserList as $enreg_user) {
$enreg_user = Database::escape_string($enreg_user['id_user']); $enreg_user = Database::escape_string($enreg_user['id_user']);
$sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')"; $sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')";
Database::query($sql_insert,__FILE__,__LINE__); Database::query($sql_insert);
if(Database::affected_rows()) { if(Database::affected_rows()) {
$nbr_users++; $nbr_users++;
} }
} }
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'");
} }
} }
@ -161,7 +161,7 @@ if ($_POST['formSent']) {
} }
} }
$nbr_courses=count($CourseList); $nbr_courses=count($CourseList);
Database::query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session SET nbr_courses=$nbr_courses WHERE id='$id_session'");
if(isset($_GET['add'])) if(isset($_GET['add']))
header('Location: add_users_to_session.php?id_session='.$id_session.'&add=true'); header('Location: add_users_to_session.php?id_session='.$id_session.'&add=true');
@ -196,7 +196,7 @@ echo '<div class="row"><div class="form_header">'.$tool_name.' ('.$session_info[
/*$sql = 'SELECT COUNT(1) FROM '.$tbl_course; /*$sql = 'SELECT COUNT(1) FROM '.$tbl_course;
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$count_courses = Database::result($rs, 0, 0);*/ $count_courses = Database::result($rs, 0, 0);*/
$ajax_search = $add_type == 'unique' ? true : false; $ajax_search = $add_type == 'unique' ? true : false;
@ -227,7 +227,7 @@ if ($ajax_search) {
} }
} }
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Courses=Database::store_result($result); $Courses=Database::store_result($result);
foreach($Courses as $course) { foreach($Courses as $course) {
@ -257,7 +257,7 @@ if ($ajax_search) {
} }
} }
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Courses=Database::store_result($result); $Courses=Database::store_result($result);
foreach($Courses as $course) { foreach($Courses as $course) {
if ($course['id_session'] == $id_session) { if ($course['id_session'] == $id_session) {

10
main/admin/add_many_session_to_category.php
Unescape View File

@ -52,7 +52,7 @@ if(isset($_GET['add_type']) && $_GET['add_type']!=''){
if (!api_is_platform_admin()) { if (!api_is_platform_admin()) {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session; $sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
$rs = Database::query($sql,__FILE__,__LINE__); $rs = Database::query($sql);
if (Database::result($rs,0,0)!=$_user['user_id']) { if (Database::result($rs,0,0)!=$_user['user_id']) {
api_not_allowed(true); api_not_allowed(true);
} }
@ -106,7 +106,7 @@ if ($_POST['formSent']) {
if($Categoryid != 0 && count($SessionCategoryList)>0 ){ if($Categoryid != 0 && count($SessionCategoryList)>0 ){
$session_id = join(',', $SessionCategoryList); $session_id = join(',', $SessionCategoryList);
$sql = "UPDATE $tbl_session SET session_category_id = $Categoryid WHERE id in ($session_id) "; $sql = "UPDATE $tbl_session SET session_category_id = $Categoryid WHERE id in ($session_id) ";
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
header('Location: session_list.php?id_category='.$Categoryid); header('Location: session_list.php?id_category='.$Categoryid);
} else { } else {
header('Location: add_many_session_to_category.php?msg=error'); header('Location: add_many_session_to_category.php?msg=error');
@ -127,16 +127,16 @@ $rows_category_session = array();
if(isset($_POST['CategorySessionId']) && $_POST['formSent'] == 0 ){ if(isset($_POST['CategorySessionId']) && $_POST['formSent'] == 0 ){
$where = 'WHERE session_category_id !='.intval($_POST['CategorySessionId']); $where = 'WHERE session_category_id !='.intval($_POST['CategorySessionId']);
$sql = 'SELECT id, name FROM '.$tbl_session .' WHERE session_category_id ='.intval($_POST['CategorySessionId']).' ORDER BY name'; $sql = 'SELECT id, name FROM '.$tbl_session .' WHERE session_category_id ='.intval($_POST['CategorySessionId']).' ORDER BY name';
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$rows_category_session = Database::store_result($result); $rows_category_session = Database::store_result($result);
} }
$sql = "SELECT id, name FROM $tbl_session_category ORDER BY name"; $sql = "SELECT id, name FROM $tbl_session_category ORDER BY name";
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$rows_session_category = Database::store_result($result); $rows_session_category = Database::store_result($result);
$sql = "SELECT id, name FROM $tbl_session $where ORDER BY name"; $sql = "SELECT id, name FROM $tbl_session $where ORDER BY name";
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$rows_session = Database::store_result($result); $rows_session = Database::store_result($result);
?> ?>
<form name="formulaire" method="post" action="<?php echo api_get_self(); ?>?page=<?php echo $_GET['page']; if(!empty($_GET['add'])) echo '&add=true' ; ?>" style="margin:0px;" <?php if($ajax_search){echo ' onsubmit="valide();"';}?>> <form name="formulaire" method="post" action="<?php echo api_get_self(); ?>?page=<?php echo $_GET['page']; if(!empty($_GET['add'])) echo '&add=true' ; ?>" style="margin:0px;" <?php if($ajax_search){echo ' onsubmit="valide();"';}?>>

184
main/admin/add_users_to_group.php
Unescape View File

@ -55,47 +55,47 @@ function search_users($needle,$type,$relation_type) {
$group_id = intval($group_id); $group_id = intval($group_id);
$relation_type = intval($relation_type); $relation_type = intval($relation_type);
// get user_id from relation type and group id // get user_id from relation type and group id
$sql = "SELECT user_id FROM $tbl_group_rel_user $sql = "SELECT user_id FROM $tbl_group_rel_user
WHERE group_id = '$group_id' WHERE group_id = '$group_id'
AND relation_type IN (".GROUP_USER_PERMISSION_ADMIN.",".GROUP_USER_PERMISSION_READER.",".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_MODERATOR.") "; AND relation_type IN (".GROUP_USER_PERMISSION_ADMIN.",".GROUP_USER_PERMISSION_READER.",".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_MODERATOR.") ";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$user_ids = array(); $user_ids = array();
if (Database::num_rows($res) > 0) { if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) { while ($row = Database::fetch_row($res)) {
$user_ids[] = $row[0]; $user_ids[] = $row[0];
} }
$without_user_id = " AND user_id NOT IN(".implode(',',$user_ids).") "; $without_user_id = " AND user_id NOT IN(".implode(',',$user_ids).") ";
} }
if ($relation_type==GROUP_USER_PERMISSION_PENDING_INVITATION) { if ($relation_type==GROUP_USER_PERMISSION_PENDING_INVITATION) {
$condition_relation = " AND groups.relation_type IN (".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_READER.") "; $condition_relation = " AND groups.relation_type IN (".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_READER.") ";
} else { } else {
$condition_relation = " AND groups.relation_type = '$relation_type' "; $condition_relation = " AND groups.relation_type = '$relation_type' ";
} }
// data for destination user list // data for destination user list
$sql = "SELECT user.user_id, user.username, user.lastname, user.firstname $sql = "SELECT user.user_id, user.username, user.lastname, user.firstname
FROM $tbl_group_rel_user groups FROM $tbl_group_rel_user groups
INNER JOIN $tbl_user user ON user.user_id = groups.user_id INNER JOIN $tbl_user user ON user.user_id = groups.user_id
WHERE groups.group_id = '$group_id' $condition_relation "; WHERE groups.group_id = '$group_id' $condition_relation ";
$rs_destination = Database::query($sql,__FILE__,__LINE__); $rs_destination = Database::query($sql);
if (Database::num_rows($rs_destination) > 0) { if (Database::num_rows($rs_destination) > 0) {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;">'; $return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($row = Database::fetch_array($rs_destination)) { while ($row = Database::fetch_array($rs_destination)) {
$person_name = api_get_person_name($row['firstname'], $row['lastname']); $person_name = api_get_person_name($row['firstname'], $row['lastname']);
$return_destination .= '<option value="'.$row['user_id'].'">'.$person_name.' ('.$row['username'].')</option>'; $return_destination .= '<option value="'.$row['user_id'].'">'.$person_name.' ('.$row['username'].')</option>';
} }
$return_destination .= '</select>'; $return_destination .= '</select>';
} else { } else {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>'; $return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
} }
$xajax_response -> addAssign('ajax_destination_list','innerHTML',api_utf8_encode($return_destination)); $xajax_response -> addAssign('ajax_destination_list','innerHTML',api_utf8_encode($return_destination));
} else { } else {
$return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>'; $return_destination .= '<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"></select>';
$xajax_response -> addAssign('ajax_destination_list','innerHTML',api_utf8_encode($return_destination)); $xajax_response -> addAssign('ajax_destination_list','innerHTML',api_utf8_encode($return_destination));
if ($type == 'single') { if ($type == 'single') {
$return.= ''; $return.= '';
$xajax_response -> addAssign('ajax_list_users_single','innerHTML',api_utf8_encode($return)); $xajax_response -> addAssign('ajax_list_users_single','innerHTML',api_utf8_encode($return));
@ -104,24 +104,24 @@ function search_users($needle,$type,$relation_type) {
$xajax_response -> addAssign('ajax_origin_list_multiple','innerHTML',api_utf8_encode($return_origin)); $xajax_response -> addAssign('ajax_origin_list_multiple','innerHTML',api_utf8_encode($return_origin));
} }
} }
if (!empty($needle) && !empty($type)) { if (!empty($needle) && !empty($type)) {
// xajax send utf8 datas... datas in db can be non-utf8 datas // xajax send utf8 datas... datas in db can be non-utf8 datas
$charset = api_get_setting('platform_charset'); $charset = api_get_setting('platform_charset');
$needle = Database::escape_string($needle); $needle = Database::escape_string($needle);
$needle = api_convert_encoding($needle, $charset, 'utf-8'); $needle = api_convert_encoding($needle, $charset, 'utf-8');
$user_anonymous=api_get_anonymous_id(); $user_anonymous=api_get_anonymous_id();
$tbl_user_rel_access_url= Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); $tbl_user_rel_access_url= Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username'; $order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
if ($type == 'single') { if ($type == 'single') {
if (!empty($group_id) && !empty($relation_type)) { if (!empty($group_id) && !empty($relation_type)) {
// search users where username or firstname or lastname begins likes $needle // search users where username or firstname or lastname begins likes $needle
$sql = "SELECT user_id, username, lastname, firstname FROM $tbl_user user $sql = "SELECT user_id, username, lastname, firstname FROM $tbl_user user
WHERE (username LIKE '$needle%' OR firstname LIKE '$needle%' OR lastname LIKE '$needle%') WHERE (username LIKE '$needle%' OR firstname LIKE '$needle%' OR lastname LIKE '$needle%')
AND user_id<>'$user_anonymous' $without_user_id $order_clause LIMIT 11"; AND user_id<>'$user_anonymous' $without_user_id $order_clause LIMIT 11";
if ($_configuration['multiple_access_urls']==true) { if ($_configuration['multiple_access_urls']==true) {
$access_url_id = api_get_current_access_url_id(); $access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) { if ($access_url_id != -1) {
$sql = "SELECT user.user_id, username, lastname, firstname FROM $tbl_user user $sql = "SELECT user.user_id, username, lastname, firstname FROM $tbl_user user
@ -130,7 +130,7 @@ function search_users($needle,$type,$relation_type) {
AND user.user_id<>'$user_anonymous' $without_user_id $order_clause LIMIT 11 "; AND user.user_id<>'$user_anonymous' $without_user_id $order_clause LIMIT 11 ";
} }
} }
$rs_single = Database::query($sql, __FILE__, __LINE__); $rs_single = Database::query($sql);
$i=0; $i=0;
while ($user = Database :: fetch_array($rs_single)) { while ($user = Database :: fetch_array($rs_single)) {
$i++; $i++;
@ -141,37 +141,37 @@ function search_users($needle,$type,$relation_type) {
$return .= '...<br />'; $return .= '...<br />';
} }
} }
$xajax_response -> addAssign('ajax_list_users_single','innerHTML',api_utf8_encode($return)); $xajax_response -> addAssign('ajax_list_users_single','innerHTML',api_utf8_encode($return));
} else { } else {
$xajax_response ->addAlert(get_lang('YouMustChooseARelationType')); $xajax_response ->addAlert(get_lang('YouMustChooseARelationType'));
$xajax_response->addClear('user_to_add', 'value'); $xajax_response->addClear('user_to_add', 'value');
} }
} else { } else {
// multiple // multiple
if (!empty($group_id) && !empty($relation_type)) { if (!empty($group_id) && !empty($relation_type)) {
$sql = "SELECT user_id, username, lastname, firstname FROM $tbl_user user $sql = "SELECT user_id, username, lastname, firstname FROM $tbl_user user
WHERE ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND user_id<>'$user_anonymous' $without_user_id $order_clause "; WHERE ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND user_id<>'$user_anonymous' $without_user_id $order_clause ";
if ($_configuration['multiple_access_urls']==true) { if ($_configuration['multiple_access_urls']==true) {
$access_url_id = api_get_current_access_url_id(); $access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) { if ($access_url_id != -1) {
$sql = "SELECT user.user_id, username, lastname, firstname FROM $tbl_user user $sql = "SELECT user.user_id, username, lastname, firstname FROM $tbl_user user
INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id=user.user_id) INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id=user.user_id)
WHERE access_url_id = '$access_url_id' WHERE access_url_id = '$access_url_id'
AND ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%'
AND user.user_id<>'$user_anonymous' $without_user_id $order_clause "; AND user.user_id<>'$user_anonymous' $without_user_id $order_clause ";
} }
} }
$rs_multiple = Database::query($sql, __FILE__, __LINE__); $rs_multiple = Database::query($sql);
$return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;">'; $return_origin .= '<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;">';
while ($user = Database :: fetch_array($rs_multiple)) { while ($user = Database :: fetch_array($rs_multiple)) {
$person_name = api_get_person_name($user['firstname'], $user['lastname']); $person_name = api_get_person_name($user['firstname'], $user['lastname']);
$return_origin .= '<option value="'.$user['user_id'].'">'.$person_name.' ('.$user['username'].')</option>'; $return_origin .= '<option value="'.$user['user_id'].'">'.$person_name.' ('.$user['username'].')</option>';
} }
$return_origin .= '</select>'; $return_origin .= '</select>';
$xajax_response -> addAssign('ajax_origin_list_multiple','innerHTML',api_utf8_encode($return_origin)); $xajax_response -> addAssign('ajax_origin_list_multiple','innerHTML',api_utf8_encode($return_origin));
} }
} }
} }
return $xajax_response; return $xajax_response;
} }
@ -223,33 +223,33 @@ $users=$sessions=array();
$noPHP_SELF=true; $noPHP_SELF=true;
$group_info = GroupPortalManager::get_group_data($group_id); $group_info = GroupPortalManager::get_group_data($group_id);
$group_name = $group_info['name']; $group_name = $group_info['name'];
Display::display_header($group_name); Display::display_header($group_name);
if($_POST['form_sent']) { if($_POST['form_sent']) {
$form_sent = $_POST['form_sent']; $form_sent = $_POST['form_sent'];
$firstLetterUser = $_POST['firstLetterUser']; $firstLetterUser = $_POST['firstLetterUser'];
$UserList = $_POST['sessionUsersList']; $UserList = $_POST['sessionUsersList'];
$group_id = intval($_POST['id']); $group_id = intval($_POST['id']);
$relation_type = intval($_POST['relation']); $relation_type = intval($_POST['relation']);
if(!is_array($UserList)) { if(!is_array($UserList)) {
$UserList=array(); $UserList=array();
} }
if ($form_sent == 1) { if ($form_sent == 1) {
if ($relation_type == GROUP_USER_PERMISSION_PENDING_INVITATION) { if ($relation_type == GROUP_USER_PERMISSION_PENDING_INVITATION) {
$relations = array(GROUP_USER_PERMISSION_PENDING_INVITATION,GROUP_USER_PERMISSION_READER); $relations = array(GROUP_USER_PERMISSION_PENDING_INVITATION,GROUP_USER_PERMISSION_READER);
$users_by_group = GroupPortalManager::get_users_by_group($group_id,null,$relations); $users_by_group = GroupPortalManager::get_users_by_group($group_id,null,$relations);
$user_id_relation = array_keys($users_by_group); $user_id_relation = array_keys($users_by_group);
$user_relation_diff = array_diff($user_id_relation,$UserList); $user_relation_diff = array_diff($user_id_relation,$UserList);
foreach ($user_relation_diff as $user_id) { foreach ($user_relation_diff as $user_id) {
GroupPortalManager::delete_user_rel_group($user_id,$group_id); GroupPortalManager::delete_user_rel_group($user_id,$group_id);
} }
} else { } else {
GroupPortalManager::delete_users($group_id, $relation_type); GroupPortalManager::delete_users($group_id, $relation_type);
} }
$result = GroupPortalManager::add_users_to_groups($UserList, array($group_id), $relation_type); $result = GroupPortalManager::add_users_to_groups($UserList, array($group_id), $relation_type);
Display :: display_confirmation_message(get_lang('UsersEdited')); Display :: display_confirmation_message(get_lang('UsersEdited'));
} }
@ -261,110 +261,110 @@ $ajax_search = $add_type == 'unique' ? true : false;
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username'; $order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
if ($ajax_search) { if ($ajax_search) {
// data for destination list // data for destination list
if (isset($_POST['id']) && isset($_POST['relation'])) { if (isset($_POST['id']) && isset($_POST['relation'])) {
// data for destination user list // data for destination user list
$id = intval($_POST['id']); $id = intval($_POST['id']);
$relation_type = intval($_POST['relation']); $relation_type = intval($_POST['relation']);
$condition_relation = ""; $condition_relation = "";
if ($relation_type==GROUP_USER_PERMISSION_PENDING_INVITATION) { if ($relation_type==GROUP_USER_PERMISSION_PENDING_INVITATION) {
$condition_relation = " AND groups.relation_type IN (".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_READER.") "; $condition_relation = " AND groups.relation_type IN (".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_READER.") ";
} else { } else {
$condition_relation = " AND groups.relation_type = '$relation_type' "; $condition_relation = " AND groups.relation_type = '$relation_type' ";
} }
$sql = "SELECT user.user_id, user.username, user.lastname, user.firstname $sql = "SELECT user.user_id, user.username, user.lastname, user.firstname
FROM $tbl_group_rel_user groups FROM $tbl_group_rel_user groups
INNER JOIN $tbl_user user ON user.user_id = groups.user_id INNER JOIN $tbl_user user ON user.user_id = groups.user_id
WHERE groups.group_id = '$id' $condition_relation "; WHERE groups.group_id = '$id' $condition_relation ";
$rs_destination = Database::query($sql,__FILE__,__LINE__); $rs_destination = Database::query($sql);
if (Database::num_rows($rs_destination) > 0) { if (Database::num_rows($rs_destination) > 0) {
while ($row_destination_list = Database::fetch_array($rs_destination)) { while ($row_destination_list = Database::fetch_array($rs_destination)) {
$sessionUsersList[$row_destination_list['user_id']] = $row_destination_list ; $sessionUsersList[$row_destination_list['user_id']] = $row_destination_list ;
} }
} }
} }
} else { } else {
$many_users = false; $many_users = false;
$sql = "SELECT count(user_id) FROM $tbl_user user $sql = "SELECT count(user_id) FROM $tbl_user user
WHERE ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND user_id<>'$user_anonymous' $without_user_id "; WHERE ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND user_id<>'$user_anonymous' $without_user_id ";
if ($_configuration['multiple_access_urls']==true) { if ($_configuration['multiple_access_urls']==true) {
$access_url_id = api_get_current_access_url_id(); $access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) { if ($access_url_id != -1) {
$sql = "SELECT count(user.user_id) FROM $tbl_user user $sql = "SELECT count(user.user_id) FROM $tbl_user user
INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id=user.user_id) INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id=user.user_id)
WHERE access_url_id = '$access_url_id' WHERE access_url_id = '$access_url_id'
AND ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%'
AND user.user_id<>'$user_anonymous' $without_user_id "; AND user.user_id<>'$user_anonymous' $without_user_id ";
} }
} }
$rs_count = Database::query($sql,__FILE__,__LINE__); $rs_count = Database::query($sql);
$row_count = Database::fetch_row($rs_count); $row_count = Database::fetch_row($rs_count);
if ($row_count > 2) $many_users = true; if ($row_count > 2) $many_users = true;
// data for origin list // data for origin list
if (isset($_POST['id']) && isset($_POST['firstLetterUser'])) { if (isset($_POST['id']) && isset($_POST['firstLetterUser'])) {
$id = intval($_POST['id']); $id = intval($_POST['id']);
$needle = Database::escape_string($_POST['firstLetterUser']); $needle = Database::escape_string($_POST['firstLetterUser']);
$needle = api_convert_encoding($needle, $charset, 'utf-8'); $needle = api_convert_encoding($needle, $charset, 'utf-8');
$user_anonymous=api_get_anonymous_id(); $user_anonymous=api_get_anonymous_id();
// get user_id from relation type and group id // get user_id from relation type and group id
$sql = "SELECT user_id FROM $tbl_group_rel_user $sql = "SELECT user_id FROM $tbl_group_rel_user
WHERE group_id = '$id' WHERE group_id = '$id'
AND relation_type IN (".GROUP_USER_PERMISSION_ADMIN.",".GROUP_USER_PERMISSION_READER.",".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_MODERATOR.") "; AND relation_type IN (".GROUP_USER_PERMISSION_ADMIN.",".GROUP_USER_PERMISSION_READER.",".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_MODERATOR.") ";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$user_ids = array(); $user_ids = array();
if (Database::num_rows($res) > 0) { if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) { while ($row = Database::fetch_row($res)) {
$user_ids[] = $row[0]; $user_ids[] = $row[0];
} }
$without_user_id = " AND user_id NOT IN(".implode(',',$user_ids).") "; $without_user_id = " AND user_id NOT IN(".implode(',',$user_ids).") ";
} }
$sql = "SELECT user_id, username, lastname, firstname FROM $tbl_user user $sql = "SELECT user_id, username, lastname, firstname FROM $tbl_user user
WHERE ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND user_id<>'$user_anonymous' $without_user_id $order_clause "; WHERE ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND user_id<>'$user_anonymous' $without_user_id $order_clause ";
if ($_configuration['multiple_access_urls']==true) { if ($_configuration['multiple_access_urls']==true) {
$access_url_id = api_get_current_access_url_id(); $access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) { if ($access_url_id != -1) {
$sql = "SELECT user.user_id, username, lastname, firstname FROM $tbl_user user $sql = "SELECT user.user_id, username, lastname, firstname FROM $tbl_user user
INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id=user.user_id) INNER JOIN $tbl_user_rel_access_url url_user ON (url_user.user_id=user.user_id)
WHERE access_url_id = '$access_url_id' WHERE access_url_id = '$access_url_id'
AND ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%' AND ".(api_sort_by_first_name() ? 'firstname' : 'lastname')." LIKE '$needle%'
AND user.user_id<>'$user_anonymous' $without_user_id $order_clause "; AND user.user_id<>'$user_anonymous' $without_user_id $order_clause ";
} }
} }
$rs_origin_list = Database::query($sql, __FILE__, __LINE__); $rs_origin_list = Database::query($sql);
while ($row_origin_list = Database::fetch_array($rs_origin_list)) { while ($row_origin_list = Database::fetch_array($rs_origin_list)) {
$nosessionUsersList[$row_origin_list['user_id']] = $row_origin_list; $nosessionUsersList[$row_origin_list['user_id']] = $row_origin_list;
} }
} }
// data for destination list // data for destination list
if (isset($_POST['id']) && isset($_POST['relation'])) { if (isset($_POST['id']) && isset($_POST['relation'])) {
// data for destination user list // data for destination user list
$id = intval($_POST['id']); $id = intval($_POST['id']);
$relation_type = intval($_POST['relation']); $relation_type = intval($_POST['relation']);
if ($relation_type==GROUP_USER_PERMISSION_PENDING_INVITATION) { if ($relation_type==GROUP_USER_PERMISSION_PENDING_INVITATION) {
$condition_relation = " AND groups.relation_type IN (".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_READER.") "; $condition_relation = " AND groups.relation_type IN (".GROUP_USER_PERMISSION_PENDING_INVITATION.",".GROUP_USER_PERMISSION_READER.") ";
} else { } else {
$condition_relation = " AND groups.relation_type = '$relation_type' "; $condition_relation = " AND groups.relation_type = '$relation_type' ";
} }
$sql = "SELECT user.user_id, user.username, user.lastname, user.firstname $sql = "SELECT user.user_id, user.username, user.lastname, user.firstname
FROM $tbl_group_rel_user groups FROM $tbl_group_rel_user groups
INNER JOIN $tbl_user user ON user.user_id = groups.user_id INNER JOIN $tbl_user user ON user.user_id = groups.user_id
WHERE groups.group_id = '$id' $condition_relation "; WHERE groups.group_id = '$id' $condition_relation ";
$rs_destination = Database::query($sql,__FILE__,__LINE__); $rs_destination = Database::query($sql);
if (Database::num_rows($rs_destination) > 0) { if (Database::num_rows($rs_destination) > 0) {
while ($row_destination_list = Database::fetch_array($rs_destination)) { while ($row_destination_list = Database::fetch_array($rs_destination)) {
$sessionUsersList[$row_destination_list['user_id']] = $row_destination_list ; $sessionUsersList[$row_destination_list['user_id']] = $row_destination_list ;
} }
} }
} }
} }
@ -453,7 +453,7 @@ if(!empty($errorMsg)) {
<select name="firstLetterUser" id="firstLetterUser" onchange = "xajax_search_users(this.value,'multiple',document.getElementById('relation').value)" > <select name="firstLetterUser" id="firstLetterUser" onchange = "xajax_search_users(this.value,'multiple',document.getElementById('relation').value)" >
<option value = "%"><?php echo get_lang('All') ?></option> <option value = "%"><?php echo get_lang('All') ?></option>
<?php <?php
$selected_letter = isset($_POST['firstLetterUser'])?$_POST['firstLetterUser']:''; $selected_letter = isset($_POST['firstLetterUser'])?$_POST['firstLetterUser']:'';
echo Display :: get_alphabet_options($selected_letter); echo Display :: get_alphabet_options($selected_letter);
?> ?>
</select> </select>
@ -476,14 +476,14 @@ if(!empty($errorMsg)) {
<div id="ajax_origin_list_multiple"> <div id="ajax_origin_list_multiple">
<select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;"> <select id="origin_users" name="nosessionUsersList[]" multiple="multiple" size="15" style="width:360px;">
<?php <?php
if (!empty($nosessionUsersList)) { if (!empty($nosessionUsersList)) {
foreach($nosessionUsersList as $enreg) { foreach($nosessionUsersList as $enreg) {
?> ?>
<option value="<?php echo $enreg['user_id']; ?>" > <?php echo $enreg['firstname'].' '.$enreg['lastname'].' ('.$enreg['username'].')'; ?></option> <option value="<?php echo $enreg['user_id']; ?>" > <?php echo $enreg['firstname'].' '.$enreg['lastname'].' ('.$enreg['username'].')'; ?></option>
<?php <?php
} }
} }
?> ?>
</select> </select>
</div> </div>
@ -511,12 +511,12 @@ if(!empty($errorMsg)) {
</td> </td>
<td align="center"> <td align="center">
<div id="ajax_destination_list"> <div id="ajax_destination_list">
<select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;"> <select id="destination_users" name="sessionUsersList[]" multiple="multiple" size="15" style="width:360px;">
<?php <?php
if (!empty($sessionUsersList)) { if (!empty($sessionUsersList)) {
foreach($sessionUsersList as $enreg) { ?> foreach($sessionUsersList as $enreg) { ?>
<option value="<?php echo $enreg['user_id']; ?>"><?php echo $enreg['firstname'].' '.$enreg['lastname'].' ('.$enreg['username'].')'; ?></option> <option value="<?php echo $enreg['user_id']; ?>"><?php echo $enreg['firstname'].' '.$enreg['lastname'].' ('.$enreg['username'].')'; ?></option>
<?php } <?php }
} unset($sessionUsersList);?> } unset($sessionUsersList);?>
</select> </select>
</div> </div>
@ -573,7 +573,7 @@ function mysort(a, b){
} }
function valide() { function valide() {
var relation_select = document.getElementById('relation'); var relation_select = document.getElementById('relation');
if (relation_select && relation_select.value=="") { if (relation_select && relation_select.value=="") {
alert("<?php echo get_lang('YouMustChooseARelationType')?>"); alert("<?php echo get_lang('YouMustChooseARelationType')?>");

16
main/admin/add_users_to_session.php
Unescape View File

@ -53,7 +53,7 @@ if(isset($_REQUEST['add_type']) && $_REQUEST['add_type']!=''){
if (!api_is_platform_admin()) { if (!api_is_platform_admin()) {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session; $sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
$rs = Database::query($sql,__FILE__,__LINE__); $rs = Database::query($sql);
if(Database::result($rs,0,0)!=$_user['user_id']) { if(Database::result($rs,0,0)!=$_user['user_id']) {
api_not_allowed(true); api_not_allowed(true);
} }
@ -93,7 +93,7 @@ function search_users($needle,$type)
$id_session = Database::escape_string($id_session); $id_session = Database::escape_string($id_session);
// check id_user from session_rel_user table // check id_user from session_rel_user table
$sql = 'SELECT id_user FROM '.$tbl_session_rel_user.' WHERE id_session ="'.(int)$id_session.'"'; $sql = 'SELECT id_user FROM '.$tbl_session_rel_user.' WHERE id_session ="'.(int)$id_session.'"';
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$user_ids = array(); $user_ids = array();
if (Database::num_rows($res) > 0) { if (Database::num_rows($res) > 0) {
while ($row = Database::fetch_row($res)) { while ($row = Database::fetch_row($res)) {
@ -143,7 +143,7 @@ function search_users($needle,$type)
} }
} }
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$i=0; $i=0;
if ($type=='single') { if ($type=='single') {
while ($user = Database :: fetch_array($rs)) { while ($user = Database :: fetch_array($rs)) {
@ -264,7 +264,7 @@ Display::display_header($tool_name);
$nosessionUsersList = $sessionUsersList = array(); $nosessionUsersList = $sessionUsersList = array();
/*$sql = 'SELECT COUNT(1) FROM '.$tbl_user; /*$sql = 'SELECT COUNT(1) FROM '.$tbl_user;
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$count_courses = Database::result($rs, 0, 0);*/ $count_courses = Database::result($rs, 0, 0);*/
$ajax_search = $add_type == 'unique' ? true : false; $ajax_search = $add_type == 'unique' ? true : false;
global $_configuration; global $_configuration;
@ -292,7 +292,7 @@ if ($ajax_search) {
$order_clause"; $order_clause";
} }
} }
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Users=Database::store_result($result); $Users=Database::store_result($result);
foreach ($Users as $user) { foreach ($Users as $user) {
$sessionUsersList[$user['user_id']] = $user ; $sessionUsersList[$user['user_id']] = $user ;
@ -373,8 +373,8 @@ if ($ajax_search) {
$order_clause"; $order_clause";
} }
} }
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Users=Database::store_result($result); $Users=Database::store_result($result);
//var_dump($_REQUEST['id_session']); //var_dump($_REQUEST['id_session']);
foreach ($Users as $user) { foreach ($Users as $user) {
@ -407,7 +407,7 @@ if ($ajax_search) {
$order_clause"; $order_clause";
} }
} }
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Users=Database::store_result($result); $Users=Database::store_result($result);
foreach($Users as $key_user_list =>$value_user_list) { foreach($Users as $key_user_list =>$value_user_list) {

64
main/admin/calendar.lib.php
Unescape View File

@ -425,7 +425,7 @@ function store_new_agenda_item()
VALUES VALUES
('".$title."','".$content."', '".$start_date."','".$end_date."')"; ('".$title."','".$content."', '".$start_date."','".$end_date."')";
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error()); $result = Database::query($sql) or die (Database::error());
$last_id=Database::insert_id(); $last_id=Database::insert_id();
// store in last_tooledit (first the groups, then the users // store in last_tooledit (first the groups, then the users
@ -475,7 +475,7 @@ function store_new_agenda_item()
{ {
$sql = "INSERT INTO $t_agenda_repeat (cal_id, cal_type, cal_end)" . $sql = "INSERT INTO $t_agenda_repeat (cal_id, cal_type, cal_end)" .
" VALUES ($last_id,'$type',$end)"; " VALUES ($last_id,'$type',$end)";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
} }
} }
} }
@ -532,7 +532,7 @@ function get_agenda_item($id)
} }
if(empty($id)){return $item;} if(empty($id)){return $item;}
$sql = "SELECT * FROM ".$TABLEAGENDA." WHERE id='".$id."'"; $sql = "SELECT * FROM ".$TABLEAGENDA." WHERE id='".$id."'";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
$entry_to_edit = Database::fetch_array($result); $entry_to_edit = Database::fetch_array($result);
$item['title'] = $entry_to_edit["title"]; $item['title'] = $entry_to_edit["title"];
$item['content'] = $entry_to_edit["content"]; $item['content'] = $entry_to_edit["content"];
@ -598,7 +598,7 @@ function save_edit_agenda_item($id,$title,$content,$start_date,$end_date)
start_date='".$start_date."', start_date='".$start_date."',
end_date='".$end_date."' end_date='".$end_date."'
WHERE id='".$id."'"; WHERE id='".$id."'";
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error()); $result = Database::query($sql) or die (Database::error());
return true; return true;
} }
@ -615,18 +615,18 @@ function save_edit_agenda_item($id,$title,$content,$start_date,$end_date)
function delete_agenda_item($id) function delete_agenda_item($id)
{ {
global $_course; global $_course;
$t_agenda = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR); $t_agenda = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR);
$id = intval($id); $id = intval($id);
$sql = "SELECT * FROM $t_agenda WHERE id = '$id'"; $sql = "SELECT * FROM $t_agenda WHERE id = '$id'";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if(Database::num_rows($res) > 0) if(Database::num_rows($res) > 0)
{ {
$sql = "DELETE FROM ".$t_agenda." WHERE id='$id'"; $sql = "DELETE FROM ".$t_agenda." WHERE id='$id'";
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error()); $result = Database::query($sql) or die (Database::error());
api_item_property_update($_course,TOOL_CALENDAR_EVENT,$id,'delete',api_get_user_id()); api_item_property_update($_course,TOOL_CALENDAR_EVENT,$id,'delete',api_get_user_id());
return true; return true;
} }
return false; return false;
} }
/** /**
@ -709,7 +709,7 @@ function display_agenda_items()
if (is_allowed_to_edit() && !api_is_anonymous()) { if (is_allowed_to_edit() && !api_is_anonymous()) {
$sql="SELECT * FROM ".$TABLEAGENDA.' ORDER BY start_date '.$_SESSION['sort']; $sql="SELECT * FROM ".$TABLEAGENDA.' ORDER BY start_date '.$_SESSION['sort'];
//echo "<pre>".$sql."</pre>"; //echo "<pre>".$sql."</pre>";
$result=Database::query($sql,__FILE__,__LINE__) or die(Database::error()); $result=Database::query($sql) or die(Database::error());
$number_items=Database::num_rows($result); $number_items=Database::num_rows($result);
} else { } else {
$number_items = 0; $number_items = 0;
@ -975,12 +975,12 @@ function display_one_agenda_item($agenda_id)
--------------------------------------------------*/ --------------------------------------------------*/
$sql="SELECT * FROM ".$TABLEAGENDA; $sql="SELECT * FROM ".$TABLEAGENDA;
$result=Database::query($sql,__FILE__,__LINE__) or die(Database::error()); $result=Database::query($sql) or die(Database::error());
$number_items=Database::num_rows($result); $number_items=Database::num_rows($result);
$myrow=Database::fetch_array($result); // there should be only one item so no need for a while loop $myrow=Database::fetch_array($result); // there should be only one item so no need for a while loop
$sql_rep = "SELECT * FROM $TABLEAGENDA WHERE id = $agenda_id"; $sql_rep = "SELECT * FROM $TABLEAGENDA WHERE id = $agenda_id";
$res_rep = Database::query($sql_rep,__FILE__,__LINE__); $res_rep = Database::query($sql_rep);
$repeat = false; $repeat = false;
$repeat_id = 0; $repeat_id = 0;
if(Database::num_rows($res_rep)>0) if(Database::num_rows($res_rep)>0)
@ -1151,7 +1151,7 @@ function display_one_agenda_item($agenda_id)
*/ */
function show_group_filter_form() function show_group_filter_form()
{ {
/** @todo this select missing to implement */ /** @todo this select missing to implement */
//$group_list=get_course_groups(); //$group_list=get_course_groups();
echo "<select name=\"select\" onchange=\"MM_jumpMenu('parent',this,0)\">"; echo "<select name=\"select\" onchange=\"MM_jumpMenu('parent',this,0)\">";
@ -1170,7 +1170,7 @@ echo "</select>";
function show_user_filter_form() function show_user_filter_form()
{ {
/** @todo this select missing to implement */ /** @todo this select missing to implement */
//$user_list=get_course_users(); //$user_list=get_course_users();
echo "<select name=\"select\" onchange=\"MM_jumpMenu('parent',this,0)\">"; echo "<select name=\"select\" onchange=\"MM_jumpMenu('parent',this,0)\">";
@ -1186,8 +1186,8 @@ echo "</select>";
} }
function show_user_group_filter_form() function show_user_group_filter_form()
{ {
/** @todo this select missing to implement */ /** @todo this select missing to implement */
echo "\n<select name=\"select\" onchange=\"MM_jumpMenu('parent',this,0)\">"; echo "\n<select name=\"select\" onchange=\"MM_jumpMenu('parent',this,0)\">";
echo "\n\t<option value=\"agenda.php?user=none\">".get_lang("ShowAll")."</option>"; echo "\n\t<option value=\"agenda.php?user=none\">".get_lang("ShowAll")."</option>";
@ -1671,7 +1671,7 @@ function get_agendaitems($month, $year)
} }
} }
$result = Database::query($sqlquery, __FILE__, __LINE__); $result = Database::query($sqlquery);
while ($item = Database::fetch_array($result)) while ($item = Database::fetch_array($result))
{ {
$agendaday = date('j',strtotime($item['start_date'])); $agendaday = date('j',strtotime($item['start_date']));
@ -1715,7 +1715,7 @@ function display_upcoming_events()
ORDER BY start_date "; ORDER BY start_date ";
//} //}
// if the user is not an administrator of that course // if the user is not an administrator of that course
$result = Database::query($sqlquery, __FILE__, __LINE__); $result = Database::query($sqlquery);
$counter = 0; $counter = 0;
while ($item = Database::fetch_array($result,'ASSOC')) while ($item = Database::fetch_array($result,'ASSOC'))
{ {
@ -1981,7 +1981,7 @@ function get_day_agendaitems($courses_dbs, $month, $year, $day)
//$sqlquery = "SELECT * FROM $agendadb WHERE DAYOFMONTH(day)='$day' AND month(day)='$month' AND year(day)='$year'"; //$sqlquery = "SELECT * FROM $agendadb WHERE DAYOFMONTH(day)='$day' AND month(day)='$month' AND year(day)='$year'";
//echo "abc"; //echo "abc";
//echo $sqlquery; //echo $sqlquery;
$result = Database::query($sqlquery, __FILE__, __LINE__); $result = Database::query($sqlquery);
$portal_url = $_configuration['root_web']; $portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']==true) { if ($_configuration['multiple_access_urls']==true) {
$access_url_id = api_get_current_access_url_id(); $access_url_id = api_get_current_access_url_id();
@ -2092,7 +2092,7 @@ function get_week_agendaitems($courses_dbs, $month, $year, $week = '')
// $sqlquery = "SELECT * FROM $agendadb WHERE (DAYOFMONTH(day)>='$start_day' AND DAYOFMONTH(day)<='$end_day') // $sqlquery = "SELECT * FROM $agendadb WHERE (DAYOFMONTH(day)>='$start_day' AND DAYOFMONTH(day)<='$end_day')
// AND (MONTH(day)>='$start_month' AND MONTH(day)<='$end_month') // AND (MONTH(day)>='$start_month' AND MONTH(day)<='$end_month')
// AND (YEAR(day)>='$start_year' AND YEAR(day)<='$end_year')"; // AND (YEAR(day)>='$start_year' AND YEAR(day)<='$end_year')";
$result = Database::query($sqlquery, __FILE__, __LINE__); $result = Database::query($sqlquery);
$portal_url = $_configuration['root_web']; $portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']==true) { if ($_configuration['multiple_access_urls']==true) {
@ -2185,7 +2185,7 @@ function get_repeated_events_day_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'') .(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'') .(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:''); .(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if(Database::num_rows($res)>0) if(Database::num_rows($res)>0)
{ {
while($row = Database::fetch_array($res)) while($row = Database::fetch_array($res))
@ -2306,7 +2306,7 @@ function get_repeated_events_week_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'') .(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'') .(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:''); .(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if(Database::num_rows($res)>0) if(Database::num_rows($res)>0)
{ {
while($row = Database::fetch_array($res)) while($row = Database::fetch_array($res))
@ -2437,7 +2437,7 @@ function get_repeated_events_month_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'') .(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'') .(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:''); .(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if(Database::num_rows($res)>0) if(Database::num_rows($res)>0)
{ {
while($row = Database::fetch_array($res)) while($row = Database::fetch_array($res))
@ -2608,7 +2608,7 @@ function get_repeated_events_list_view($course_info,$start=0,$end=0,$params)
.(!empty($params['conditions'])?$params['conditions']:'') .(!empty($params['conditions'])?$params['conditions']:'')
.(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'') .(!empty($params['groupby'])?' GROUP BY '.$params['groupby']:'')
.(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:''); .(!empty($params['orderby'])?' ORDER BY '.$params['orderby']:'');
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if(Database::num_rows($res)>0) if(Database::num_rows($res)>0)
{ {
while($row = Database::fetch_array($res)) while($row = Database::fetch_array($res))
@ -2787,7 +2787,7 @@ function is_repeated_event($id,$course=null)
$id = (int) $id; $id = (int) $id;
//$t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT,$course); //$t_agenda_repeat = Database::get_course_table(TABLE_AGENDA_REPEAT,$course);
$sql = "SELECT * FROM $t_agenda_repeat WHERE cal_id = $id"; $sql = "SELECT * FROM $t_agenda_repeat WHERE cal_id = $id";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if(Database::num_rows($res)>0) if(Database::num_rows($res)>0)
{ {
return true; return true;
@ -2864,7 +2864,7 @@ function agenda_add_item($course_info, $title, $content, $db_start_date, $db_end
// check if exists in calendar_event table // check if exists in calendar_event table
$sql = "SELECT * FROM $t_agenda WHERE title='$title' AND content = '$content' AND start_date = '$start_date' $sql = "SELECT * FROM $t_agenda WHERE title='$title' AND content = '$content' AND start_date = '$start_date'
AND end_date = '$end_date' ".(!empty($parent_id)? "AND parent_event_id = '$parent_id'":""); AND end_date = '$end_date' ".(!empty($parent_id)? "AND parent_event_id = '$parent_id'":"");
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
$count = Database::num_rows($result); $count = Database::num_rows($result);
if ($count > 0) { if ($count > 0) {
return false; return false;
@ -2875,7 +2875,7 @@ function agenda_add_item($course_info, $title, $content, $db_start_date, $db_end
VALUES VALUES
('".$title."','".$content."', '".$start_date."','".$end_date."')"; ('".$title."','".$content."', '".$start_date."','".$end_date."')";
$result = Database::query($sql,__FILE__,__LINE__) or die (Database::error()); $result = Database::query($sql) or die (Database::error());
$last_id=Database::insert_id(); $last_id=Database::insert_id();
// add a attachment file in agenda // add a attachment file in agenda
@ -2884,7 +2884,7 @@ function agenda_add_item($course_info, $title, $content, $db_start_date, $db_end
// store in last_tooledit (first the groups, then the users // store in last_tooledit (first the groups, then the users
$done = false; $done = false;
//(This part of this code is not been used) //(This part of this code is not been used)
/* if ((!is_null($to))or (!empty($_SESSION['toolgroup']))) // !is_null($to): when no user is selected we send it to everyone /* if ((!is_null($to))or (!empty($_SESSION['toolgroup']))) // !is_null($to): when no user is selected we send it to everyone
{ {
@ -2954,7 +2954,7 @@ function agenda_add_item($course_info, $title, $content, $db_start_date, $db_end
WHERE MONTH(start_date)='".$month."' AND YEAR(start_date)='".$year."' WHERE MONTH(start_date)='".$month."' AND YEAR(start_date)='".$year."'
GROUP BY id ". GROUP BY id ".
"ORDER BY start_date "; "ORDER BY start_date ";
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
while ($row=Database::fetch_array($result)) { while ($row=Database::fetch_array($result)) {
$datum_item=(int)substr($row["start_date"],8,2); $datum_item=(int)substr($row["start_date"],8,2);
@ -2972,7 +2972,7 @@ function agenda_add_repeat_item($course_info,$orig_id,$type,$end,$orig_dest)
// $t_agenda_r = Database::get_course_table(TABLE_AGENDA_REPEAT,$course_info['dbName']); // $t_agenda_r = Database::get_course_table(TABLE_AGENDA_REPEAT,$course_info['dbName']);
//$sql = "SELECT title, content, UNIX_TIMESTAMP(start_date) as sd, UNIX_TIMESTAMP(end_date) as ed FROM $t_agenda WHERE id = $orig_id"; //$sql = "SELECT title, content, UNIX_TIMESTAMP(start_date) as sd, UNIX_TIMESTAMP(end_date) as ed FROM $t_agenda WHERE id = $orig_id";
$sql = "SELECT title, content, start_date as sd, end_date as ed FROM $t_agenda WHERE id = $orig_id"; $sql = "SELECT title, content, start_date as sd, end_date as ed FROM $t_agenda WHERE id = $orig_id";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if(Database::num_rows($res)!==1){return false;} if(Database::num_rows($res)!==1){return false;}
$row = Database::fetch_array($res); $row = Database::fetch_array($res);
//$orig_start = $row['sd']; //$orig_start = $row['sd'];
@ -3016,7 +3016,7 @@ function agenda_add_repeat_item($course_info,$orig_id,$type,$end,$orig_dest)
{ {
$sql = "INSERT INTO $t_agenda_r (cal_id, cal_type, cal_end)" . $sql = "INSERT INTO $t_agenda_r (cal_id, cal_type, cal_end)" .
" VALUES ($orig_id,'$type',$end)"; " VALUES ($orig_id,'$type',$end)";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
switch($type) switch($type)
{ {
case 'daily': case 'daily':

12
main/admin/calendar.php
Unescape View File

@ -42,7 +42,7 @@ $id_session=intval($_GET['id_session']);
if(!api_is_platform_admin()) if(!api_is_platform_admin())
{ {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session; $sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
$rs = Database::query($sql,__FILE__,__LINE__); $rs = Database::query($sql);
if(Database::result($rs,0,0)!=$_user['user_id']) if(Database::result($rs,0,0)!=$_user['user_id'])
{ {
api_not_allowed(true); api_not_allowed(true);
@ -301,14 +301,14 @@ if (api_is_allowed_to_edit(false,true))
case "delete": case "delete":
$id=(int)$_GET['id']; $id=(int)$_GET['id'];
if( ! (api_is_course_coach() && !api_is_element_in_the_session(TOOL_AGENDA, $id ) ) ) if( ! (api_is_course_coach() && !api_is_element_in_the_session(TOOL_AGENDA, $id ) ) )
{ // a coach can only delete an element belonging to his session { // a coach can only delete an element belonging to his session
if (is_allowed_to_edit() && !api_is_anonymous()) { if (is_allowed_to_edit() && !api_is_anonymous()) {
if (!empty($id)) { if (!empty($id)) {
$res_del = delete_agenda_item($id); $res_del = delete_agenda_item($id);
if ($res_del) { if ($res_del) {
Display::display_normal_message(get_lang("AgendaDeleteSuccess")); Display::display_normal_message(get_lang("AgendaDeleteSuccess"));
} }
} }
} }
} }
if (api_get_setting('display_upcoming_events') == 'true') { if (api_get_setting('display_upcoming_events') == 'true') {

2
main/admin/calendar_view_print.php
Unescape View File

@ -48,7 +48,7 @@ require('../inc/global.inc.php');
$TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR); $TABLEAGENDA = Database::get_main_table(TABLE_MAIN_SYSTEM_CALENDAR);
$sql = "SELECT * FROM $TABLEAGENDA WHERE id IN($id) ORDER BY start_date DESC"; $sql = "SELECT * FROM $TABLEAGENDA WHERE id IN($id) ORDER BY start_date DESC";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
?> ?>
<html> <html>

4
main/admin/class_list.php
Unescape View File

@ -45,7 +45,7 @@ function get_number_of_classes() {
if (isset ($_GET['keyword'])) { if (isset ($_GET['keyword'])) {
$sql .= " WHERE (name LIKE '%".Database::escape_string(trim($_GET['keyword']))."%')"; $sql .= " WHERE (name LIKE '%".Database::escape_string(trim($_GET['keyword']))."%')";
} }
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
return $obj->number_of_classes; return $obj->number_of_classes;
} }
@ -71,7 +71,7 @@ function get_class_data($from, $number_of_items, $column, $direction) {
$sql .= " WHERE (name LIKE '%".Database::escape_string(trim($_GET['keyword']))."%')"; $sql .= " WHERE (name LIKE '%".Database::escape_string(trim($_GET['keyword']))."%')";
} }
$sql .= " GROUP BY id,name ORDER BY col$column $direction LIMIT $from,$number_of_items"; $sql .= " GROUP BY id,name ORDER BY col$column $direction LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$classes = array (); $classes = array ();
while ($class = Database::fetch_row($res)) { while ($class = Database::fetch_row($res)) {
$classes[] = $class; $classes[] = $class;

8
main/admin/class_user_import.php
Unescape View File

@ -52,7 +52,7 @@ function validate_data($user_classes) {
// 2.1.1 Check whether code exists in DB. // 2.1.1 Check whether code exists in DB.
$class_table = Database :: get_main_table(TABLE_MAIN_CLASS); $class_table = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $class_table WHERE name = '".Database::escape_string($user_class['ClassName'])."'"; $sql = "SELECT * FROM $class_table WHERE name = '".Database::escape_string($user_class['ClassName'])."'";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
if (Database::num_rows($res) == 0) { if (Database::num_rows($res) == 0) {
$user_class['error'] = get_lang('CodeDoesNotExists'); $user_class['error'] = get_lang('CodeDoesNotExists');
$errors[] = $user_class; $errors[] = $user_class;
@ -95,10 +95,10 @@ function save_data($users_classes) {
$csv_data = array (); $csv_data = array ();
foreach ($users_classes as $index => $user_class) { foreach ($users_classes as $index => $user_class) {
$sql1 = "SELECT user_id FROM $user_table WHERE username = '".Database::escape_string(UserManager::purify_username($user_class['UserName'], $purification_option_for_usernames))."'"; $sql1 = "SELECT user_id FROM $user_table WHERE username = '".Database::escape_string(UserManager::purify_username($user_class['UserName'], $purification_option_for_usernames))."'";
$res1 = Database::query($sql1, __FILE__, __LINE__); $res1 = Database::query($sql1);
$obj1 = Database::fetch_object($res1); $obj1 = Database::fetch_object($res1);
$sql2 = "SELECT id FROM $class_table WHERE name = '".Database::escape_string(trim($user_class['ClassName']))."'"; $sql2 = "SELECT id FROM $class_table WHERE name = '".Database::escape_string(trim($user_class['ClassName']))."'";
$res2 = Database::query($sql2, __FILE__, __LINE__); $res2 = Database::query($sql2);
$obj2 = Database::fetch_object($res2); $obj2 = Database::fetch_object($res2);
if ($obj1 && $obj2) { if ($obj1 && $obj2) {
$csv_data[$obj1->user_id][$obj2->id] = 1; $csv_data[$obj1->user_id][$obj2->id] = 1;
@ -109,7 +109,7 @@ function save_data($users_classes) {
$db_subscriptions = array(); $db_subscriptions = array();
foreach ($csv_data as $user_id => $csv_subscriptions) { foreach ($csv_data as $user_id => $csv_subscriptions) {
$sql = "SELECT class_id FROM $class_user_table cu WHERE cu.user_id = $user_id"; $sql = "SELECT class_id FROM $class_user_table cu WHERE cu.user_id = $user_id";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
while ($obj = Database::fetch_object($res)) { while ($obj = Database::fetch_object($res)) {
$db_subscriptions[$obj->class_id] = 1; $db_subscriptions[$obj->class_id] = 1;
} }

40
main/admin/configure_extensions.php
Unescape View File

@ -23,19 +23,19 @@ if(isset($_POST['activeExtension'])){
selected_value="true" selected_value="true"
WHERE variable="service_visio" WHERE variable="service_visio"
AND subkey="active"'; AND subkey="active"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
if(Database::affected_rows()>0) if(Database::affected_rows()>0)
{ {
// select all the courses and insert the tool inside // select all the courses and insert the tool inside
$sql = 'SELECT db_name FROM '.Database::get_main_table(TABLE_MAIN_COURSE); $sql = 'SELECT db_name FROM '.Database::get_main_table(TABLE_MAIN_COURSE);
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
while($row = Database::fetch_array($rs)){ while($row = Database::fetch_array($rs)){
if(!empty($_POST['visio_host'])) if(!empty($_POST['visio_host']))
{ {
$tool_table = Database::get_course_table(TABLE_TOOL_LIST,$row['db_name']); $tool_table = Database::get_course_table(TABLE_TOOL_LIST,$row['db_name']);
$select = "SELECT id FROM $tool_table WHERE name='".TOOL_VISIO_CONFERENCE."'"; $select = "SELECT id FROM $tool_table WHERE name='".TOOL_VISIO_CONFERENCE."'";
$selectres = Database::query($select,__FILE__, __LINE__); $selectres = Database::query($select);
if(Database::num_rows($selectres)<1) if(Database::num_rows($selectres)<1)
{ {
$sql = 'INSERT INTO '.$tool_table.' SET $sql = 'INSERT INTO '.$tool_table.' SET
@ -47,10 +47,10 @@ if(isset($_POST['activeExtension'])){
address="squaregrey.gif", address="squaregrey.gif",
target="_self", target="_self",
category="interaction"'; category="interaction"';
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
} }
$select = "SELECT id FROM $tool_table WHERE name='".TOOL_VISIO_CLASSROOM."'"; $select = "SELECT id FROM $tool_table WHERE name='".TOOL_VISIO_CLASSROOM."'";
$selectres = Database::query($select,__FILE__, __LINE__); $selectres = Database::query($select);
if(Database::num_rows($selectres)<1) if(Database::num_rows($selectres)<1)
{ {
$sql = 'INSERT INTO '.$tool_table.' SET $sql = 'INSERT INTO '.$tool_table.' SET
@ -62,7 +62,7 @@ if(isset($_POST['activeExtension'])){
address="squaregrey.gif", address="squaregrey.gif",
target="_self", target="_self",
category="authoring"'; category="authoring"';
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
} }
} }
} }
@ -73,25 +73,25 @@ if(isset($_POST['activeExtension'])){
selected_value="'.Database::escape_string($_POST['visio_host']).'" selected_value="'.Database::escape_string($_POST['visio_host']).'"
WHERE variable="service_visio" WHERE variable="service_visio"
AND subkey="visio_host"'; AND subkey="visio_host"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$sql = 'UPDATE '.$tbl_settings_current.' SET $sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.Database::escape_string($_POST['visio_port']).'" selected_value="'.Database::escape_string($_POST['visio_port']).'"
WHERE variable="service_visio" WHERE variable="service_visio"
AND subkey="visio_port"'; AND subkey="visio_port"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$sql = 'UPDATE '.$tbl_settings_current.' SET $sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.Database::escape_string($_POST['visio_pass']).'" selected_value="'.Database::escape_string($_POST['visio_pass']).'"
WHERE variable="service_visio" WHERE variable="service_visio"
AND subkey="visio_pass"'; AND subkey="visio_pass"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$sql = 'UPDATE '.$tbl_settings_current.' SET $sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.($_POST['visio_use_rtmpt']=='true'?'true':'false').'" selected_value="'.($_POST['visio_use_rtmpt']=='true'?'true':'false').'"
WHERE variable="service_visio" WHERE variable="service_visio"
AND subkey="visio_use_rtmpt"'; AND subkey="visio_use_rtmpt"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
if(empty($message)) if(empty($message))
{ {
@ -109,7 +109,7 @@ if(isset($_POST['activeExtension'])){
WHERE variable="service_ppt2lp" WHERE variable="service_ppt2lp"
AND subkey="active"'; AND subkey="active"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
if(Database::affected_rows()>0){ if(Database::affected_rows()>0){
$message = get_lang('ServiceActivated'); $message = get_lang('ServiceActivated');
@ -119,37 +119,37 @@ if(isset($_POST['activeExtension'])){
selected_value="'.addslashes($_POST['host']).'" selected_value="'.addslashes($_POST['host']).'"
WHERE variable="service_ppt2lp" WHERE variable="service_ppt2lp"
AND subkey="host"'; AND subkey="host"';
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
$sql = 'UPDATE '.$tbl_settings_current.' SET $sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['port']).'" selected_value="'.addslashes($_POST['port']).'"
WHERE variable="service_ppt2lp" WHERE variable="service_ppt2lp"
AND subkey="port"'; AND subkey="port"';
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
$sql = 'UPDATE '.$tbl_settings_current.' SET $sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['ftp_password']).'" selected_value="'.addslashes($_POST['ftp_password']).'"
WHERE variable="service_ppt2lp" WHERE variable="service_ppt2lp"
AND subkey="ftp_password"'; AND subkey="ftp_password"';
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
$sql = 'UPDATE '.$tbl_settings_current.' SET $sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['user']).'" selected_value="'.addslashes($_POST['user']).'"
WHERE variable="service_ppt2lp" WHERE variable="service_ppt2lp"
AND subkey="user"'; AND subkey="user"';
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
$sql = 'UPDATE '.$tbl_settings_current.' SET $sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['path_to_lzx']).'" selected_value="'.addslashes($_POST['path_to_lzx']).'"
WHERE variable="service_ppt2lp" WHERE variable="service_ppt2lp"
AND subkey="path_to_lzx"'; AND subkey="path_to_lzx"';
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
$sql = 'UPDATE '.$tbl_settings_current.' SET $sql = 'UPDATE '.$tbl_settings_current.' SET
selected_value="'.addslashes($_POST['size']).'" selected_value="'.addslashes($_POST['size']).'"
WHERE variable="service_ppt2lp" WHERE variable="service_ppt2lp"
AND subkey="size"'; AND subkey="size"';
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
break; break;
} }
@ -162,7 +162,7 @@ $listActiveServices = array();
// get the list of active services // get the list of active services
$sql = 'SELECT variable FROM '.$tbl_settings_current.' WHERE variable LIKE "service_%" AND subkey="active" and selected_value="true"'; $sql = 'SELECT variable FROM '.$tbl_settings_current.' WHERE variable LIKE "service_%" AND subkey="active" and selected_value="true"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
while($row = Database::fetch_array($rs)){ while($row = Database::fetch_array($rs)){
$listActiveServices[] = $row['variable']; $listActiveServices[] = $row['variable'];
} }
@ -286,7 +286,7 @@ Display::display_header($nameTool);
{ {
$sql = 'SELECT subkey, selected_value FROM '.$tbl_settings_current.' $sql = 'SELECT subkey, selected_value FROM '.$tbl_settings_current.'
WHERE variable = "service_visio"'; WHERE variable = "service_visio"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
while($row = Database::fetch_array($rs,'ASSOC')) while($row = Database::fetch_array($rs,'ASSOC'))
{ {
$defaults[$row['subkey']] = $row['selected_value']; $defaults[$row['subkey']] = $row['selected_value'];
@ -353,7 +353,7 @@ Display::display_header($nameTool);
$sql = 'SELECT subkey, selected_value FROM '.$tbl_settings_current.' $sql = 'SELECT subkey, selected_value FROM '.$tbl_settings_current.'
WHERE variable = "service_ppt2lp" WHERE variable = "service_ppt2lp"
AND subkey <> "active"'; AND subkey <> "active"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
while($row = Database::fetch_array($rs,'ASSOC')) while($row = Database::fetch_array($rs,'ASSOC'))
{ {
$defaults[$row['subkey']] = $row['selected_value']; $defaults[$row['subkey']] = $row['selected_value'];

2
main/admin/configure_homepage.php
Unescape View File

@ -616,7 +616,7 @@ if(!empty($action)) {
} }
else //if $action is empty, then prepare a list of the course categories to display (?) else //if $action is empty, then prepare a list of the course categories to display (?)
{ {
$result=Database::query("SELECT name FROM $tbl_category WHERE parent_id IS NULL ORDER BY tree_pos",__FILE__,__LINE__); $result=Database::query("SELECT name FROM $tbl_category WHERE parent_id IS NULL ORDER BY tree_pos");
$Categories=Database::store_result($result); $Categories=Database::store_result($result);
} }

4
main/admin/course_add.php
Unescape View File

@ -48,7 +48,7 @@ if ($_configuration['multiple_access_urls']==true){
ON (u.user_id=url_rel_user.user_id) WHERE url_rel_user.access_url_id=".api_get_current_access_url_id()." AND status=1".$order_clause; ON (u.user_id=url_rel_user.user_id) WHERE url_rel_user.access_url_id=".api_get_current_access_url_id()." AND status=1".$order_clause;
} }
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$teachers = array(); $teachers = array();
$teachers[0] = '-- '.get_lang('NoManager').' --'; $teachers[0] = '-- '.get_lang('NoManager').' --';
while($obj = Database::fetch_object($res)) while($obj = Database::fetch_object($res))
@ -164,7 +164,7 @@ if( $form->validate()) {
fill_Db_course($currentCourseDbName, $currentCourseRepository, $course_language,$pictures_array); fill_Db_course($currentCourseDbName, $currentCourseRepository, $course_language,$pictures_array);
register_course($currentCourseId, $currentCourseCode, $currentCourseRepository, $currentCourseDbName, $tutor_name, $category, $title, $course_language, $teacher_id, $expiration_date,$course_teachers); register_course($currentCourseId, $currentCourseCode, $currentCourseRepository, $currentCourseDbName, $tutor_name, $category, $title, $course_language, $teacher_id, $expiration_date,$course_teachers);
$sql = "UPDATE $table_course SET disk_quota = '".$disk_quota."', visibility = '".Database::escape_string($course['visibility'])."', subscribe = '".Database::escape_string($course['subscribe'])."', unsubscribe='".Database::escape_string($course['unsubscribe'])."' WHERE code = '".$currentCourseId."'"; $sql = "UPDATE $table_course SET disk_quota = '".$disk_quota."', visibility = '".Database::escape_string($course['visibility'])."', subscribe = '".Database::escape_string($course['subscribe'])."', unsubscribe='".Database::escape_string($course['unsubscribe'])."' WHERE code = '".$currentCourseId."'";
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
header('Location: course_list.php'); header('Location: course_list.php');
exit (); exit ();
} }

46
main/admin/course_category.php
Unescape View File

@ -90,7 +90,7 @@ if(!empty($action))
{ {
$categoryCode=Database::escape_string($_GET['id']); $categoryCode=Database::escape_string($_GET['id']);
$result=Database::query("SELECT name,auth_course_child FROM $tbl_category WHERE code='$categoryCode'",__FILE__,__LINE__); $result=Database::query("SELECT name,auth_course_child FROM $tbl_category WHERE code='$categoryCode'");
list($categoryName,$canHaveCourses)=Database::fetch_row($result); list($categoryName,$canHaveCourses)=Database::fetch_row($result);
@ -117,7 +117,7 @@ Display::display_header($tool_name);
if(!empty($category)) if(!empty($category))
{ {
$myquery = "SELECT * FROM $tbl_category WHERE code ='$category'"; $myquery = "SELECT * FROM $tbl_category WHERE code ='$category'";
$result = Database::query($myquery,__FILE__,__LINE__); $result = Database::query($myquery);
if(Database::num_rows($result)==0) if(Database::num_rows($result)==0)
{ {
$category = ''; $category = '';
@ -127,7 +127,7 @@ if(!empty($category))
if(empty($action)) if(empty($action))
{ {
$myquery="SELECT t1.name,t1.code,t1.parent_id,t1.tree_pos,t1.children_count,COUNT(DISTINCT t3.code) AS nbr_courses FROM $tbl_category t1 LEFT JOIN $tbl_category t2 ON t1.code=t2.parent_id LEFT JOIN $tbl_course t3 ON t3.category_code=t1.code WHERE t1.parent_id ".(empty($category)?"IS NULL":"='$category'")." GROUP BY t1.name,t1.code,t1.parent_id,t1.tree_pos,t1.children_count ORDER BY t1.tree_pos"; $myquery="SELECT t1.name,t1.code,t1.parent_id,t1.tree_pos,t1.children_count,COUNT(DISTINCT t3.code) AS nbr_courses FROM $tbl_category t1 LEFT JOIN $tbl_category t2 ON t1.code=t2.parent_id LEFT JOIN $tbl_course t3 ON t3.category_code=t1.code WHERE t1.parent_id ".(empty($category)?"IS NULL":"='$category'")." GROUP BY t1.name,t1.code,t1.parent_id,t1.tree_pos,t1.children_count ORDER BY t1.tree_pos";
$result=Database::query($myquery,__FILE__,__LINE__); $result=Database::query($myquery);
$Categories=Database::store_result($result); $Categories=Database::store_result($result);
} }
@ -221,7 +221,7 @@ else
if(!empty($category) && empty($action)) if(!empty($category) && empty($action))
{ {
$myquery = "SELECT parent_id FROM $tbl_category WHERE code='$category'"; $myquery = "SELECT parent_id FROM $tbl_category WHERE code='$category'";
$result=Database::query($myquery,__FILE__,__LINE__); $result=Database::query($myquery);
$parent_id = 0; $parent_id = 0;
if(Database::num_rows($result)>0){ if(Database::num_rows($result)>0){
$parent_id=Database::fetch_array($result); $parent_id=Database::fetch_array($result);
@ -283,23 +283,23 @@ function deleteNode($node)
global $tbl_category, $tbl_course; global $tbl_category, $tbl_course;
$node = Database::escape_string($node); $node = Database::escape_string($node);
$result=Database::query("SELECT parent_id,tree_pos FROM $tbl_category WHERE code='$node'",__FILE__,__LINE__); $result=Database::query("SELECT parent_id,tree_pos FROM $tbl_category WHERE code='$node'");
if($row=Database::fetch_array($result)) if($row=Database::fetch_array($result))
{ {
if(!empty($row['parent_id'])) if(!empty($row['parent_id']))
{ {
Database::query("UPDATE $tbl_course SET category_code='".$row['parent_id']."' WHERE category_code='$node'",__FILE__,__LINE__); Database::query("UPDATE $tbl_course SET category_code='".$row['parent_id']."' WHERE category_code='$node'");
Database::query("UPDATE $tbl_category SET parent_id='".$row['parent_id']."' WHERE parent_id='$node'",__FILE__,__LINE__); Database::query("UPDATE $tbl_category SET parent_id='".$row['parent_id']."' WHERE parent_id='$node'");
} }
else else
{ {
Database::query("UPDATE $tbl_course SET category_code='' WHERE category_code='$node'",__FILE__,__LINE__); Database::query("UPDATE $tbl_course SET category_code='' WHERE category_code='$node'");
Database::query("UPDATE $tbl_category SET parent_id=NULL WHERE parent_id='$node'",__FILE__,__LINE__); Database::query("UPDATE $tbl_category SET parent_id=NULL WHERE parent_id='$node'");
} }
Database::query("UPDATE $tbl_category SET tree_pos=tree_pos-1 WHERE tree_pos > '".$row['tree_pos']."'",__FILE__,__LINE__); Database::query("UPDATE $tbl_category SET tree_pos=tree_pos-1 WHERE tree_pos > '".$row['tree_pos']."'");
Database::query("DELETE FROM $tbl_category WHERE code='$node'",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_category WHERE code='$node'");
if(!empty($row['parent_id'])) if(!empty($row['parent_id']))
{ {
@ -317,20 +317,20 @@ function addNode($code,$name,$canHaveCourses,$parent_id)
$name = Database::escape_string($name); $name = Database::escape_string($name);
$parent_id = Database::escape_string($parent_id); $parent_id = Database::escape_string($parent_id);
$result=Database::query("SELECT 1 FROM $tbl_category WHERE code='$code'",__FILE__,__LINE__); $result=Database::query("SELECT 1 FROM $tbl_category WHERE code='$code'");
if(Database::num_rows($result)) if(Database::num_rows($result))
{ {
return false; return false;
} }
$result=Database::query("SELECT MAX(tree_pos) AS maxTreePos FROM $tbl_category",__FILE__,__LINE__); $result=Database::query("SELECT MAX(tree_pos) AS maxTreePos FROM $tbl_category");
$row=Database::fetch_array($result); $row=Database::fetch_array($result);
$tree_pos=$row['maxTreePos']+1; $tree_pos=$row['maxTreePos']+1;
Database::query("INSERT INTO $tbl_category(name,code,parent_id,tree_pos,children_count,auth_course_child) VALUES('$name','$code',".(empty($parent_id)?"NULL":"'$parent_id'").",'$tree_pos','0','$canHaveCourses')",__FILE__,__LINE__); Database::query("INSERT INTO $tbl_category(name,code,parent_id,tree_pos,children_count,auth_course_child) VALUES('$name','$code',".(empty($parent_id)?"NULL":"'$parent_id'").",'$tree_pos','0','$canHaveCourses')");
updateFils($parent_id); updateFils($parent_id);
@ -348,7 +348,7 @@ function editNode($code,$name,$canHaveCourses,$old_code)
if($code != $old_code) if($code != $old_code)
{ {
$result=Database::query("SELECT 1 FROM $tbl_category WHERE code='$code'",__FILE__,__LINE__); $result=Database::query("SELECT 1 FROM $tbl_category WHERE code='$code'");
if(Database::num_rows($result)) if(Database::num_rows($result))
{ {
@ -356,7 +356,7 @@ function editNode($code,$name,$canHaveCourses,$old_code)
} }
} }
Database::query("UPDATE $tbl_category SET name='$name',code='$code',auth_course_child='$canHaveCourses' WHERE code='$old_code'",__FILE__,__LINE__); Database::query("UPDATE $tbl_category SET name='$name',code='$code',auth_course_child='$canHaveCourses' WHERE code='$old_code'");
return true; return true;
} }
@ -368,11 +368,11 @@ function moveNodeUp($code,$tree_pos,$parent_id)
$tree_pos = Database::escape_string($tree_pos); $tree_pos = Database::escape_string($tree_pos);
$parent_id = Database::escape_string($parent_id); $parent_id = Database::escape_string($parent_id);
$result=Database::query("SELECT code,tree_pos FROM $tbl_category WHERE parent_id ".(empty($parent_id)?"IS NULL":"='$parent_id'")." AND tree_pos<'$tree_pos' ORDER BY tree_pos DESC LIMIT 0,1",__FILE__,__LINE__); $result=Database::query("SELECT code,tree_pos FROM $tbl_category WHERE parent_id ".(empty($parent_id)?"IS NULL":"='$parent_id'")." AND tree_pos<'$tree_pos' ORDER BY tree_pos DESC LIMIT 0,1");
if(!$row=Database::fetch_array($result)) if(!$row=Database::fetch_array($result))
{ {
$result=Database::query("SELECT code,tree_pos FROM $tbl_category WHERE parent_id ".(empty($parent_id)?"IS NULL":"='$parent_id'")." AND tree_pos>'$tree_pos' ORDER BY tree_pos DESC LIMIT 0,1",__FILE__,__LINE__); $result=Database::query("SELECT code,tree_pos FROM $tbl_category WHERE parent_id ".(empty($parent_id)?"IS NULL":"='$parent_id'")." AND tree_pos>'$tree_pos' ORDER BY tree_pos DESC LIMIT 0,1");
if(!$row=Database::fetch_array($result)) if(!$row=Database::fetch_array($result))
{ {
@ -380,15 +380,15 @@ function moveNodeUp($code,$tree_pos,$parent_id)
} }
} }
Database::query("UPDATE $tbl_category SET tree_pos='".$row['tree_pos']."' WHERE code='$code'",__FILE__,__LINE__); Database::query("UPDATE $tbl_category SET tree_pos='".$row['tree_pos']."' WHERE code='$code'");
Database::query("UPDATE $tbl_category SET tree_pos='$tree_pos' WHERE code='$row[code]'",__FILE__,__LINE__); Database::query("UPDATE $tbl_category SET tree_pos='$tree_pos' WHERE code='$row[code]'");
} }
function updateFils($category) function updateFils($category)
{ {
global $tbl_category; global $tbl_category;
$category = Database::escape_string($category); $category = Database::escape_string($category);
$result=Database::query("SELECT parent_id FROM $tbl_category WHERE code='$category'",__FILE__,__LINE__); $result=Database::query("SELECT parent_id FROM $tbl_category WHERE code='$category'");
if($row=Database::fetch_array($result)) if($row=Database::fetch_array($result))
{ {
@ -397,14 +397,14 @@ function updateFils($category)
$children_count=compterFils($category,0)-1; $children_count=compterFils($category,0)-1;
Database::query("UPDATE $tbl_category SET children_count='$children_count' WHERE code='$category'",__FILE__,__LINE__); Database::query("UPDATE $tbl_category SET children_count='$children_count' WHERE code='$category'");
} }
function compterFils($pere,$cpt) function compterFils($pere,$cpt)
{ {
global $tbl_category; global $tbl_category;
$pere = Database::escape_string($pere); $pere = Database::escape_string($pere);
$result=Database::query("SELECT code FROM $tbl_category WHERE parent_id='$pere'",__FILE__,__LINE__); $result=Database::query("SELECT code FROM $tbl_category WHERE parent_id='$pere'");
while($row=Database::fetch_array($result)) while($row=Database::fetch_array($result))
{ {

28
main/admin/course_edit.php
Unescape View File

@ -53,7 +53,7 @@ $table_user = Database :: get_main_table(TABLE_MAIN_USER);
//Get the course infos //Get the course infos
$sql = "SELECT * FROM $course_table WHERE code='".Database::escape_string($course_code)."'"; $sql = "SELECT * FROM $course_table WHERE code='".Database::escape_string($course_code)."'";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
if (Database::num_rows($result) != 1) if (Database::num_rows($result) != 1)
{ {
header('Location: course_list.php'); header('Location: course_list.php');
@ -65,7 +65,7 @@ $course = Database::fetch_array($result,'ASSOC');
$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER); $table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' ORDER BY lastname, firstname'; $order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname' : ' ORDER BY lastname, firstname';
$sql = "SELECT user.user_id,lastname,firstname FROM $table_user as user,$table_course_user as course_user WHERE course_user.status='1' AND course_user.user_id=user.user_id AND course_user.course_code='".$course_code."'".$order_clause; $sql = "SELECT user.user_id,lastname,firstname FROM $table_user as user,$table_course_user as course_user WHERE course_user.status='1' AND course_user.user_id=user.user_id AND course_user.course_code='".$course_code."'".$order_clause;
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$course_teachers = array(); $course_teachers = array();
while($obj = Database::fetch_object($res)) while($obj = Database::fetch_object($res))
{ {
@ -74,7 +74,7 @@ while($obj = Database::fetch_object($res))
// Get all possible teachers without the course teachers // Get all possible teachers without the course teachers
$sql = "SELECT user_id,lastname,firstname FROM $table_user WHERE status='1'".$order_clause; $sql = "SELECT user_id,lastname,firstname FROM $table_user WHERE status='1'".$order_clause;
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$teachers = array(); $teachers = array();
$platform_teachers[0] = '-- '.get_lang('NoManager').' --'; $platform_teachers[0] = '-- '.get_lang('NoManager').' --';
@ -95,7 +95,7 @@ while($obj = Database::fetch_object($res))
//Case where there is no teacher in the course //Case where there is no teacher in the course
if(count($course_teachers)==0){ if(count($course_teachers)==0){
$sql='SELECT tutor_name FROM '.$course_table.' WHERE code="'.$course_code.'"'; $sql='SELECT tutor_name FROM '.$course_table.' WHERE code="'.$course_code.'"';
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$tutor_name=Database::result($res,0,0); $tutor_name=Database::result($res,0,0);
$course['tutor_name']=array_search($tutor_name,$platform_teachers); $course['tutor_name']=array_search($tutor_name,$platform_teachers);
} }
@ -220,14 +220,14 @@ if( $form->validate())
// an extra field // an extra field
$extras = array(); $extras = array();
foreach($course as $key => $value) { foreach($course as $key => $value) {
if(substr($key,0,6)=='extra_') { if(substr($key,0,6)=='extra_') {
$extras[substr($key,6)] = $value; $extras[substr($key,6)] = $value;
} }
if(substr($key,0,7)=='_extra_') { if(substr($key,0,7)=='_extra_') {
if(!array_key_exists(substr($key,7), $extras)) $extras[substr($key,7)] = $value; if(!array_key_exists(substr($key,7), $extras)) $extras[substr($key,7)] = $value;
} }
} }
$tutor_id = $course['tutor_name']; $tutor_id = $course['tutor_name'];
$tutor_name=$platform_teachers[$tutor_id]; $tutor_name=$platform_teachers[$tutor_id];
@ -258,29 +258,29 @@ if( $form->validate())
subscribe = '".Database::escape_string($subscribe)."', subscribe = '".Database::escape_string($subscribe)."',
unsubscribe='".Database::escape_string($unsubscribe)."' unsubscribe='".Database::escape_string($unsubscribe)."'
WHERE code='".Database::escape_string($course_code)."'"; WHERE code='".Database::escape_string($course_code)."'";
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
//update the extra fields //update the extra fields
if(count($extras) > 0){ if(count($extras) > 0){
foreach($extras as $key => $value) { foreach($extras as $key => $value) {
CourseManager::update_course_extra_field_value($course_code, $key, $value); CourseManager::update_course_extra_field_value($course_code, $key, $value);
} }
} }
//Delete only teacher relations that doesn't match the selected teachers //Delete only teacher relations that doesn't match the selected teachers
$cond=''; $cond='';
if(count($teachers)>0){ if(count($teachers)>0){
foreach($teachers as $key) $cond.=" AND user_id<>'".$key."'"; foreach($teachers as $key) $cond.=" AND user_id<>'".$key."'";
} }
$sql='DELETE FROM '.$course_user_table.' WHERE course_code="'.Database::escape_string($course_code).'" AND status="1"'.$cond; $sql='DELETE FROM '.$course_user_table.' WHERE course_code="'.Database::escape_string($course_code).'" AND status="1"'.$cond;
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
if(count($teachers)>0){ if(count($teachers)>0){
foreach($teachers as $key){ foreach($teachers as $key){
//We check if the teacher is already subscribed in this course //We check if the teacher is already subscribed in this course
$sql_select_teacher = 'SELECT 1 FROM '.$course_user_table.' WHERE user_id = "'.$key.'" AND course_code = "'.$course_code.'"'; $sql_select_teacher = 'SELECT 1 FROM '.$course_user_table.' WHERE user_id = "'.$key.'" AND course_code = "'.$course_code.'"';
$result = Database::query($sql_select_teacher, __FILE__, __LINE__); $result = Database::query($sql_select_teacher);
if(Database::num_rows($result) == 1){ if(Database::num_rows($result) == 1){
$sql = 'UPDATE '.$course_user_table.' SET status = "1" WHERE course_code = "'.$course_code.'" AND user_id = "'.$key.'"'; $sql = 'UPDATE '.$course_user_table.' SET status = "1" WHERE course_code = "'.$course_code.'" AND user_id = "'.$key.'"';
@ -295,7 +295,7 @@ if( $form->validate())
sort='0', sort='0',
user_course_cat='0'"; user_course_cat='0'";
} }
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
} }
@ -309,7 +309,7 @@ if( $form->validate())
tutor_id='0', tutor_id='0',
sort='0', sort='0',
user_course_cat='0'"; user_course_cat='0'";
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
$forum_config_table = Database::get_course_table(TOOL_FORUM_CONFIG_TABLE,$course_db_name); $forum_config_table = Database::get_course_table(TOOL_FORUM_CONFIG_TABLE,$course_db_name);
$sql = "UPDATE ".$forum_config_table." SET default_lang='".Database::escape_string($course_language)."'"; $sql = "UPDATE ".$forum_config_table." SET default_lang='".Database::escape_string($course_language)."'";

32
main/admin/course_import.php
Unescape View File

@ -65,14 +65,14 @@ function validate_data($courses) {
else { else {
$course_table = Database :: get_main_table(TABLE_MAIN_COURSE); $course_table = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT * FROM $course_table WHERE code = '".Database::escape_string($course['Code'])."'"; $sql = "SELECT * FROM $course_table WHERE code = '".Database::escape_string($course['Code'])."'";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
if (Database::num_rows($res) > 0) { if (Database::num_rows($res) > 0) {
$course['error'] = get_lang('CodeExists'); $course['error'] = get_lang('CodeExists');
$errors[] = $course; $errors[] = $course;
} }
} }
$coursecodes[$course['Code']] = 1; $coursecodes[$course['Code']] = 1;
} }
/* /*
// 3. Check whether teacher exists. // 3. Check whether teacher exists.
if (!UserManager::is_username_empty($course['Teacher'])) { if (!UserManager::is_username_empty($course['Teacher'])) {
@ -82,12 +82,12 @@ function validate_data($courses) {
$errors[] = $course; $errors[] = $course;
} }
} }
*/ */
// 4. Check whether course category exists. // 4. Check whether course category exists.
if (isset ($course['CourseCategory']) && strlen($course['CourseCategory']) != 0) { if (isset ($course['CourseCategory']) && strlen($course['CourseCategory']) != 0) {
$category_table = Database :: get_main_table(TABLE_MAIN_CATEGORY); $category_table = Database :: get_main_table(TABLE_MAIN_CATEGORY);
$sql = "SELECT * FROM $category_table WHERE code = '".Database::escape_string($course['CourseCategory'])."'"; $sql = "SELECT * FROM $category_table WHERE code = '".Database::escape_string($course['CourseCategory'])."'";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
if (Database::num_rows($res) == 0) { if (Database::num_rows($res) == 0) {
$course['error'] = get_lang('UnkownCategory').' ('.$course['CourseCategory'].')'; $course['error'] = get_lang('UnkownCategory').' ('.$course['CourseCategory'].')';
$errors[] = $course; $errors[] = $course;
@ -104,32 +104,32 @@ function validate_data($courses) {
function save_data($courses) { function save_data($courses) {
global $_configuration, $firstExpirationDelay; global $_configuration, $firstExpirationDelay;
global $purification_option_for_usernames; global $purification_option_for_usernames;
$user_table = Database::get_main_table(TABLE_MAIN_USER); $user_table = Database::get_main_table(TABLE_MAIN_USER);
$msg = ''; $msg = '';
foreach ($courses as $index => $course) { foreach ($courses as $index => $course) {
$course_language = api_get_valid_language($course['Language']); $course_language = api_get_valid_language($course['Language']);
$keys = define_course_keys($course['Code'], '', $_configuration['db_prefix']); $keys = define_course_keys($course['Code'], '', $_configuration['db_prefix']);
$titular = $uidCreator = $username = ''; $titular = $uidCreator = $username = '';
// get username from name (firstname lastname) // get username from name (firstname lastname)
if (!UserManager::is_username_empty($course['Teacher'])) { if (!UserManager::is_username_empty($course['Teacher'])) {
$teacher = UserManager::purify_username($course['Teacher'], $purification_option_for_usernames); $teacher = UserManager::purify_username($course['Teacher'], $purification_option_for_usernames);
if (UserManager::is_username_available($teacher)) { if (UserManager::is_username_available($teacher)) {
$sql = "SELECT username FROM $user_table WHERE ".(api_is_western_name_order(null, $course_language) ? "CONCAT(firstname,' ',lastname)" : "CONCAT(lastname,' ',firstname)")." = '{$course['Teacher']}' LIMIT 1"; $sql = "SELECT username FROM $user_table WHERE ".(api_is_western_name_order(null, $course_language) ? "CONCAT(firstname,' ',lastname)" : "CONCAT(lastname,' ',firstname)")." = '{$course['Teacher']}' LIMIT 1";
$rs = Database::query($sql,__FILE__,__LINE__); $rs = Database::query($sql);
$user = Database::fetch_object($rs); $user = Database::fetch_object($rs);
$username = $user->username; $username = $user->username;
} else { } else {
$username = $teacher; $username = $teacher;
} }
} }
// get name and uid creator from username // get name and uid creator from username
if (!empty($username)) { if (!empty($username)) {
$sql = "SELECT user_id, ".(api_is_western_name_order(null, $course_language) ? "CONCAT(firstname,' ',lastname)" : "CONCAT(lastname,' ',firstname)")." AS name FROM $user_table WHERE username = '".Database::escape_string(UserManager::purify_username($username, $purification_option_for_usernames))."'"; $sql = "SELECT user_id, ".(api_is_western_name_order(null, $course_language) ? "CONCAT(firstname,' ',lastname)" : "CONCAT(lastname,' ',firstname)")." AS name FROM $user_table WHERE username = '".Database::escape_string(UserManager::purify_username($username, $purification_option_for_usernames))."'";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$teacher = Database::fetch_object($res); $teacher = Database::fetch_object($res);
$titular = $teacher->name; $titular = $teacher->name;
$uidCreator = $teacher->user_id; $uidCreator = $teacher->user_id;
@ -137,7 +137,7 @@ function save_data($courses) {
$titular = $course['Teacher']; $titular = $course['Teacher'];
$uidCreator = 1; $uidCreator = 1;
} }
$visual_code = $keys['currentCourseCode']; $visual_code = $keys['currentCourseCode'];
$code = $keys['currentCourseId']; $code = $keys['currentCourseId'];
$db_name = $keys['currentCourseDbName']; $db_name = $keys['currentCourseDbName'];

8
main/admin/course_information.php
Unescape View File

@ -29,7 +29,7 @@ function get_course_usage($course_code, $session_id = 0)
$table = Database::get_main_table(TABLE_MAIN_COURSE); $table = Database::get_main_table(TABLE_MAIN_COURSE);
$course_code = Database::escape_string($course_code); $course_code = Database::escape_string($course_code);
$sql = "SELECT * FROM $table WHERE code='".$course_code."'"; $sql = "SELECT * FROM $table WHERE code='".$course_code."'";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$course = Database::fetch_object($res); $course = Database::fetch_object($res);
// Learnpaths // Learnpaths
$table = Database :: get_course_table(TABLE_LP_MAIN, $course->db_name); $table = Database :: get_course_table(TABLE_LP_MAIN, $course->db_name);
@ -67,7 +67,7 @@ $interbreadcrumb[] = array ("url" => 'course_list.php', "name" => get_lang('Cour
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE); $table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$code = Database::escape_string($_GET['code']); $code = Database::escape_string($_GET['code']);
$sql = "SELECT * FROM $table_course WHERE code = '".$code."'"; $sql = "SELECT * FROM $table_course WHERE code = '".$code."'";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$course = Database::fetch_object($res); $course = Database::fetch_object($res);
$tool_name = $course->title.' ('.$course->visual_code.')'; $tool_name = $course->title.' ('.$course->visual_code.')';
Display::display_header($tool_name); Display::display_header($tool_name);
@ -106,7 +106,7 @@ echo '<blockquote>';
$table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER); $table_course_user = Database :: get_main_table(TABLE_MAIN_COURSE_USER);
$table_user = Database :: get_main_table(TABLE_MAIN_USER); $table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT *,cu.status as course_status FROM $table_course_user cu, $table_user u WHERE cu.user_id = u.user_id AND cu.course_code = '".$code."'"; $sql = "SELECT *,cu.status as course_status FROM $table_course_user cu, $table_user u WHERE cu.user_id = u.user_id AND cu.course_code = '".$code."'";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$is_western_name_order = api_is_western_name_order(); $is_western_name_order = api_is_western_name_order();
if (Database::num_rows($res) > 0) if (Database::num_rows($res) > 0)
{ {
@ -160,7 +160,7 @@ echo '</blockquote>';
$table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS); $table_course_class = Database :: get_main_table(TABLE_MAIN_COURSE_CLASS);
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS); $table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = "SELECT * FROM $table_course_class cc, $table_class c WHERE cc.class_id = c.id AND cc.course_code = '".$code."'"; $sql = "SELECT * FROM $table_course_class cc, $table_class c WHERE cc.class_id = c.id AND cc.course_code = '".$code."'";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if (Database::num_rows($res) > 0) if (Database::num_rows($res) > 0)
{ {
$data = array (); $data = array ();

6
main/admin/course_list.php
Unescape View File

@ -59,7 +59,7 @@ function get_number_of_courses()
$sql.= " AND url_rel_course.access_url_id=".api_get_current_access_url_id(); $sql.= " AND url_rel_course.access_url_id=".api_get_current_access_url_id();
} }
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
return $obj->total_number_of_items; return $obj->total_number_of_items;
} }
@ -103,7 +103,7 @@ function get_course_data($from, $number_of_items, $column, $direction)
$sql .= " ORDER BY col$column $direction "; $sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items"; $sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$courses = array (); $courses = array ();
while ($course = Database::fetch_row($res)) while ($course = Database::fetch_row($res))
{ {
@ -133,7 +133,7 @@ function modify_filter($code)
'<a href="course_edit.php?course_code='.$code.'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>&nbsp;'. '<a href="course_edit.php?course_code='.$code.'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>&nbsp;'.
'<a href="course_list.php?delete_course='.$code.'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset))."'".')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>'. '<a href="course_list.php?delete_course='.$code.'" onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"),ENT_QUOTES,$charset))."'".')) return false;">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>'.
'<a href="../coursecopy/backup.php?cidReq='.$code.'">'.Display::return_icon('backup.gif', get_lang('CreateBackup')).'</a>&nbsp;'; '<a href="../coursecopy/backup.php?cidReq='.$code.'">'.Display::return_icon('backup.gif', get_lang('CreateBackup')).'</a>&nbsp;';
} }
/** /**
* Return an icon representing the visibility of the course * Return an icon representing the visibility of the course

6
main/admin/course_user_import.php
Unescape View File

@ -31,7 +31,7 @@ function validate_data($users_courses) {
// 2.1.1 Check whether course with this code exists in the system. // 2.1.1 Check whether course with this code exists in the system.
$course_table = Database :: get_main_table(TABLE_MAIN_COURSE); $course_table = Database :: get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT * FROM $course_table WHERE code = '".Database::escape_string($user_course['CourseCode'])."'"; $sql = "SELECT * FROM $course_table WHERE code = '".Database::escape_string($user_course['CourseCode'])."'";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
if (Database::num_rows($res) == 0) { if (Database::num_rows($res) == 0) {
$user_course['error'] = get_lang('CodeDoesNotExists'); $user_course['error'] = get_lang('CodeDoesNotExists');
$errors[] = $user_course; $errors[] = $user_course;
@ -72,11 +72,11 @@ function save_data($users_courses) {
foreach($csv_data as $username => $csv_subscriptions) { foreach($csv_data as $username => $csv_subscriptions) {
$user_id = 0; $user_id = 0;
$sql = "SELECT * FROM $user_table u WHERE u.username = '".Database::escape_string($username)."'"; $sql = "SELECT * FROM $user_table u WHERE u.username = '".Database::escape_string($username)."'";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
$user_id = $obj->user_id; $user_id = $obj->user_id;
$sql = "SELECT * FROM $course_user_table cu WHERE cu.user_id = $user_id"; $sql = "SELECT * FROM $course_user_table cu WHERE cu.user_id = $user_id";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$db_subscriptions = array(); $db_subscriptions = array();
while($obj = Database::fetch_object($res)) { while($obj = Database::fetch_object($res)) {
$db_subscriptions[$obj->course_code] = $obj->status; $db_subscriptions[$obj->course_code] = $obj->status;

2
main/admin/course_virtual.php
Unescape View File

@ -225,7 +225,7 @@ function display_create_virtual_course_form()
FROM $category_table FROM $category_table
WHERE auth_course_child ='TRUE' WHERE auth_course_child ='TRUE'
ORDER BY tree_pos"; ORDER BY tree_pos";
$category_result = Database::query($sql_query, __FILE__, __LINE__); $category_result = Database::query($sql_query);
while ($current_category = Database::fetch_array($category_result)) while ($current_category = Database::fetch_array($category_result))
{ {

16
main/admin/group_edit.php
Unescape View File

@ -38,12 +38,12 @@ function text_longitud(){
document.forms[0].description.value = textarea; document.forms[0].description.value = textarea;
}else{ }else{
textarea = document.forms[0].description.value; textarea = document.forms[0].description.value;
} }
} }
</script>'; </script>';
$sql = "SELECT * FROM $table_group WHERE id = '".$group_id."'"; $sql = "SELECT * FROM $table_group WHERE id = '".$group_id."'";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
if (Database::num_rows($res) != 1) { if (Database::num_rows($res) != 1) {
header('Location: group_list.php'); header('Location: group_list.php');
exit; exit;
@ -96,7 +96,7 @@ $form->setDefaults($group_data);
// Validate form // Validate form
if ( $form->validate()) { if ( $form->validate()) {
$group = $form->exportValues(); $group = $form->exportValues();
$picture_element = & $form->getElement('picture'); $picture_element = & $form->getElement('picture');
$picture = $picture_element->getValue(); $picture = $picture_element->getValue();
@ -107,13 +107,13 @@ if ( $form->validate()) {
elseif (!empty($picture['name'])) { elseif (!empty($picture['name'])) {
$picture_uri = GroupPortalManager::update_group_picture($group_id, $_FILES['picture']['name'], $_FILES['picture']['tmp_name']); $picture_uri = GroupPortalManager::update_group_picture($group_id, $_FILES['picture']['name'], $_FILES['picture']['tmp_name']);
} }
$name = $group['name']; $name = $group['name'];
$description = $group['description']; $description = $group['description'];
$url = $group['url']; $url = $group['url'];
$status = intval($group['visibility']); $status = intval($group['visibility']);
GroupPortalManager::update($group_id, $name, $description, $url, $status, $picture_uri); GroupPortalManager::update($group_id, $name, $description, $url, $status, $picture_uri);
$tok = Security::get_token(); $tok = Security::get_token();
header('Location: group_list.php?action=show_message&message='.urlencode(get_lang('GroupUpdated')).'&sec_token='.$tok); header('Location: group_list.php?action=show_message&message='.urlencode(get_lang('GroupUpdated')).'&sec_token='.$tok);
exit(); exit();

46
main/admin/group_list.php
Unescape View File

@ -41,7 +41,7 @@ function get_number_of_groups()
*/ */
if ( isset ($_GET['keyword'])) { if ( isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword'])); $keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " WHERE (g.name LIKE '%".$keyword."%' OR g.description LIKE '%".$keyword."%' OR g.url LIKE '%".$keyword."%' )"; $sql .= " WHERE (g.name LIKE '%".$keyword."%' OR g.description LIKE '%".$keyword."%' OR g.url LIKE '%".$keyword."%' )";
} }
// adding the filter to see the user's only of the current access_url // adding the filter to see the user's only of the current access_url
@ -50,7 +50,7 @@ function get_number_of_groups()
$sql.= " AND url_rel_user.access_url_id=".api_get_current_access_url_id(); $sql.= " AND url_rel_user.access_url_id=".api_get_current_access_url_id();
}*/ }*/
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
return $obj->total_number_of_items; return $obj->total_number_of_items;
} }
@ -65,10 +65,10 @@ function get_number_of_groups()
function get_group_data($from, $number_of_items, $column, $direction) function get_group_data($from, $number_of_items, $column, $direction)
{ {
$group_table = Database :: get_main_table(TABLE_MAIN_GROUP); $group_table = Database :: get_main_table(TABLE_MAIN_GROUP);
$sql = "SELECT $sql = "SELECT
g.id AS col0, g.id AS col0,
g.name AS col1, g.name AS col1,
g.description AS col2, g.description AS col2,
g.visibility AS col3, g.visibility AS col3,
g.id AS col4 g.id AS col4
@ -84,7 +84,7 @@ function get_group_data($from, $number_of_items, $column, $direction)
if (isset ($_GET['keyword'])) { if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword'])); $keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " WHERE (g.name LIKE '%".$keyword."%' OR g.description LIKE '%".$keyword."%' OR g.url LIKE '%".$keyword."%' )"; $sql .= " WHERE (g.name LIKE '%".$keyword."%' OR g.description LIKE '%".$keyword."%' OR g.url LIKE '%".$keyword."%' )";
} }
/* /*
// adding the filter to see the user's only of the current access_url // adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) { if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) {
@ -101,19 +101,19 @@ function get_group_data($from, $number_of_items, $column, $direction)
$sql .= " ORDER BY col$column $direction "; $sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items"; $sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$users = array (); $users = array ();
$t = time(); $t = time();
// Status // Status
$status = array(); $status = array();
$status[GROUP_PERMISSION_OPEN] = get_lang('Open'); $status[GROUP_PERMISSION_OPEN] = get_lang('Open');
$status[GROUP_PERMISSION_CLOSED] = get_lang('Closed'); $status[GROUP_PERMISSION_CLOSED] = get_lang('Closed');
while ($group = Database::fetch_row($res)) { while ($group = Database::fetch_row($res)) {
$group[3] = $status[$group[3]]; $group[3] = $status[$group[3]];
$group['1'] = '<a href="'.api_get_path(WEB_CODE_PATH).'social/groups.php?id='.$group['0'].'">'.$group['1'].'</a>'; $group['1'] = '<a href="'.api_get_path(WEB_CODE_PATH).'social/groups.php?id='.$group['0'].'">'.$group['1'].'</a>';
$groups[] = $group; $groups[] = $group;
} }
return $groups; return $groups;
@ -123,10 +123,10 @@ function get_group_data($from, $number_of_items, $column, $direction)
function get_recent_group_data($from =0 , $number_of_items = 5, $column, $direction) function get_recent_group_data($from =0 , $number_of_items = 5, $column, $direction)
{ {
$group_table = Database :: get_main_table(TABLE_MAIN_GROUP); $group_table = Database :: get_main_table(TABLE_MAIN_GROUP);
$sql = "SELECT $sql = "SELECT
g.id AS col0, g.id AS col0,
g.name AS col1, g.name AS col1,
g.description AS col2, g.description AS col2,
g.visibility AS col3, g.visibility AS col3,
g.id AS col4 g.id AS col4
@ -142,7 +142,7 @@ function get_recent_group_data($from =0 , $number_of_items = 5, $column, $direct
if (isset ($_GET['keyword'])) { if (isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword'])); $keyword = Database::escape_string(trim($_GET['keyword']));
$sql .= " WHERE (g.name LIKE '%".$keyword."%' OR g.description LIKE '%".$keyword."%' OR g.url LIKE '%".$keyword."%' )"; $sql .= " WHERE (g.name LIKE '%".$keyword."%' OR g.description LIKE '%".$keyword."%' OR g.url LIKE '%".$keyword."%' )";
} }
/* /*
// adding the filter to see the user's only of the current access_url // adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) { if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) {
@ -159,12 +159,12 @@ function get_recent_group_data($from =0 , $number_of_items = 5, $column, $direct
$sql .= " ORDER BY col$column $direction "; $sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items"; $sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$users = array (); $users = array ();
$t = time(); $t = time();
while ($group = Database::fetch_row($res)) { while ($group = Database::fetch_row($res)) {
// forget about the expiration date field // forget about the expiration date field
$groups[] = $group; $groups[] = $group;
} }
return $groups; return $groups;
@ -247,7 +247,7 @@ function lock_unlock_user($status,$user_id)
if(($status_db=='1' OR $status_db=='0') AND is_numeric($user_id)) if(($status_db=='1' OR $status_db=='0') AND is_numeric($user_id))
{ {
$sql="UPDATE $user_table SET active='".Database::escape_string($status_db)."' WHERE user_id='".Database::escape_string($user_id)."'"; $sql="UPDATE $user_table SET active='".Database::escape_string($status_db)."' WHERE user_id='".Database::escape_string($user_id)."'";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
} }
if ($result) if ($result)
@ -324,7 +324,7 @@ else
// to prevent too long messages // to prevent too long messages
if ($_GET['warn'] == 'session_message'){ if ($_GET['warn'] == 'session_message'){
$_GET['warn'] = $_SESSION['session_message_import_users']; $_GET['warn'] = $_SESSION['session_message_import_users'];
} }
Display::display_warning_message(urldecode($_GET['warn']),false); Display::display_warning_message(urldecode($_GET['warn']),false);
} }
if (!empty($_GET['message'])) { if (!empty($_GET['message'])) {
@ -358,20 +358,20 @@ else
if ($check) { if ($check) {
switch ($_POST['action']) { switch ($_POST['action']) {
case 'delete' : case 'delete' :
if (api_is_platform_admin()) { if (api_is_platform_admin()) {
$number_of_selected_groups = count($_POST['id']); $number_of_selected_groups = count($_POST['id']);
$number_of_deleted_groups = 0; $number_of_deleted_groups = 0;
foreach ($_POST['id'] as $index => $group_id) { foreach ($_POST['id'] as $index => $group_id) {
if (GroupPortalManager :: delete($group_id)) { if (GroupPortalManager :: delete($group_id)) {
$number_of_deleted_groups++; $number_of_deleted_groups++;
} }
} }
} }
if ($number_of_selected_groups == $number_of_deleted_groups) { if ($number_of_selected_groups == $number_of_deleted_groups) {
Display :: display_confirmation_message(get_lang('SelectedGroupsDeleted')); Display :: display_confirmation_message(get_lang('SelectedGroupsDeleted'));
} else { } else {
Display :: display_error_message(get_lang('SomeGroupsNotDeleted')); Display :: display_error_message(get_lang('SomeGroupsNotDeleted'));
} }
break; break;
} }
Security::clear_token(); Security::clear_token();
@ -387,7 +387,7 @@ else
echo '<div class="actions" style="width:100%;">'; echo '<div class="actions" style="width:100%;">';
if (api_is_platform_admin()) { if (api_is_platform_admin()) {
echo '<span style="float:right; padding-top:7px;">'. echo '<span style="float:right; padding-top:7px;">'.
'<a href="'.api_get_path(WEB_CODE_PATH).'admin/group_add.php">'.Display::return_icon('groupadd.gif',get_lang('AddGroups')).get_lang('AddGroups').'</a>'. '<a href="'.api_get_path(WEB_CODE_PATH).'admin/group_add.php">'.Display::return_icon('groupadd.gif',get_lang('AddGroups')).get_lang('AddGroups').'</a>'.
'</span>'; '</span>';
} }
$form->display(); $form->display();
@ -413,7 +413,7 @@ else
$table->set_header(1, get_lang('Name')); $table->set_header(1, get_lang('Name'));
$table->set_header(2, get_lang('Description')); $table->set_header(2, get_lang('Description'));
$table->set_header(3, get_lang('Visibility')); $table->set_header(3, get_lang('Visibility'));
$table->set_header(4, '', false); $table->set_header(4, '', false);
$table->set_column_filter(4, 'modify_filter'); $table->set_column_filter(4, 'modify_filter');
//$table->set_column_filter(6, 'status_filter'); //$table->set_column_filter(6, 'status_filter');
//$table->set_column_filter(7, 'active_filter'); //$table->set_column_filter(7, 'active_filter');

28
main/admin/index.php
Unescape View File

@ -77,19 +77,19 @@ if (api_is_platform_admin()) {
<li><a href="user_export.php"> <?php echo get_lang('ExportUserListXMLCSV') ?></a></li> <li><a href="user_export.php"> <?php echo get_lang('ExportUserListXMLCSV') ?></a></li>
<li><a href="user_import.php"> <?php echo get_lang('ImportUserListXMLCSV') ?></a></li> <li><a href="user_import.php"> <?php echo get_lang('ImportUserListXMLCSV') ?></a></li>
<?php if (api_get_setting('allow_social_tool')=='true') { ?> <?php if (api_get_setting('allow_social_tool')=='true') { ?>
<li><a href="group_add.php"> <?php echo get_lang('AddGroups') ?></a></li> <li><a href="group_add.php"> <?php echo get_lang('AddGroups') ?></a></li>
<li><a href="group_list.php"> <?php echo get_lang('GroupList') ?></a></li> <li><a href="group_list.php"> <?php echo get_lang('GroupList') ?></a></li>
<?php <?php
} }
if(isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap'])>0){ if(isset($extAuthSource) && isset($extAuthSource['ldap']) && count($extAuthSource['ldap'])>0){
?> ?>
<!-- dynamic ldap code --> <!-- dynamic ldap code -->
<li><a href="ldap_users_list.php"><?php echo get_lang('ImportLDAPUsersIntoPlatform');?></a></li> <li><a href="ldap_users_list.php"><?php echo get_lang('ImportLDAPUsersIntoPlatform');?></a></li>
<!-- dynamic ldap code --> <!-- dynamic ldap code -->
<?php <?php
} }
?> ?>
<li><a href="user_fields.php"> <?php echo get_lang('ManageUserFields'); ?></a></li> <li><a href="user_fields.php"> <?php echo get_lang('ManageUserFields'); ?></a></li>
</ul> </ul>
</div> </div>
<?php <?php
@ -118,8 +118,8 @@ if(api_is_platform_admin()) {
<button class="search" type="submit"> <?php echo get_lang('Search');?> <button class="search" type="submit"> <?php echo get_lang('Search');?>
</button> </button>
</form></div> </form></div>
<ul> <ul>
<li> <li>
<a href="course_list.php?search=advanced"><?php echo api_ucfirst(get_lang('AdvancedSearch')); ?></a> <a href="course_list.php?search=advanced"><?php echo api_ucfirst(get_lang('AdvancedSearch')); ?></a>
@ -128,7 +128,7 @@ if(api_is_platform_admin()) {
<li><a href="course_list.php"><?php echo get_lang('CourseList') ?></a></li> <li><a href="course_list.php"><?php echo get_lang('CourseList') ?></a></li>
<li><a href="course_add.php"><?php echo get_lang('AddCourse') ?></a></li> <li><a href="course_add.php"><?php echo get_lang('AddCourse') ?></a></li>
<li><a href="course_export.php"><?php echo get_lang('ExportCourses'); ?></a></li> <li><a href="course_export.php"><?php echo get_lang('ExportCourses'); ?></a></li>
<li><a href="course_import.php"><?php echo get_lang('ImportCourses'); ?></a></li> <li><a href="course_import.php"><?php echo get_lang('ImportCourses'); ?></a></li>
<!--<li><a href="course_virtual.php"><?php //echo get_lang('AdminManageVirtualCourses') ?></a></li>--> <!--<li><a href="course_virtual.php"><?php //echo get_lang('AdminManageVirtualCourses') ?></a></li>-->
<li><a href="course_category.php"><?php echo get_lang('AdminCategories'); ?></a></li> <li><a href="course_category.php"><?php echo get_lang('AdminCategories'); ?></a></li>
<li><a href="subscribe_user2course.php"><?php echo get_lang('AddUsersToACourse'); ?></a></li> <li><a href="subscribe_user2course.php"><?php echo get_lang('AddUsersToACourse'); ?></a></li>
@ -145,7 +145,7 @@ if(api_is_platform_admin()) {
<?php <?php
} }
?> ?>
</ul> </ul>
</div> </div>
@ -308,7 +308,7 @@ function version_check()
{ {
$tbl_settings = Database :: get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $tbl_settings = Database :: get_main_table(TABLE_MAIN_SETTINGS_CURRENT);
$sql = 'SELECT selected_value FROM '.$tbl_settings.' WHERE variable="registered" '; $sql = 'SELECT selected_value FROM '.$tbl_settings.' WHERE variable="registered" ';
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
$row=Database::fetch_array($result,'ASSOC'); $row=Database::fetch_array($result,'ASSOC');
// The site has not been registered yet // The site has not been registered yet
@ -359,13 +359,13 @@ function register_site()
// the SQL statment // the SQL statment
$sql = "UPDATE $tbl_settings SET selected_value='true' WHERE variable='registered'"; $sql = "UPDATE $tbl_settings SET selected_value='true' WHERE variable='registered'";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
// //
if ($_POST['donotlistcampus']) if ($_POST['donotlistcampus'])
{ {
$sql = "UPDATE $tbl_settings SET selected_value='true' WHERE variable='donotlistcampus'"; $sql = "UPDATE $tbl_settings SET selected_value='true' WHERE variable='donotlistcampus'";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
} }
// reload the settings // reload the settings
@ -388,13 +388,13 @@ function check_dokeos_version2()
{ {
// the number of courses // the number of courses
$sql="SELECT count(code) FROM ".Database::get_main_table(TABLE_MAIN_COURSE); $sql="SELECT count(code) FROM ".Database::get_main_table(TABLE_MAIN_COURSE);
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
$number_of_courses = $row[0]; $number_of_courses = $row[0];
// the number of users // the number of users
$sql="SELECT count(user_id) FROM ".Database::get_main_table(TABLE_MAIN_USER); $sql="SELECT count(user_id) FROM ".Database::get_main_table(TABLE_MAIN_USER);
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
$number_of_users = $row[0]; $number_of_users = $row[0];
@ -402,7 +402,7 @@ function check_dokeos_version2()
$handle=@fopen($version_url,'r'); $handle=@fopen($version_url,'r');
if ($handle !== false) { if ($handle !== false) {
$version_info=trim(@fread($handle, 1024)); $version_info=trim(@fread($handle, 1024));
if ($dokeos_version<>$version_info) if ($dokeos_version<>$version_info)
{ {
$output='<br /><span style="color:red">' . get_lang('YourVersionNotUpToDate') . '. '.get_lang('LatestVersionIs').' <b>Chamilo '.$version_info.'</b>. '.get_lang('YourVersionIs').' <b>Chamilo '.$dokeos_version. '</b>. '.str_replace('http://www.chamilo.org','<a href="http://www.chamilo.org">http://www.chamilo.org</a>',get_lang('PleaseVisitDokeos')).'</span>'; $output='<br /><span style="color:red">' . get_lang('YourVersionNotUpToDate') . '. '.get_lang('LatestVersionIs').' <b>Chamilo '.$version_info.'</b>. '.get_lang('YourVersionIs').' <b>Chamilo '.$dokeos_version. '</b>. '.str_replace('http://www.chamilo.org','<a href="http://www.chamilo.org">http://www.chamilo.org</a>',get_lang('PleaseVisitDokeos')).'</span>';

6
main/admin/languages.php
Unescape View File

@ -168,7 +168,7 @@ elseif (isset($_POST['action']))
$ids[] = Database::escape_string($id); $ids[] = Database::escape_string($id);
} }
$sql = "UPDATE $tbl_admin_languages SET available='1' WHERE id IN ('".implode("','", $ids)."')"; $sql = "UPDATE $tbl_admin_languages SET available='1' WHERE id IN ('".implode("','", $ids)."')";
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
} }
break; break;
case 'makeunavailable' : case 'makeunavailable' :
@ -180,7 +180,7 @@ elseif (isset($_POST['action']))
$ids[] = Database::escape_string($id); $ids[] = Database::escape_string($id);
} }
$sql = "UPDATE $tbl_admin_languages SET available='0' WHERE id IN ('".implode("','", $ids)."')"; $sql = "UPDATE $tbl_admin_languages SET available='0' WHERE id IN ('".implode("','", $ids)."')";
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
} }
break; break;
} }
@ -212,7 +212,7 @@ $sql_select = "SELECT * FROM $tbl_admin_languages";
$result_select = Database::query($sql_select); $result_select = Database::query($sql_select);
$sql_select_lang = "SELECT * FROM $tbl_settings_current WHERE category='Languages'"; $sql_select_lang = "SELECT * FROM $tbl_settings_current WHERE category='Languages'";
$result_select_lang = Database::query($sql_select_lang,__FILE__,__LINE__); $result_select_lang = Database::query($sql_select_lang);
$row_lang=Database::fetch_array($result_select_lang); $row_lang=Database::fetch_array($result_select_lang);
/* /*

6
main/admin/ldap_import_students_to_session.php
Unescape View File

@ -92,7 +92,7 @@ elseif(!empty($annee) && empty($id_session))
$sql = "SELECT id,name,nbr_courses,date_start,date_end " . $sql = "SELECT id,name,nbr_courses,date_start,date_end " .
" FROM $tbl_session ". " FROM $tbl_session ".
" ORDER BY name"; " ORDER BY name";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
$sessions=Database::store_result($result); $sessions=Database::store_result($result);
$nbr_results=count($sessions); $nbr_results=count($sessions);
@ -184,7 +184,7 @@ elseif (!empty($annee) && !empty($id_session) && ($_POST['confirmed']=='yes'))
$sql = 'INSERT INTO '.$tbl_session_user.' SET $sql = 'INSERT INTO '.$tbl_session_user.' SET
id_user="'.intval($user_id).'", id_user="'.intval($user_id).'",
id_session = "'.intval($id_session).'"'; id_session = "'.intval($id_session).'"';
$res_user = Database::query($sql,__FILE__,__LINE__); $res_user = Database::query($sql);
if($res_user != false) if($res_user != false)
{ {
$num++; $num++;
@ -193,7 +193,7 @@ elseif (!empty($annee) && !empty($id_session) && ($_POST['confirmed']=='yes'))
if($num>0) if($num>0)
{ {
$sql = 'UPDATE '.$tbl_session.' SET nbr_users = (nbr_users + '.$num.') WHERE id = '.intval($id_session); $sql = 'UPDATE '.$tbl_session.' SET nbr_users = (nbr_users + '.$num.') WHERE id = '.intval($id_session);
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
} }
header('Location: resume_session.php?id_session='.Security::remove_XSS($_POST['id_session'])); header('Location: resume_session.php?id_session='.Security::remove_XSS($_POST['id_session']));
} }

18
main/admin/ldap_synchro.php
Unescape View File

@ -60,10 +60,10 @@ $tbl_session_rel_etape = "session_rel_etape";
$message=""; $message="";
$result=Database::query("SELECT id, name FROM $tbl_session",__FILE__,__LINE__); $result=Database::query("SELECT id, name FROM $tbl_session");
$Sessions=Database::store_result($result); $Sessions=Database::store_result($result);
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$users=Database::store_result($result); $users=Database::store_result($result);
foreach($Sessions as $session){ foreach($Sessions as $session){
@ -152,7 +152,7 @@ foreach($Sessions as $session){
// Une fois les utilisateurs importer dans la base des utilisateurs, on peux les affecter a<EFBFBD> la session // Une fois les utilisateurs importer dans la base des utilisateurs, on peux les affecter a<EFBFBD> la session
$result=Database::query("SELECT course_code FROM $tbl_session_rel_course " . $result=Database::query("SELECT course_code FROM $tbl_session_rel_course " .
"WHERE id_session='$id_session'",__FILE__,__LINE__); "WHERE id_session='$id_session'");
$CourseList=array(); $CourseList=array();
while($row=Database::fetch_array($result)) while($row=Database::fetch_array($result))
{ {
@ -163,29 +163,29 @@ foreach($Sessions as $session){
// On ajoute la relation entre l'utilisateur et le cours // On ajoute la relation entre l'utilisateur et le cours
foreach($UserList as $enreg_user) foreach($UserList as $enreg_user)
{ {
Database::query("INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')",__FILE__,__LINE__); Database::query("INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')");
} }
$sql = "SELECT COUNT(id_user) as nbUsers " . $sql = "SELECT COUNT(id_user) as nbUsers " .
"FROM $tbl_session_rel_course_rel_user " . "FROM $tbl_session_rel_course_rel_user " .
"WHERE id_session='$id_session' AND course_code='$enreg_course'"; "WHERE id_session='$id_session' AND course_code='$enreg_course'";
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
list($nbr_users) = Database::fetch_array($rs); list($nbr_users) = Database::fetch_array($rs);
$sql = "UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'"; $sql = "UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users WHERE id_session='$id_session' AND course_code='$enreg_course'";
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
} }
// On ajoute la relation entre l'utilisateur et la session // On ajoute la relation entre l'utilisateur et la session
foreach($UserList as $enreg_user){ foreach($UserList as $enreg_user){
$sql = "INSERT IGNORE INTO $tbl_session_rel_user(id_session, id_user) " . $sql = "INSERT IGNORE INTO $tbl_session_rel_user(id_session, id_user) " .
"VALUES('$id_session','$enreg_user')"; "VALUES('$id_session','$enreg_user')";
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
} }
$sql = "SELECT COUNT(id_user) as nbUsers " . $sql = "SELECT COUNT(id_user) as nbUsers " .
"FROM $tbl_session_rel_user " . "FROM $tbl_session_rel_user " .
"WHERE id_session='$id_session'"; "WHERE id_session='$id_session'";
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
list($nbr_users) = Database::fetch_array($rs); list($nbr_users) = Database::fetch_array($rs);
$sql = "UPDATE $tbl_session SET nbr_users=$nbr_users WHERE id='$id_session'"; $sql = "UPDATE $tbl_session SET nbr_users=$nbr_users WHERE id='$id_session'";
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
} }
} }
?> ?>

34
main/admin/resume_session.php
Unescape View File

@ -45,7 +45,7 @@ $sql = 'SELECT name, nbr_courses, nbr_users, nbr_classes, DATE_FORMAT(date_start
ON id_coach = user_id ON id_coach = user_id
WHERE '.$tbl_session.'.id='.$id_session; WHERE '.$tbl_session.'.id='.$id_session;
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$session = Database::store_result($rs); $session = Database::store_result($rs);
$session = $session[0]; $session = $session[0];
@ -55,7 +55,7 @@ if(!api_is_platform_admin() && $session['session_admin_id']!=$_user['user_id'])
} }
$sql = 'SELECT name FROM '.$tbl_session_category.' WHERE id = "'.intval($session['session_category_id']).'"'; $sql = 'SELECT name FROM '.$tbl_session_category.' WHERE id = "'.intval($session['session_category_id']).'"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$session_category = ''; $session_category = '';
if(Database::num_rows($rs)>0) { if(Database::num_rows($rs)>0) {
$rows_session_category = Database::store_result($rs); $rows_session_category = Database::store_result($rs);
@ -75,32 +75,32 @@ if($_GET['action'] == 'delete')
$idChecked="'".implode("','",$idChecked)."'"; $idChecked="'".implode("','",$idChecked)."'";
Database::query("DELETE FROM $tbl_session_rel_course WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_course WHERE id_session='$id_session' AND course_code IN($idChecked)");
$nbr_affected_rows=Database::affected_rows(); $nbr_affected_rows=Database::affected_rows();
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code IN($idChecked)");
Database::query("UPDATE $tbl_session SET nbr_courses=nbr_courses-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session SET nbr_courses=nbr_courses-$nbr_affected_rows WHERE id='$id_session'");
} }
if(!empty($_GET['class'])){ if(!empty($_GET['class'])){
Database::query("DELETE FROM $tbl_session_rel_class WHERE session_id='$id_session' AND class_id=".Database::escape_string($_GET['class']),__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_class WHERE session_id='$id_session' AND class_id=".Database::escape_string($_GET['class']));
$nbr_affected_rows=Database::affected_rows(); $nbr_affected_rows=Database::affected_rows();
Database::query("UPDATE $tbl_session SET nbr_classes=nbr_classes-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session SET nbr_classes=nbr_classes-$nbr_affected_rows WHERE id='$id_session'");
} }
if (!empty($_GET['user'])) { if (!empty($_GET['user'])) {
Database::query("DELETE FROM $tbl_session_rel_user WHERE id_session='$id_session' AND id_user=".intval($_GET['user']),__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_user WHERE id_session='$id_session' AND id_user=".intval($_GET['user']));
$nbr_affected_rows=Database::affected_rows(); $nbr_affected_rows=Database::affected_rows();
Database::query("UPDATE $tbl_session SET nbr_users=nbr_users-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session SET nbr_users=nbr_users-$nbr_affected_rows WHERE id='$id_session'");
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND id_user=".intval($_GET['user']),__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND id_user=".intval($_GET['user']));
$nbr_affected_rows=Database::affected_rows(); $nbr_affected_rows=Database::affected_rows();
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session'");
} }
} }
@ -203,12 +203,12 @@ if($session['nbr_courses']==0){
else { else {
// select the courses // select the courses
$sql = "SELECT code,title,visual_code, nbr_users $sql = "SELECT code,title,visual_code, nbr_users
FROM $tbl_course,$tbl_session_rel_course FROM $tbl_course,$tbl_session_rel_course
WHERE course_code = code WHERE course_code = code
AND id_session='$id_session' AND id_session='$id_session'
ORDER BY title"; ORDER BY title";
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$courses=Database::store_result($result); $courses=Database::store_result($result);
foreach($courses as $course){ foreach($courses as $course){
//select the number of users //select the number of users
@ -217,14 +217,14 @@ else {
WHERE srcru.id_user = sru.id_user AND srcru.id_session = sru.id_session AND srcru.course_code = '".Database::escape_string($course['code'])."' WHERE srcru.id_user = sru.id_user AND srcru.id_session = sru.id_session AND srcru.course_code = '".Database::escape_string($course['code'])."'
AND srcru.id_session = '".intval($id_session)."'"; AND srcru.id_session = '".intval($id_session)."'";
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$course['nbr_users'] = Database::result($rs,0,0); $course['nbr_users'] = Database::result($rs,0,0);
// Get coachs of the courses in session // Get coachs of the courses in session
$sql = "SELECT user.lastname,user.firstname,user.username FROM $tbl_session_rel_course_rel_user session_rcru, $tbl_user user $sql = "SELECT user.lastname,user.firstname,user.username FROM $tbl_session_rel_course_rel_user session_rcru, $tbl_user user
WHERE session_rcru.id_user = user.user_id AND session_rcru.id_session = '".intval($id_session)."' AND session_rcru.course_code ='".Database::escape_string($course['code'])."' AND session_rcru.status=2"; WHERE session_rcru.id_user = user.user_id AND session_rcru.id_session = '".intval($id_session)."' AND session_rcru.course_code ='".Database::escape_string($course['code'])."' AND session_rcru.status=2";
$rs = Database::query($sql,__FILE__,__LINE__); $rs = Database::query($sql);
$coachs = array(); $coachs = array();
if (Database::num_rows($rs) > 0) { if (Database::num_rows($rs) > 0) {
@ -287,7 +287,7 @@ else {
ON '.$tbl_user.'.user_id = '.$tbl_session_rel_user.'.id_user ON '.$tbl_user.'.user_id = '.$tbl_session_rel_user.'.id_user
AND '.$tbl_session_rel_user.'.id_session = '.$id_session.$order_clause; AND '.$tbl_session_rel_user.'.id_session = '.$id_session.$order_clause;
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$users=Database::store_result($result); $users=Database::store_result($result);
$orig_param = '&origin=resume_session&id_session='.$id_session; // change breadcrumb in destination page $orig_param = '&origin=resume_session&id_session='.$id_session; // change breadcrumb in destination page
foreach($users as $user){ foreach($users as $user){

8
main/admin/session_add.php
Unescape View File

@ -80,7 +80,7 @@ function search_coachs($needle)
} }
} }
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
while ($user = Database :: fetch_array($rs)) { while ($user = Database :: fetch_array($rs)) {
$return .= '<a href="javascript: void(0);" onclick="javascript: fill_coach_field(\''.$user['username'].'\')">'.api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].')</a><br />'; $return .= '<a href="javascript: void(0);" onclick="javascript: fill_coach_field(\''.$user['username'].'\')">'.api_get_person_name($user['firstname'], $user['lastname']).' ('.$user['username'].')</a><br />';
} }
@ -161,7 +161,7 @@ if (!empty($return)) {
<?php <?php
$sql = 'SELECT COUNT(1) FROM '.$tbl_user.' WHERE status=1'; $sql = 'SELECT COUNT(1) FROM '.$tbl_user.' WHERE status=1';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$count_users = Database::result($rs, 0, 0); $count_users = Database::result($rs, 0, 0);
if (intval($count_users)<50) { if (intval($count_users)<50) {
@ -178,7 +178,7 @@ if (intval($count_users)<50) {
} }
} }
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Coaches=Database::store_result($result); $Coaches=Database::store_result($result);
?> ?>
<select name="coach_username" value="true" style="width:250px;"> <select name="coach_username" value="true" style="width:250px;">
@ -202,7 +202,7 @@ if (intval($count_users)<50) {
$id_session_category = ''; $id_session_category = '';
$tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY); $tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
$sql = 'SELECT id, name FROM '.$tbl_session_category.' ORDER BY name ASC'; $sql = 'SELECT id, name FROM '.$tbl_session_category.' ORDER BY name ASC';
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
$Categories = Database::store_result($result); $Categories = Database::store_result($result);
?> ?>
<tr> <tr>

2
main/admin/session_category_edit.php
Unescape View File

@ -37,7 +37,7 @@ $tool_name = get_lang('EditSessionCategory');
$interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin')); $interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin'));
$interbreadcrumb[]=array('url' => "session_category_list.php","name" => get_lang('ListSessionCategory')); $interbreadcrumb[]=array('url' => "session_category_list.php","name" => get_lang('ListSessionCategory'));
$sql = "SELECT * FROM $tbl_session_category WHERE id='".$id."' ORDER BY name"; $sql = "SELECT * FROM $tbl_session_category WHERE id='".$id."' ORDER BY name";
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
if (!$infos=Database::fetch_array($result)) { if (!$infos=Database::fetch_array($result)) {
header('Location: session_list.php'); header('Location: session_list.php');
exit(); exit();

6
main/admin/session_category_list.php
Unescape View File

@ -82,10 +82,10 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
FROM $tbl_session_category sc $where "; FROM $tbl_session_category sc $where ";
$order = ($order == 'ASC')? 'DESC': 'ASC'; $order = ($order == 'ASC')? 'DESC': 'ASC';
$result_rows = Database::query($query_rows,__FILE__,__LINE__); $result_rows = Database::query($query_rows);
$recorset = Database::fetch_array($result_rows); $recorset = Database::fetch_array($result_rows);
$num = $recorset['total_rows']; $num = $recorset['total_rows'];
$result = Database::query($query,__FILE__,__LINE__); $result = Database::query($query);
$Sessions = Database::store_result($result); $Sessions = Database::store_result($result);
$nbr_results = sizeof($Sessions); $nbr_results = sizeof($Sessions);
$tool_name = get_lang('ListSessionCategory'); $tool_name = get_lang('ListSessionCategory');
@ -159,7 +159,7 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
break; break;
} }
$sql = 'SELECT COUNT(session_category_id) FROM '.$tbl_session.' WHERE session_category_id = '.intval($enreg['id']); $sql = 'SELECT COUNT(session_category_id) FROM '.$tbl_session.' WHERE session_category_id = '.intval($enreg['id']);
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
list($nb_courses) = Database::fetch_array($rs); list($nb_courses) = Database::fetch_array($rs);
?> ?>
<tr class="<?php echo $i?'row_odd':'row_even'; ?>"> <tr class="<?php echo $i?'row_odd':'row_even'; ?>">

8
main/admin/session_course_edit.php
Unescape View File

@ -37,7 +37,7 @@ $interbreadcrumb[]=array('url' => "session_list.php","name" => get_lang("Session
$interbreadcrumb[]=array('url' => "../admin/resume_session.php?id_session=".Security::remove_XSS($_REQUEST['id_session']),"name" => get_lang('SessionOverview')); $interbreadcrumb[]=array('url' => "../admin/resume_session.php?id_session=".Security::remove_XSS($_REQUEST['id_session']),"name" => get_lang('SessionOverview'));
$interbreadcrumb[]=array('url' => "session_course_list.php?id_session=$id_session","name" =>api_htmlentities($session_name,ENT_QUOTES,$charset)); $interbreadcrumb[]=array('url' => "session_course_list.php?id_session=$id_session","name" =>api_htmlentities($session_name,ENT_QUOTES,$charset));
$result = Database::query("SELECT s.name, c.title FROM $tbl_session_course sc,$tbl_session s,$tbl_course c WHERE sc.id_session=s.id AND sc.course_code=c.code AND sc.id_session='$id_session' AND sc.course_code='".addslashes($course_code)."'",__FILE__,__LINE__); $result = Database::query("SELECT s.name, c.title FROM $tbl_session_course sc,$tbl_session s,$tbl_course c WHERE sc.id_session=s.id AND sc.course_code=c.code AND sc.id_session='$id_session' AND sc.course_code='".addslashes($course_code)."'");
if (!list($session_name,$course_title)=Database::fetch_row($result)) { if (!list($session_name,$course_title)=Database::fetch_row($result)) {
header('Location: session_course_list.php?id_session='.$id_session); header('Location: session_course_list.php?id_session='.$id_session);
@ -50,7 +50,7 @@ if ($_POST['formSent']) {
// get all tutor by course_code in the session // get all tutor by course_code in the session
$sql = "SELECT id_user FROM $tbl_session_rel_course_rel_user WHERE id_session = '$id_session' AND course_code = '$course_code' AND status = 2"; $sql = "SELECT id_user FROM $tbl_session_rel_course_rel_user WHERE id_session = '$id_session' AND course_code = '$course_code' AND status = 2";
$rs_coachs = Database::query($sql,__FILE__,__LINE__); $rs_coachs = Database::query($sql);
$coachs_course_session = array(); $coachs_course_session = array();
if (Database::num_rows($rs_coachs) > 0){ if (Database::num_rows($rs_coachs) > 0){
@ -83,7 +83,7 @@ if ($_POST['formSent']) {
}else { }else {
$sql = "SELECT id_user FROM $tbl_session_rel_course_rel_user WHERE id_session = '$id_session' AND course_code = '$course_code' AND status = 2 "; $sql = "SELECT id_user FROM $tbl_session_rel_course_rel_user WHERE id_session = '$id_session' AND course_code = '$course_code' AND status = 2 ";
$rs = Database::query($sql,__FILE__,__LINE__); $rs = Database::query($sql);
if (Database::num_rows($rs) > 0) { if (Database::num_rows($rs) > 0) {
while ($infos = Database::fetch_array($rs)) { while ($infos = Database::fetch_array($rs)) {
@ -95,7 +95,7 @@ if ($_POST['formSent']) {
$order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username'; $order_clause = api_sort_by_first_name() ? ' ORDER BY firstname, lastname, username' : ' ORDER BY lastname, firstname, username';
$sql="SELECT user_id,lastname,firstname,username FROM $tbl_user WHERE status='1'".$order_clause; $sql="SELECT user_id,lastname,firstname,username FROM $tbl_user WHERE status='1'".$order_clause;
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$coaches=Database::store_result($result); $coaches=Database::store_result($result);

10
main/admin/session_course_list.php
Unescape View File

@ -28,7 +28,7 @@ $page=intval($_GET['page']);
$action=$_REQUEST['action']; $action=$_REQUEST['action'];
$sort=in_array($_GET['sort'],array('title','nbr_users'))?$_GET['sort']:'title'; $sort=in_array($_GET['sort'],array('title','nbr_users'))?$_GET['sort']:'title';
$result=Database::query("SELECT name FROM $tbl_session WHERE id='$id_session'",__FILE__,__LINE__); $result=Database::query("SELECT name FROM $tbl_session WHERE id='$id_session'");
if(!list($session_name)=Database::fetch_row($result)) if(!list($session_name)=Database::fetch_row($result))
{ {
@ -45,11 +45,11 @@ if($action == 'delete') {
} }
$idChecked = $my_temp; $idChecked = $my_temp;
$idChecked="'".implode("','",$idChecked)."'"; $idChecked="'".implode("','",$idChecked)."'";
Database::query("DELETE FROM $tbl_session_rel_course WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_course WHERE id_session='$id_session' AND course_code IN($idChecked)");
$nbr_affected_rows=Database::affected_rows(); $nbr_affected_rows=Database::affected_rows();
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code IN($idChecked)",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code IN($idChecked)");
Database::query("UPDATE $tbl_session SET nbr_courses=nbr_courses-$nbr_affected_rows WHERE id='$id_session'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session SET nbr_courses=nbr_courses-$nbr_affected_rows WHERE id='$id_session'");
} }
header('Location: '.api_get_self().'?id_session='.$id_session.'&sort='.$sort); header('Location: '.api_get_self().'?id_session='.$id_session.'&sort='.$sort);
@ -59,7 +59,7 @@ if($action == 'delete') {
$limit=20; $limit=20;
$from=$page * $limit; $from=$page * $limit;
$result=Database::query("SELECT code,title,nbr_users FROM $tbl_session_rel_course,$tbl_course WHERE course_code=code AND id_session='$id_session' ORDER BY $sort LIMIT $from,".($limit+1),__FILE__,__LINE__); $result=Database::query("SELECT code,title,nbr_users FROM $tbl_session_rel_course,$tbl_course WHERE course_code=code AND id_session='$id_session' ORDER BY $sort LIMIT $from,".($limit+1));
$Courses=Database::store_result($result); $Courses=Database::store_result($result);
$nbr_results=sizeof($Sessions); $nbr_results=sizeof($Sessions);
$tool_name = api_htmlentities($session_name,ENT_QUOTES,$charset).' : '.get_lang('CourseListInSession'); $tool_name = api_htmlentities($session_name,ENT_QUOTES,$charset).' : '.get_lang('CourseListInSession');

16
main/admin/session_course_user.php
Unescape View File

@ -47,7 +47,7 @@ if (empty($id_user) || empty($id_session)) {
if (!api_is_platform_admin()) { if (!api_is_platform_admin()) {
$sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session; $sql = 'SELECT session_admin_id FROM '.Database :: get_main_table(TABLE_MAIN_SESSION).' WHERE id='.$id_session;
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
if (Database::result($rs,0,0)!=$_user['user_id']) { if (Database::result($rs,0,0)!=$_user['user_id']) {
api_not_allowed(true); api_not_allowed(true);
} }
@ -73,7 +73,7 @@ if ($_POST['formSent']) {
ON (srcru.id_session = session_rel_course.id_session) ON (srcru.id_session = session_rel_course.id_session)
WHERE id_user = $id_user and session_rel_course.id_session = $id_session"; WHERE id_user = $id_user and session_rel_course.id_session = $id_session";
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
$existingCourses = Database::store_result($rs); $existingCourses = Database::store_result($rs);
if (count($CourseList) == count($existingCourses)) { if (count($CourseList) == count($existingCourses)) {
header('Location: session_course_user.php?id_session='.$id_session.'&id_user='.$id_user.'&msg='.get_lang('MaybeYouWantToDeleteThisUserFromSession')); header('Location: session_course_user.php?id_session='.$id_session.'&id_user='.$id_user.'&msg='.get_lang('MaybeYouWantToDeleteThisUserFromSession'));
@ -90,11 +90,11 @@ if ($_POST['formSent']) {
$enreg_course = Database::escape_string($enreg_course); $enreg_course = Database::escape_string($enreg_course);
$sql_delete = "DELETE FROM $tbl_session_rel_course_rel_user $sql_delete = "DELETE FROM $tbl_session_rel_course_rel_user
WHERE id_user='".$id_user."' AND course_code='".$enreg_course."' AND id_session=$id_session"; WHERE id_user='".$id_user."' AND course_code='".$enreg_course."' AND id_session=$id_session";
Database::query($sql_delete,__FILE__, __LINE__); Database::query($sql_delete);
if(Database::affected_rows()) { if(Database::affected_rows()) {
//update session rel course table //update session rel course table
$sql_update = "UPDATE $tbl_session_rel_course SET nbr_users= nbr_users - 1 WHERE id_session='$id_session' AND course_code='$enreg_course'"; $sql_update = "UPDATE $tbl_session_rel_course SET nbr_users= nbr_users - 1 WHERE id_session='$id_session' AND course_code='$enreg_course'";
Database::query($sql_update,__FILE__, __LINE__); Database::query($sql_update);
} }
} }
} }
@ -103,11 +103,11 @@ if ($_POST['formSent']) {
if(!in_array($existingCourse['code'], $CourseList)){ if(!in_array($existingCourse['code'], $CourseList)){
$existingCourse = Database::escape_string($existingCourse['code']); $existingCourse = Database::escape_string($existingCourse['code']);
$sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$existingCourse','$id_user')"; $sql_insert = "INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$existingCourse','$id_user')";
Database::query($sql_insert,__FILE__, __LINE__); Database::query($sql_insert);
if(Database::affected_rows()) { if(Database::affected_rows()) {
//update session rel course table //update session rel course table
$sql_update = "UPDATE $tbl_session_rel_course SET nbr_users= nbr_users + 1 WHERE id_session='$id_session' AND course_code='$existingCourse'"; $sql_update = "UPDATE $tbl_session_rel_course SET nbr_users= nbr_users + 1 WHERE id_session='$id_session' AND course_code='$existingCourse'";
Database::query($sql_update,__FILE__, __LINE__); Database::query($sql_update);
} }
} }
@ -170,10 +170,10 @@ if ($_configuration['multiple_access_urls']==true) {
} }
}*/ }*/
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Courses=Database::store_result($result); $Courses=Database::store_result($result);
$result=Database::query($sql_all,__FILE__,__LINE__); $result=Database::query($sql_all);
$CoursesAll=Database::store_result($result); $CoursesAll=Database::store_result($result);
$course_temp = array(); $course_temp = array();

8
main/admin/session_course_user_list.php
Unescape View File

@ -29,7 +29,7 @@ if (is_array($idChecked)) {
} }
$idChecked = $my_temp; $idChecked = $my_temp;
} }
$result=Database::query("SELECT name,title FROM $tbl_session,$tbl_course WHERE id='$id_session' AND code='".addslashes($course_code)."'",__FILE__,__LINE__); $result=Database::query("SELECT name,title FROM $tbl_session,$tbl_course WHERE id='$id_session' AND code='".addslashes($course_code)."'");
if(!list($session_name,$course_title)=Database::fetch_row($result)) if(!list($session_name,$course_title)=Database::fetch_row($result))
{ {
@ -40,9 +40,9 @@ if(!list($session_name,$course_title)=Database::fetch_row($result))
if($action == 'delete') { if($action == 'delete') {
if(is_array($idChecked) && count($idChecked)>0 ) { if(is_array($idChecked) && count($idChecked)>0 ) {
$idChecked=implode(',',$idChecked); $idChecked=implode(',',$idChecked);
Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='".addslashes($course_code)."' AND id_user IN($idChecked)",__FILE__,__LINE__); Database::query("DELETE FROM $tbl_session_rel_course_rel_user WHERE id_session='$id_session' AND course_code='".addslashes($course_code)."' AND id_user IN($idChecked)");
$nbr_affected_rows=Database::affected_rows(); $nbr_affected_rows=Database::affected_rows();
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session' AND course_code='".addslashes($course_code)."'",__FILE__,__LINE__); Database::query("UPDATE $tbl_session_rel_course SET nbr_users=nbr_users-$nbr_affected_rows WHERE id_session='$id_session' AND course_code='".addslashes($course_code)."'");
} }
header('Location: '.api_get_self().'?id_session='.$id_session.'&course_code='.urlencode($course_code).'&sort='.$sort); header('Location: '.api_get_self().'?id_session='.$id_session.'&course_code='.urlencode($course_code).'&sort='.$sort);
exit(); exit();
@ -52,7 +52,7 @@ $limit=20;
$from=$page * $limit; $from=$page * $limit;
$is_western_name_order = api_is_western_name_order(); $is_western_name_order = api_is_western_name_order();
$result=Database::query("SELECT user_id,".($is_western_name_order ? 'firstname,lastname' : 'lastname,firstname').",username FROM $tbl_session_rel_course_rel_user,$tbl_user WHERE user_id=id_user AND id_session='$id_session' AND course_code='".addslashes($course_code)."' ORDER BY $sort LIMIT $from,".($limit+1),__FILE__,__LINE__); $result=Database::query("SELECT user_id,".($is_western_name_order ? 'firstname,lastname' : 'lastname,firstname').",username FROM $tbl_session_rel_course_rel_user,$tbl_user WHERE user_id=id_user AND id_session='$id_session' AND course_code='".addslashes($course_code)."' ORDER BY $sort LIMIT $from,".($limit+1));
$Users=Database::store_result($result); $Users=Database::store_result($result);
$nbr_results=sizeof($Users); $nbr_results=sizeof($Users);

6
main/admin/session_edit.php
Unescape View File

@ -27,7 +27,7 @@ $tool_name = get_lang('EditSession');
$interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin')); $interbreadcrumb[]=array('url' => 'index.php',"name" => get_lang('PlatformAdmin'));
$interbreadcrumb[]=array('url' => "session_list.php","name" => get_lang('SessionList')); $interbreadcrumb[]=array('url' => "session_list.php","name" => get_lang('SessionList'));
$result=Database::query("SELECT name,date_start,date_end,id_coach, session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end, session_category_id, visibility FROM $tbl_session WHERE id='$id'",__FILE__,__LINE__); $result=Database::query("SELECT name,date_start,date_end,id_coach, session_admin_id, nb_days_access_before_beginning, nb_days_access_after_end, session_category_id, visibility FROM $tbl_session WHERE id='$id'");
if (!$infos=Database::fetch_array($result)) { if (!$infos=Database::fetch_array($result)) {
header('Location: session_list.php'); header('Location: session_list.php');
@ -76,7 +76,7 @@ if ($_configuration['multiple_access_urls']==true){
} }
} }
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Coaches=Database::store_result($result); $Coaches=Database::store_result($result);
$thisYear=date('Y'); $thisYear=date('Y');
@ -126,7 +126,7 @@ unset($Coaches);
$tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY); $tbl_session_category = Database::get_main_table(TABLE_MAIN_SESSION_CATEGORY);
//$access_url_id = api_get_current_access_url_id(); //$access_url_id = api_get_current_access_url_id();
$sql = 'SELECT id, name FROM '.$tbl_session_category.' ORDER BY name ASC'; $sql = 'SELECT id, name FROM '.$tbl_session_category.' ORDER BY name ASC';
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
$Categories = Database::store_result($result); $Categories = Database::store_result($result);
?> ?>
<tr> <tr>

14
main/admin/session_export.php
Unescape View File

@ -84,7 +84,7 @@ if ($_POST['formSent'] )
} }
} }
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
} }
else else
{ {
@ -94,7 +94,7 @@ if ($_POST['formSent'] )
ON $tbl_user.user_id = $tbl_session.id_coach ON $tbl_user.user_id = $tbl_session.id_coach
WHERE id='$session_id'"; WHERE id='$session_id'";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
} }
@ -161,7 +161,7 @@ if ($_POST['formSent'] )
ON $tbl_user.user_id = $tbl_session_user.id_user ON $tbl_user.user_id = $tbl_session_user.id_user
AND $tbl_session_user.id_session = '".$row['id']."'"; AND $tbl_session_user.id_session = '".$row['id']."'";
$rsUsers = Database::query($sql,__FILE__,__LINE__); $rsUsers = Database::query($sql);
$users = ''; $users = '';
while($rowUsers = Database::fetch_array($rsUsers)){ while($rowUsers = Database::fetch_array($rsUsers)){
if($cvs){ if($cvs){
@ -186,7 +186,7 @@ if ($_POST['formSent'] )
ON $tbl_course.code = $tbl_session_course_user.course_code ON $tbl_course.code = $tbl_session_course_user.course_code
AND $tbl_session_course_user.id_session = '".$row['id']."'"; AND $tbl_session_course_user.id_session = '".$row['id']."'";
$rsCourses = Database::query($sql,__FILE__,__LINE__); $rsCourses = Database::query($sql);
$courses = ''; $courses = '';
while($rowCourses = Database::fetch_array($rsCourses)){ while($rowCourses = Database::fetch_array($rsCourses)){
@ -198,7 +198,7 @@ if ($_POST['formSent'] )
WHERE scu.course_code = '{$rowCourses['code']}' WHERE scu.course_code = '{$rowCourses['code']}'
AND scu.id_session = '".$row['id']."' AND scu.status = 2 "; AND scu.id_session = '".$row['id']."' AND scu.status = 2 ";
$rs_coachs = Database::query($sql,__FILE__,__LINE__); $rs_coachs = Database::query($sql);
$coachs = array(); $coachs = array();
while ($row_coachs = Database::fetch_array($rs_coachs)) { while ($row_coachs = Database::fetch_array($rs_coachs)) {
$coachs[] = $row_coachs['username']; $coachs[] = $row_coachs['username'];
@ -225,7 +225,7 @@ if ($_POST['formSent'] )
AND scu.course_code='".$rowCourses['code']."' AND scu.course_code='".$rowCourses['code']."'
AND scu.id_session='".$row['id']."'"; AND scu.id_session='".$row['id']."'";
$rsUsersCourse = Database::query($sql,__FILE__,__LINE__); $rsUsersCourse = Database::query($sql);
$userscourse = ''; $userscourse = '';
while($rowUsersCourse = Database::fetch_array($rsUsersCourse)){ while($rowUsersCourse = Database::fetch_array($rsUsersCourse)){
@ -291,7 +291,7 @@ if ($_configuration['multiple_access_urls']==true) {
} }
$result=Database::query($sql,__FILE__,__LINE__); $result=Database::query($sql);
$Sessions=Database::store_result($result); $Sessions=Database::store_result($result);
?> ?>

86
main/admin/session_import.php
Unescape View File

@ -113,7 +113,7 @@ if ($_POST['formSent']) {
status = '".Database::escape_string($status)."'"; status = '".Database::escape_string($status)."'";
// When it is applicable, adding the access_url rel user relationship too. // When it is applicable, adding the access_url rel user relationship too.
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
$return = Database::insert_id(); $return = Database::insert_id();
global $_configuration; global $_configuration;
require_once api_get_path(LIBRARY_PATH).'urlmanager.lib.php'; require_once api_get_path(LIBRARY_PATH).'urlmanager.lib.php';
@ -160,7 +160,7 @@ if ($_POST['formSent']) {
status = '".Database::escape_string($status)."' status = '".Database::escape_string($status)."'
WHERE username = '".Database::escape_string($username)."'"; WHERE username = '".Database::escape_string($username)."'";
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
} }
} }
} }
@ -176,7 +176,7 @@ if ($_POST['formSent']) {
// Looking up for the teacher. // Looking up for the teacher.
$sql = "SELECT user_id, lastname, firstname FROM $tbl_user WHERE username='$username'"; $sql = "SELECT user_id, lastname, firstname FROM $tbl_user WHERE username='$username'";
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
list($user_id, $lastname, $firstname) = Database::fetch_array($rs); list($user_id, $lastname, $firstname) = Database::fetch_array($rs);
global $_configuration; global $_configuration;
$keys = define_course_keys($course_code, '', $_configuration['db_prefix']); $keys = define_course_keys($course_code, '', $_configuration['db_prefix']);
@ -223,7 +223,7 @@ if ($_POST['formSent']) {
tutor_name = '".api_get_person_name($firstname, $lastname, null, null, $language)."', tutor_name = '".api_get_person_name($firstname, $lastname, null, null, $language)."',
visual_code = '".$current_course_code."'"; visual_code = '".$current_course_code."'";
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
$sql = "INSERT INTO ".$tbl_course_user." SET $sql = "INSERT INTO ".$tbl_course_user." SET
course_code = '".$current_course_id."', course_code = '".$current_course_id."',
@ -234,7 +234,7 @@ if ($_POST['formSent']) {
sort='". ($sort + 1)."', sort='". ($sort + 1)."',
user_course_cat='0'"; user_course_cat='0'";
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
} }
} }
} }
@ -302,7 +302,7 @@ if ($_POST['formSent']) {
$suffix = ' - '.$i; $suffix = ' - '.$i;
} }
$sql = 'SELECT 1 FROM '.$tbl_session.' WHERE name="'.Database::escape_string($session_name.$suffix).'"'; $sql = 'SELECT 1 FROM '.$tbl_session.' WHERE name="'.Database::escape_string($session_name.$suffix).'"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
if (Database::result($rs, 0, 0)) { if (Database::result($rs, 0, 0)) {
$i++; $i++;
} else { } else {
@ -319,7 +319,7 @@ if ($_POST['formSent']) {
visibility = '$visibility', visibility = '$visibility',
session_category_id = '$session_category_id', session_category_id = '$session_category_id',
session_admin_id=".intval($_user['user_id']); session_admin_id=".intval($_user['user_id']);
$rs_session = Database::query($sql_session, __FILE__, __LINE__); $rs_session = Database::query($sql_session);
$session_id = Database::insert_id(); $session_id = Database::insert_id();
$session_counter++; $session_counter++;
@ -336,7 +336,7 @@ if ($_POST['formSent']) {
visibility = '$visibility', visibility = '$visibility',
session_category_id = '$session_category_id', session_category_id = '$session_category_id',
session_admin_id=".intval($_user['user_id']); session_admin_id=".intval($_user['user_id']);
$rs_session = Database::query($sql_session, __FILE__, __LINE__); $rs_session = Database::query($sql_session);
$session_id = Database::insert_id(); $session_id = Database::insert_id();
$session_counter++; $session_counter++;
} else { } else {
@ -348,12 +348,12 @@ if ($_POST['formSent']) {
visibility = '$visibility', visibility = '$visibility',
session_category_id = '$session_category_id' session_category_id = '$session_category_id'
WHERE name = '$session_name'"; WHERE name = '$session_name'";
$rs_session = Database::query($sql_session, __FILE__, __LINE__); $rs_session = Database::query($sql_session);
$session_id = Database::query("SELECT id FROM $tbl_session WHERE name='$session_name'", __FILE__, __LINE__); $session_id = Database::query("SELECT id FROM $tbl_session WHERE name='$session_name'");
list($session_id) = Database::fetch_array($session_id); list($session_id) = Database::fetch_array($session_id);
Database::query("DELETE FROM $tbl_session_user WHERE id_session='$session_id'", __FILE__, __LINE__); Database::query("DELETE FROM $tbl_session_user WHERE id_session='$session_id'");
Database::query("DELETE FROM $tbl_session_course WHERE id_session='$session_id'", __FILE__, __LINE__); Database::query("DELETE FROM $tbl_session_course WHERE id_session='$session_id'");
Database::query("DELETE FROM $tbl_session_course_user WHERE id_session='$session_id'", __FILE__, __LINE__); Database::query("DELETE FROM $tbl_session_course_user WHERE id_session='$session_id'");
} }
} }
@ -378,7 +378,7 @@ if ($_POST['formSent']) {
$sql = "INSERT IGNORE INTO $tbl_session_user SET $sql = "INSERT IGNORE INTO $tbl_session_user SET
id_user='$user_id', id_user='$user_id',
id_session = '$session_id'"; id_session = '$session_id'";
$rs_user = Database::query($sql, __FILE__, __LINE__); $rs_user = Database::query($sql);
$user_counter++; $user_counter++;
} }
} }
@ -400,7 +400,7 @@ if ($_POST['formSent']) {
$sql_course = "INSERT INTO $tbl_session_course SET $sql_course = "INSERT INTO $tbl_session_course SET
course_code = '$course_code', course_code = '$course_code',
id_session='$session_id'"; id_session='$session_id'";
$rs_course = Database::query($sql_course, __FILE__, __LINE__); $rs_course = Database::query($sql_course);
} }
$course_coachs = explode(",",$node_course->Coach); $course_coachs = explode(",",$node_course->Coach);
@ -415,7 +415,7 @@ if ($_POST['formSent']) {
course_code='$course_code', course_code='$course_code',
id_session = '$session_id', id_session = '$session_id',
status = 2 "; status = 2 ";
$rs_coachs = Database::query($sql, __FILE__, __LINE__); $rs_coachs = Database::query($sql);
} else { } else {
$error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />'; $error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />';
} }
@ -432,21 +432,21 @@ if ($_POST['formSent']) {
$sql = "INSERT IGNORE INTO $tbl_session_user SET $sql = "INSERT IGNORE INTO $tbl_session_user SET
id_user='$user_id', id_user='$user_id',
id_session = '$session_id'"; id_session = '$session_id'";
$rs_user = Database::query($sql, __FILE__, __LINE__); $rs_user = Database::query($sql);
$user_counter++; $user_counter++;
// Adding to session_rel_user_rel_course table. // Adding to session_rel_user_rel_course table.
$sql = "INSERT IGNORE INTO $tbl_session_course_user SET $sql = "INSERT IGNORE INTO $tbl_session_course_user SET
id_user='$user_id', id_user='$user_id',
course_code='$course_code', course_code='$course_code',
id_session = '$session_id'"; id_session = '$session_id'";
$rs_users = Database::query($sql, __FILE__, __LINE__); $rs_users = Database::query($sql);
$users_in_course_counter++; $users_in_course_counter++;
} else { } else {
$error_message .= get_lang('UserDoesNotExist').' : '.$username.'<br />'; $error_message .= get_lang('UserDoesNotExist').' : '.$username.'<br />';
} }
} }
$update_session_course = "UPDATE $tbl_session_course SET nbr_users='$users_in_course_counter' WHERE course_code='$course_code'"; $update_session_course = "UPDATE $tbl_session_course SET nbr_users='$users_in_course_counter' WHERE course_code='$course_code'";
Database::query($update_session_course, __FILE__, __LINE__); Database::query($update_session_course);
$inserted_in_course[$course_code] = $course_info['title']; $inserted_in_course[$course_code] = $course_info['title'];
} }
@ -463,7 +463,7 @@ if ($_POST['formSent']) {
$sql_course = "INSERT INTO $tbl_session_course SET $sql_course = "INSERT INTO $tbl_session_course SET
course_code = '".$vcourse['code']."', course_code = '".$vcourse['code']."',
id_session='$session_id'"; id_session='$session_id'";
$rs_course = Database::query($sql_course, __FILE__, __LINE__); $rs_course = Database::query($sql_course);
$course_coachs = explode(",",$node_course->Coach); $course_coachs = explode(",",$node_course->Coach);
@ -477,7 +477,7 @@ if ($_POST['formSent']) {
course_code='{$vcourse['code']}', course_code='{$vcourse['code']}',
id_session = '$session_id', id_session = '$session_id',
status = 2 "; status = 2 ";
$rs_coachs = Database::query($sql, __FILE__, __LINE__); $rs_coachs = Database::query($sql);
} else { } else {
$error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />'; $error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />';
} }
@ -494,21 +494,21 @@ if ($_POST['formSent']) {
$sql = "INSERT IGNORE INTO $tbl_session_user SET $sql = "INSERT IGNORE INTO $tbl_session_user SET
id_user='$user_id', id_user='$user_id',
id_session = '$session_id'"; id_session = '$session_id'";
$rs_user = Database::query($sql, __FILE__, __LINE__); $rs_user = Database::query($sql);
$user_counter++; $user_counter++;
// Adding to session_rel_user_rel_course table. // Adding to session_rel_user_rel_course table.
$sql = "INSERT IGNORE INTO $tbl_session_course_user SET $sql = "INSERT IGNORE INTO $tbl_session_course_user SET
id_user='$user_id', id_user='$user_id',
course_code='{$vcourse['code']}', course_code='{$vcourse['code']}',
id_session = '$session_id'"; id_session = '$session_id'";
$rs_users = Database::query($sql, __FILE__, __LINE__); $rs_users = Database::query($sql);
$users_in_course_counter++; $users_in_course_counter++;
} else { } else {
$error_message .= get_lang('UserDoesNotExist').' : '.$username.'<br />'; $error_message .= get_lang('UserDoesNotExist').' : '.$username.'<br />';
} }
} }
$update_session_course = "UPDATE $tbl_session_course SET nbr_users='$users_in_course_counter' WHERE course_code='$course_code'"; $update_session_course = "UPDATE $tbl_session_course SET nbr_users='$users_in_course_counter' WHERE course_code='$course_code'";
Database::query($update_session_course, __FILE__, __LINE__); Database::query($update_session_course);
$inserted_in_course[$course_code] = $course_info['title']; $inserted_in_course[$course_code] = $course_info['title'];
} }
@ -520,7 +520,7 @@ if ($_POST['formSent']) {
$error_message .= get_lang('CourseDoesNotExist').' : '.$course_code.'<br />'; $error_message .= get_lang('CourseDoesNotExist').' : '.$course_code.'<br />';
} }
} }
Database::query("UPDATE $tbl_session SET nbr_users='$user_counter', nbr_courses='$course_counter' WHERE id='$session_id'", __FILE__, __LINE__); Database::query("UPDATE $tbl_session SET nbr_users='$user_counter', nbr_courses='$course_counter' WHERE id='$session_id'");
} }
} }
@ -592,7 +592,7 @@ if ($_POST['formSent']) {
$suffix = ' - '.$i; $suffix = ' - '.$i;
} }
$sql = 'SELECT 1 FROM '.$tbl_session.' WHERE name="'.Database::escape_string($session_name.$suffix).'"'; $sql = 'SELECT 1 FROM '.$tbl_session.' WHERE name="'.Database::escape_string($session_name.$suffix).'"';
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
if (Database::result($rs, 0, 0)) { if (Database::result($rs, 0, 0)) {
$i++; $i++;
@ -611,7 +611,7 @@ if ($_POST['formSent']) {
visibility = '$visibility', visibility = '$visibility',
session_category_id = '$session_category_id', session_category_id = '$session_category_id',
session_admin_id=".intval($_user['user_id']); session_admin_id=".intval($_user['user_id']);
$rs_session = Database::query($sql_session, __FILE__, __LINE__); $rs_session = Database::query($sql_session);
$session_id = Database::insert_id(); $session_id = Database::insert_id();
$session_counter++; $session_counter++;
} else { } else {
@ -627,7 +627,7 @@ if ($_POST['formSent']) {
visibility = '$visibility', visibility = '$visibility',
session_category_id = '$session_category_id'"; session_category_id = '$session_category_id'";
$rs_session = Database::query($sql_session, __FILE__, __LINE__); $rs_session = Database::query($sql_session);
// We get the last insert id. // We get the last insert id.
$my_session_result = SessionManager::get_session_by_name($session_name); $my_session_result = SessionManager::get_session_by_name($session_name);
$session_id = $my_session_result['id']; $session_id = $my_session_result['id'];
@ -641,12 +641,12 @@ if ($_POST['formSent']) {
visibility = '$visibility', visibility = '$visibility',
session_category_id = '$session_category_id' session_category_id = '$session_category_id'
WHERE name = '$session_name'"; WHERE name = '$session_name'";
$rs_session = Database::query($sql_session, __FILE__, __LINE__); $rs_session = Database::query($sql_session);
$session_id = Database::query("SELECT id FROM $tbl_session WHERE name='$session_name'", __FILE__, __LINE__); $session_id = Database::query("SELECT id FROM $tbl_session WHERE name='$session_name'");
list($session_id) = Database::fetch_array($session_id); list($session_id) = Database::fetch_array($session_id);
Database::query("DELETE FROM $tbl_session_user WHERE id_session='$session_id'", __FILE__, __LINE__); Database::query("DELETE FROM $tbl_session_user WHERE id_session='$session_id'");
Database::query("DELETE FROM $tbl_session_course WHERE id_session='$session_id'", __FILE__, __LINE__); Database::query("DELETE FROM $tbl_session_course WHERE id_session='$session_id'");
Database::query("DELETE FROM $tbl_session_course_user WHERE id_session='$session_id'", __FILE__, __LINE__); Database::query("DELETE FROM $tbl_session_course_user WHERE id_session='$session_id'");
} }
$session_counter++; $session_counter++;
} }
@ -662,7 +662,7 @@ if ($_POST['formSent']) {
$sql = "INSERT IGNORE INTO $tbl_session_user SET $sql = "INSERT IGNORE INTO $tbl_session_user SET
id_user='$user_id', id_user='$user_id',
id_session = '$session_id'"; id_session = '$session_id'";
$rs_user = Database::query($sql, __FILE__, __LINE__); $rs_user = Database::query($sql);
$user_counter++; $user_counter++;
} }
} }
@ -693,7 +693,7 @@ if ($_POST['formSent']) {
$sql_course = "INSERT IGNORE INTO $tbl_session_course SET $sql_course = "INSERT IGNORE INTO $tbl_session_course SET
course_code = '$course_code', course_code = '$course_code',
id_session='$session_id'"; id_session='$session_id'";
$rs_course = Database::query($sql_course, __FILE__, __LINE__); $rs_course = Database::query($sql_course);
$course_counter++; $course_counter++;
$course_split = array(); $course_split = array();
@ -715,7 +715,7 @@ if ($_POST['formSent']) {
course_code='$course_code', course_code='$course_code',
id_session = '$session_id', id_session = '$session_id',
status = 2 "; status = 2 ";
$rs_coachs = Database::query($sql, __FILE__, __LINE__); $rs_coachs = Database::query($sql);
} else { } else {
$error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />'; $error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />';
} }
@ -730,14 +730,14 @@ if ($_POST['formSent']) {
id_user='$user_id', id_user='$user_id',
course_code='$course_code', course_code='$course_code',
id_session = '$session_id'"; id_session = '$session_id'";
$rs_users = Database::query($sql, __FILE__, __LINE__); $rs_users = Database::query($sql);
$users_in_course_counter++; $users_in_course_counter++;
} else { } else {
$error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />'; $error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />';
} }
} }
$sql = "UPDATE $tbl_session_course SET nbr_users='$users_in_course_counter' WHERE course_code='$course_code'"; $sql = "UPDATE $tbl_session_course SET nbr_users='$users_in_course_counter' WHERE course_code='$course_code'";
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
$course_info = CourseManager::get_course_information($course_code); $course_info = CourseManager::get_course_information($course_code);
$inserted_in_course[$course_code] = $course_info['title']; $inserted_in_course[$course_code] = $course_info['title'];
@ -762,7 +762,7 @@ if ($_POST['formSent']) {
course_code = '".$vcourse['code']."', course_code = '".$vcourse['code']."',
id_session='$session_id'"; id_session='$session_id'";
$rs_course = Database::query($sql_course, __FILE__, __LINE__); $rs_course = Database::query($sql_course);
// adding coachs to session course user // adding coachs to session course user
foreach ($course_coachs as $course_coach) { foreach ($course_coachs as $course_coach) {
@ -773,7 +773,7 @@ if ($_POST['formSent']) {
course_code='{$vcourse['code']}', course_code='{$vcourse['code']}',
id_session = '$session_id', id_session = '$session_id',
status = 2 "; status = 2 ";
$rs_coachs = Database::query($sql, __FILE__, __LINE__); $rs_coachs = Database::query($sql);
} else { } else {
$error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />'; $error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />';
} }
@ -788,13 +788,13 @@ if ($_POST['formSent']) {
id_user='$user_id', id_user='$user_id',
course_code='{$vcourse['code']}', course_code='{$vcourse['code']}',
id_session = '$session_id'"; id_session = '$session_id'";
$rs_users = Database::query($sql, __FILE__, __LINE__); $rs_users = Database::query($sql);
$users_in_course_counter++; $users_in_course_counter++;
} else { } else {
$error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />'; $error_message .= get_lang('UserDoesNotExist').' : '.$user.'<br />';
} }
} }
Database::query("UPDATE $tbl_session_course SET nbr_users='$users_in_course_counter' WHERE course_code='".$vcourse['code']."'", __FILE__, __LINE__); Database::query("UPDATE $tbl_session_course SET nbr_users='$users_in_course_counter' WHERE course_code='".$vcourse['code']."'");
} }
} }
$inserted_in_course[$vcourse['code']] = $vcourse['title']; $inserted_in_course[$vcourse['code']] = $vcourse['title'];
@ -802,7 +802,7 @@ if ($_POST['formSent']) {
} }
$sql_update_users = "UPDATE $tbl_session SET nbr_users='$user_counter', nbr_courses='$course_counter' WHERE id='$session_id'"; $sql_update_users = "UPDATE $tbl_session SET nbr_users='$user_counter', nbr_courses='$course_counter' WHERE id='$session_id'";
Database::query($sql_update_users, __FILE__, __LINE__); Database::query($sql_update_users);
} }
} }
} }

76
main/admin/session_list.php
Unescape View File

@ -51,7 +51,7 @@ $interbreadcrumb[]=array("url" => "index.php","name" => get_lang('PlatformAdmin'
//table for the search //table for the search
if (isset ($_GET['search']) && $_GET['search'] == 'advanced') { if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
$interbreadcrumb[] = array ("url" => 'session_list.php', "name" => get_lang('SessionList')); $interbreadcrumb[] = array ("url" => 'session_list.php', "name" => get_lang('SessionList'));
$tool_name = get_lang('SearchASession'); $tool_name = get_lang('SearchASession');
Display :: display_header($tool_name); Display :: display_header($tool_name);
@ -82,7 +82,7 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
$limit=20; $limit=20;
$from=$page * $limit; $from=$page * $limit;
$where = 'WHERE 1=1 '; $where = 'WHERE 1=1 ';
//Prevent hacking keyword //Prevent hacking keyword
if ( isset ($_GET['keyword'])) { if ( isset ($_GET['keyword'])) {
$keyword = Database::escape_string(trim($_GET['keyword'])); $keyword = Database::escape_string(trim($_GET['keyword']));
@ -93,28 +93,28 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
$keyword_firstname = Database::escape_string(trim($_GET['keyword_firstname'])); $keyword_firstname = Database::escape_string(trim($_GET['keyword_firstname']));
$keyword_lastname = Database::escape_string(trim($_GET['keyword_lastname'])); $keyword_lastname = Database::escape_string(trim($_GET['keyword_lastname']));
} }
//Process for the search advanced //Process for the search advanced
if (!empty($_REQUEST['keyword_name'])) { if (!empty($_REQUEST['keyword_name'])) {
$where .= " AND s.name LIKE '%".$keyword_name."%'"; $where .= " AND s.name LIKE '%".$keyword_name."%'";
} }
if (!empty($_REQUEST['keyword_category'])) { if (!empty($_REQUEST['keyword_category'])) {
$where .= " AND sc.name LIKE '%".$keyword_category."%'"; $where .= " AND sc.name LIKE '%".$keyword_category."%'";
} }
if (!empty($_REQUEST['keyword_visibility']) AND $_REQUEST['keyword_visibility']!='%') { if (!empty($_REQUEST['keyword_visibility']) AND $_REQUEST['keyword_visibility']!='%') {
$where .= " AND s.visibility LIKE '%".$keyword_visibility."%'"; $where .= " AND s.visibility LIKE '%".$keyword_visibility."%'";
} }
if (!empty($_REQUEST['keyword_firstname'])) { if (!empty($_REQUEST['keyword_firstname'])) {
$where .= " AND u.firstname LIKE '%".$keyword_firstname."%'"; $where .= " AND u.firstname LIKE '%".$keyword_firstname."%'";
} }
if (!empty($_REQUEST['keyword_lastname'])) { if (!empty($_REQUEST['keyword_lastname'])) {
$where .= " AND u.lastname LIKE '%".$keyword_lastname."%'"; $where .= " AND u.lastname LIKE '%".$keyword_lastname."%'";
} }
if (isset($_REQUEST['active']) && isset($_REQUEST['inactive'] )) { if (isset($_REQUEST['active']) && isset($_REQUEST['inactive'] )) {
// if both are set we search all sessions // if both are set we search all sessions
$cond_url = '&amp;active='.Security::remove_XSS($_REQUEST['active']); $cond_url = '&amp;active='.Security::remove_XSS($_REQUEST['active']);
@ -129,56 +129,56 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
$cond_url = '&amp;inactive='.Security::remove_XSS($_REQUEST['inactive']); $cond_url = '&amp;inactive='.Security::remove_XSS($_REQUEST['inactive']);
} }
} }
if(isset($_GET['id_category'])){ if(isset($_GET['id_category'])){
$where.= ' AND '; $where.= ' AND ';
$id_category = Security::remove_XSS($id_category); $id_category = Security::remove_XSS($id_category);
$where.= ' session_category_id = "'.$id_category.'" '; $where.= ' session_category_id = "'.$id_category.'" ';
$cond_url.= '&amp;id_category='.$id_category; $cond_url.= '&amp;id_category='.$id_category;
} }
//Get list sessions //Get list sessions
$sort = ($sort != "name_category")? 's.'.$sort : 'category_name'; $sort = ($sort != "name_category")? 's.'.$sort : 'category_name';
$query = "SELECT s.id, s.name, s.nbr_courses, s.date_start, s.date_end, u.firstname, u.lastname , sc.name as category_name, s.visibility $query = "SELECT s.id, s.name, s.nbr_courses, s.date_start, s.date_end, u.firstname, u.lastname , sc.name as category_name, s.visibility
FROM $tbl_session s FROM $tbl_session s
LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id
INNER JOIN $tbl_user u ON s.id_coach = u.user_id INNER JOIN $tbl_user u ON s.id_coach = u.user_id
$where $where
ORDER BY $sort "; ORDER BY $sort ";
//query which allows me to get a record without taking into account the page //query which allows me to get a record without taking into account the page
$query_rows = "SELECT count(*) as total_rows $query_rows = "SELECT count(*) as total_rows
FROM $tbl_session s FROM $tbl_session s
LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id
INNER JOIN $tbl_user u ON s.id_coach = u.user_id INNER JOIN $tbl_user u ON s.id_coach = u.user_id
$where "; $where ";
//filtering the session list by access_url //filtering the session list by access_url
if ($_configuration['multiple_access_urls'] == true){ if ($_configuration['multiple_access_urls'] == true){
$table_access_url_rel_session= Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION); $table_access_url_rel_session= Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_SESSION);
$access_url_id = api_get_current_access_url_id(); $access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) { if ($access_url_id != -1) {
$where.= " AND ar.access_url_id = $access_url_id "; $where.= " AND ar.access_url_id = $access_url_id ";
$query = "SELECT s.id, s.name, s.nbr_courses, s.date_start, s.date_end, u.firstname, u.lastname , sc.name as category_name , s.visibility $query = "SELECT s.id, s.name, s.nbr_courses, s.date_start, s.date_end, u.firstname, u.lastname , sc.name as category_name , s.visibility
FROM $tbl_session s FROM $tbl_session s
LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id
INNER JOIN $tbl_user u ON s.id_coach = u.user_id INNER JOIN $tbl_user u ON s.id_coach = u.user_id
INNER JOIN $table_access_url_rel_session ar ON ar.session_id = s.id INNER JOIN $table_access_url_rel_session ar ON ar.session_id = s.id
$where $where
ORDER BY $sort LIMIT $from,".($limit+1); ORDER BY $sort LIMIT $from,".($limit+1);
$query_rows = "SELECT count(*) as total_rows $query_rows = "SELECT count(*) as total_rows
FROM $tbl_session s FROM $tbl_session s
LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id LEFT JOIN $tbl_session_category sc ON s.session_category_id = sc.id
INNER JOIN $tbl_user u ON s.id_coach = u.user_id INNER JOIN $tbl_user u ON s.id_coach = u.user_id
INNER JOIN $table_access_url_rel_session ar ON ar.session_id = s.id INNER JOIN $table_access_url_rel_session ar ON ar.session_id = s.id
$where "; $where ";
} }
} }
$result_rows = Database::query($query_rows,__FILE__,__LINE__); $result_rows = Database::query($query_rows);
$recorset = Database::fetch_array($result_rows); $recorset = Database::fetch_array($result_rows);
$num = $recorset['total_rows']; $num = $recorset['total_rows'];
$result=Database::query($query,__FILE__,__LINE__); $result=Database::query($query);
$Sessions=Database::store_result($result); $Sessions=Database::store_result($result);
$nbr_results=sizeof($Sessions); $nbr_results=sizeof($Sessions);
$tool_name = get_lang('SessionList'); $tool_name = get_lang('SessionList');
@ -196,8 +196,8 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
<?php <?php
echo '<div style="float:right;"> echo '<div style="float:right;">
<a href="'.api_get_path(WEB_CODE_PATH).'admin/session_add.php">'.Display::return_icon('view_more_stats.gif',get_lang('AddSession')).get_lang('AddSession').'</a> <a href="'.api_get_path(WEB_CODE_PATH).'admin/session_add.php">'.Display::return_icon('view_more_stats.gif',get_lang('AddSession')).get_lang('AddSession').'</a>
<a href="'.api_get_path(WEB_CODE_PATH).'admin/add_many_session_to_category.php">'.Display::return_icon('view_more_stats.gif',get_lang('AddSessionsInCategories')).get_lang('AddSessionsInCategories').'</a> <a href="'.api_get_path(WEB_CODE_PATH).'admin/add_many_session_to_category.php">'.Display::return_icon('view_more_stats.gif',get_lang('AddSessionsInCategories')).get_lang('AddSessionsInCategories').'</a>
</div>'; </div>';
?> ?>
<form method="POST" action="session_list.php"> <form method="POST" action="session_list.php">
@ -259,7 +259,7 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
} }
$sql = 'SELECT COUNT(course_code) FROM '.$tbl_session_rel_course.' WHERE id_session='.intval($enreg['id']); $sql = 'SELECT COUNT(course_code) FROM '.$tbl_session_rel_course.' WHERE id_session='.intval($enreg['id']);
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql);
list($nb_courses) = Database::fetch_array($rs); list($nb_courses) = Database::fetch_array($rs);
?> ?>
@ -273,7 +273,7 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
<td><?php echo api_htmlentities($enreg['date_end'],ENT_QUOTES,$charset); ?></td> <td><?php echo api_htmlentities($enreg['date_end'],ENT_QUOTES,$charset); ?></td>
<td><?php echo api_htmlentities(api_get_person_name($enreg['firstname'], $enreg['lastname']),ENT_QUOTES,$charset); ?></td> <td><?php echo api_htmlentities(api_get_person_name($enreg['firstname'], $enreg['lastname']),ENT_QUOTES,$charset); ?></td>
<td><?php <td><?php
switch (intval($enreg['visibility'])) { switch (intval($enreg['visibility'])) {
case SESSION_VISIBLE_READ_ONLY: //1 case SESSION_VISIBLE_READ_ONLY: //1
echo get_lang('ReadOnly'); echo get_lang('ReadOnly');
@ -283,10 +283,10 @@ if (isset ($_GET['search']) && $_GET['search'] == 'advanced') {
break; break;
case SESSION_INVISIBLE: //3 case SESSION_INVISIBLE: //3
echo api_ucfirst(get_lang('Invisible')); echo api_ucfirst(get_lang('Invisible'));
break; break;
} }
?></td> ?></td>
<td> <td>
<a href="add_users_to_session.php?page=session_list.php&id_session=<?php echo $enreg['id']; ?>"><?php Display::display_icon('add_user_big.gif', get_lang('SubscribeUsersToSession')); ?></a> <a href="add_users_to_session.php?page=session_list.php&id_session=<?php echo $enreg['id']; ?>"><?php Display::display_icon('add_user_big.gif', get_lang('SubscribeUsersToSession')); ?></a>

40
main/admin/settings.php
Unescape View File

@ -64,7 +64,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
$my_category = Database::escape_string($_GET['category']); $my_category = Database::escape_string($_GET['category']);
$sqlcountsettings = "SELECT COUNT(*) FROM $table_settings_current WHERE category='".$my_category."' AND type<>'checkbox'"; $sqlcountsettings = "SELECT COUNT(*) FROM $table_settings_current WHERE category='".$my_category."' AND type<>'checkbox'";
$resultcountsettings = Database::query($sqlcountsettings, __FILE__, __LINE__); $resultcountsettings = Database::query($sqlcountsettings);
$countsetting = Database::fetch_array($resultcountsettings); $countsetting = Database::fetch_array($resultcountsettings);
if ($_configuration['access_url']==1) { if ($_configuration['access_url']==1) {
@ -98,7 +98,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
//print_r($settings_by_access_list);echo '</pre>'; //print_r($settings_by_access_list);echo '</pre>';
//$sqlsettings = "SELECT DISTINCT * FROM $table_settings_current WHERE category='$my_category' GROUP BY variable ORDER BY id ASC"; //$sqlsettings = "SELECT DISTINCT * FROM $table_settings_current WHERE category='$my_category' GROUP BY variable ORDER BY id ASC";
//$resultsettings = Database::query($sqlsettings, __FILE__, __LINE__); //$resultsettings = Database::query($sqlsettings);
//while ($row = Database::fetch_array($resultsettings)) //while ($row = Database::fetch_array($resultsettings))
$default_values = array(); $default_values = array();
foreach($settings as $row) { foreach($settings as $row) {
@ -218,7 +218,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
//1. we collect all the options of this variable //1. we collect all the options of this variable
$sql = "SELECT * FROM settings_current WHERE variable='".$row['variable']."' AND access_url = 1"; $sql = "SELECT * FROM settings_current WHERE variable='".$row['variable']."' AND access_url = 1";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$group = array (); $group = array ();
while ($rowkeys = Database::fetch_array($result)) { while ($rowkeys = Database::fetch_array($result)) {
if ($rowkeys['variable'] == 'course_create_active_tools' && $rowkeys['subkey'] == 'enable_search') {continue;} if ($rowkeys['variable'] == 'course_create_active_tools' && $rowkeys['subkey'] == 'enable_search') {continue;}
@ -234,7 +234,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
$access_url = $_configuration['access_url']; $access_url = $_configuration['access_url'];
if(empty($access_url )) $access_url =1; if(empty($access_url )) $access_url =1;
$sql = "SELECT selected_value FROM settings_current WHERE variable='".$rowkeys['variable']."' AND subkey='".$rowkeys['subkey']."' AND subkeytext='".$rowkeys['subkeytext']."' AND access_url = $access_url"; $sql = "SELECT selected_value FROM settings_current WHERE variable='".$rowkeys['variable']."' AND subkey='".$rowkeys['subkey']."' AND subkeytext='".$rowkeys['subkeytext']."' AND access_url = $access_url";
$result_access = Database::query($sql, __FILE__, __LINE__); $result_access = Database::query($sql);
$row_access = Database::fetch_array($result_access); $row_access = Database::fetch_array($result_access);
if ($row_access['selected_value'] == 'true' && ! $form->isSubmitted()) { if ($row_access['selected_value'] == 'true' && ! $form->isSubmitted()) {
$element->setChecked(true); $element->setChecked(true);
@ -277,7 +277,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
// will be set to false. // will be set to false.
$r = api_set_settings_category($my_category,'false',$_configuration['access_url'],array('checkbox','radio')); $r = api_set_settings_category($my_category,'false',$_configuration['access_url'],array('checkbox','radio'));
//$sql = "UPDATE $table_settings_current SET selected_value='false' WHERE category='$my_category' AND type='checkbox'"; //$sql = "UPDATE $table_settings_current SET selected_value='false' WHERE category='$my_category' AND type='checkbox'";
//$result = Database::query($sql, __FILE__, __LINE__); //$result = Database::query($sql);
// Save the settings // Save the settings
$keys = array(); $keys = array();
foreach ($values as $key => $value) foreach ($values as $key => $value)
@ -285,7 +285,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
if (!is_array($value)) if (!is_array($value))
{ {
//$sql = "UPDATE $table_settings_current SET selected_value='".Database::escape_string($value)."' WHERE variable='$key'"; //$sql = "UPDATE $table_settings_current SET selected_value='".Database::escape_string($value)."' WHERE variable='$key'";
//$result = Database::query($sql, __FILE__, __LINE__); //$result = Database::query($sql);
if (api_get_setting($key) != $value) $keys[] = $key; if (api_get_setting($key) != $value) $keys[] = $key;
@ -296,7 +296,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
{ {
$sql = "SELECT subkey FROM $table_settings_current WHERE variable = '$key'"; $sql = "SELECT subkey FROM $table_settings_current WHERE variable = '$key'";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$subkeys = array(); $subkeys = array();
while ($row_subkeys = Database::fetch_array($res)) { while ($row_subkeys = Database::fetch_array($res)) {
// if subkey is changed // if subkey is changed
@ -311,7 +311,7 @@ if (!empty($_GET['category']) && !in_array($_GET['category'], array('Plugins', '
{ {
//$sql = "UPDATE $table_settings_current SET selected_value='true' WHERE variable='$key' AND subkey = '$subkey'"; //$sql = "UPDATE $table_settings_current SET selected_value='true' WHERE variable='$key' AND subkey = '$subkey'";
//$result = Database::query($sql, __FILE__, __LINE__); //$result = Database::query($sql);
$result = api_set_setting($key,'true',$subkey,null,$_configuration['access_url']); $result = api_set_setting($key,'true',$subkey,null,$_configuration['access_url']);
@ -366,7 +366,7 @@ $action_images['editor'] = 'html.png';
// grabbing the categories // grabbing the categories
//$selectcategories = "SELECT DISTINCT category FROM ".$table_settings_current." WHERE category NOT IN ('stylesheets','Plugins')"; //$selectcategories = "SELECT DISTINCT category FROM ".$table_settings_current." WHERE category NOT IN ('stylesheets','Plugins')";
//$resultcategories = Database::query($selectcategories, __FILE__, __LINE__); //$resultcategories = Database::query($selectcategories);
$resultcategories = api_get_settings_categories(array('stylesheets','Plugins', 'Templates', 'Search')); $resultcategories = api_get_settings_categories(array('stylesheets','Plugins', 'Templates', 'Search'));
echo "\n<div class=\"actions\">"; echo "\n<div class=\"actions\">";
//while ($row = Database::fetch_array($resultcategories)) //while ($row = Database::fetch_array($resultcategories))
@ -426,7 +426,7 @@ function get_settings_options($var)
{ {
$table_settings_options = Database :: get_main_table(TABLE_MAIN_SETTINGS_OPTIONS); $table_settings_options = Database :: get_main_table(TABLE_MAIN_SETTINGS_OPTIONS);
$sql = "SELECT * FROM $table_settings_options WHERE variable='$var'"; $sql = "SELECT * FROM $table_settings_options WHERE variable='$var'";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
while ($row = Database::fetch_array($result)) while ($row = Database::fetch_array($result))
{ {
$temp_array = array ('value' => $row['value'], 'display_text' => $row['display_text']); $temp_array = array ('value' => $row['value'], 'display_text' => $row['display_text']);
@ -763,7 +763,7 @@ function store_plugins()
// Step 1 : we remove all the plugins // Step 1 : we remove all the plugins
//$sql = "DELETE FROM $table_settings_current WHERE category='Plugins'"; //$sql = "DELETE FROM $table_settings_current WHERE category='Plugins'";
//Database::query($sql, __LINE__, __FILE__); //Database::query($sql);
$r = api_delete_category_settings('Plugins',$_configuration['access_url']); $r = api_delete_category_settings('Plugins',$_configuration['access_url']);
// step 2: looping through all the post values we only store these which are really a valid plugin location. // step 2: looping through all the post values we only store these which are really a valid plugin location.
@ -773,7 +773,7 @@ function store_plugins()
if (is_valid_plugin_location($form_name_elements[1])) if (is_valid_plugin_location($form_name_elements[1]))
{ {
//$sql = "INSERT into $table_settings_current (variable,category,selected_value) VALUES ('".$form_name_elements['1']."','Plugins','".$form_name_elements['0']."')"; //$sql = "INSERT into $table_settings_current (variable,category,selected_value) VALUES ('".$form_name_elements['1']."','Plugins','".$form_name_elements['0']."')";
//Database::query($sql, __LINE__, __FILE__); //Database::query($sql);
api_add_setting($form_name_elements['0'],$form_name_elements['1'],$form_name_elements['0'],null,'Plugins',$form_name_elements['0'],null,null,null,$_configuration['access_url'],1); api_add_setting($form_name_elements['0'],$form_name_elements['1'],$form_name_elements['0'],null,'Plugins',$form_name_elements['0'],null,null,null,$_configuration['access_url'],1);
} }
} }
@ -817,7 +817,7 @@ function store_stylesheets()
WHERE variable = "stylesheets" WHERE variable = "stylesheets"
AND category = "stylesheets"'; AND category = "stylesheets"';
Database::query($sql, __LINE__, __FILE__); Database::query($sql);
*/ */
api_set_setting('stylesheets',$style,null,'stylesheets',$_configuration['access_url']); api_set_setting('stylesheets',$style,null,'stylesheets',$_configuration['access_url']);
@ -985,7 +985,7 @@ function get_number_of_templates()
// The sql statement // The sql statement
$sql = "SELECT COUNT(id) AS total FROM $table_system_template"; $sql = "SELECT COUNT(id) AS total FROM $table_system_template";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
// returning the number of templates // returning the number of templates
@ -1014,7 +1014,7 @@ function get_template_data($from, $number_of_items, $column, $direction)
$sql = "SELECT image as col0, title as col1, id as col2 FROM $table_system_template"; $sql = "SELECT image as col0, title as col1, id as col2 FROM $table_system_template";
$sql .= " ORDER BY col$column $direction "; $sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items"; $sql .= " LIMIT $from,$number_of_items";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
$row['1'] = get_lang($row['1']); $row['1'] = get_lang($row['1']);
$return[] = $row; $return[] = $row;
@ -1101,7 +1101,7 @@ function add_edit_template()
// Database table definition // Database table definition
$table_system_template = Database :: get_main_table('system_template'); $table_system_template = Database :: get_main_table('system_template');
$sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($_GET['id'])."'"; $sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($_GET['id'])."'";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
$defaults['template_id'] = intval($_GET['id']); $defaults['template_id'] = intval($_GET['id']);
@ -1196,7 +1196,7 @@ function add_edit_template()
if ($_GET['action'] == 'add') { if ($_GET['action'] == 'add') {
$content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>'.Database::escape_string($values['template_text']).'</body>'; $content_template = '<head>{CSS}<style type="text/css">.text{font-weight: normal;}</style></head><body>'.Database::escape_string($values['template_text']).'</body>';
$sql = "INSERT INTO $table_system_template (title, content, image) VALUES ('".Database::escape_string($values['title'])."','".$content_template."','".Database::escape_string($new_file_name)."')"; $sql = "INSERT INTO $table_system_template (title, content, image) VALUES ('".Database::escape_string($values['title'])."','".$content_template."','".Database::escape_string($new_file_name)."')";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
// display a feedback message // display a feedback message
Display::display_confirmation_message(get_lang('TemplateAdded')); Display::display_confirmation_message(get_lang('TemplateAdded'));
@ -1210,7 +1210,7 @@ function add_edit_template()
$sql .= ", image = '".Database::escape_string($new_file_name)."'"; $sql .= ", image = '".Database::escape_string($new_file_name)."'";
} }
$sql .= " WHERE id='".Database::escape_string($_GET['id'])."'"; $sql .= " WHERE id='".Database::escape_string($_GET['id'])."'";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
// display a feedback message // display a feedback message
Display::display_confirmation_message(get_lang('TemplateEdited')); Display::display_confirmation_message(get_lang('TemplateEdited'));
@ -1244,7 +1244,7 @@ function delete_template($id)
// first we remove the image // first we remove the image
$table_system_template = Database :: get_main_table('system_template'); $table_system_template = Database :: get_main_table('system_template');
$sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($id)."'"; $sql = "SELECT * FROM $table_system_template WHERE id = '".Database::escape_string($id)."'";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$row = Database::fetch_array($result); $row = Database::fetch_array($result);
if (!empty($row['image'])) if (!empty($row['image']))
{ {
@ -1253,7 +1253,7 @@ function delete_template($id)
// now we remove it from the database // now we remove it from the database
$sql = "DELETE FROM $table_system_template WHERE id = '".Database::escape_string($id)."'"; $sql = "DELETE FROM $table_system_template WHERE id = '".Database::escape_string($id)."'";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
// display a feedback message // display a feedback message
Display::display_confirmation_message(get_lang('TemplateDeleted')); Display::display_confirmation_message(get_lang('TemplateDeleted'));

12
main/admin/special_exports.php
Unescape View File

@ -59,7 +59,7 @@ if ((isset ($_POST['action']) && $_POST['action'] == 'course_select_form') || (i
$to_group_id = 0; $to_group_id = 0;
$code_course = ''; $code_course = '';
$sql_session = "SELECT id, name FROM $tbl_session "; $sql_session = "SELECT id, name FROM $tbl_session ";
$query_session = Database::query($sql_session, __FILE__, __LINE__); $query_session = Database::query($sql_session);
$ListSession = array(); $ListSession = array();
while ($rows_session = Database::fetch_assoc($query_session)) { while ($rows_session = Database::fetch_assoc($query_session)) {
$ListSession[$rows_session['id']] = $rows_session['name']; $ListSession[$rows_session['id']] = $rows_session['name'];
@ -82,7 +82,7 @@ if ((isset ($_POST['action']) && $_POST['action'] == 'course_select_form') || (i
AND `docs`.`session_id` = '0' AND `docs`.`session_id` = '0'
AND `props`.`visibility`<>'2' AND `props`.`visibility`<>'2'
AND `props`.`to_group_id`=".$to_group_id.""; AND `props`.`to_group_id`=".$to_group_id."";
$query = Database::query($sql ,__FILE__,__LINE__); $query = Database::query($sql );
while ($rows_course_file = Database::fetch_assoc($query)) { while ($rows_course_file = Database::fetch_assoc($query)) {
$zip_folder->add($FileZip['PATH_COURSE'].$_course['directory']."/document".$rows_course_file['path'], $zip_folder->add($FileZip['PATH_COURSE'].$_course['directory']."/document".$rows_course_file['path'],
PCLZIP_OPT_ADD_PATH, $_course['directory'], PCLZIP_OPT_ADD_PATH, $_course['directory'],
@ -100,7 +100,7 @@ if ((isset ($_POST['action']) && $_POST['action'] == 'course_select_form') || (i
AND `docs`.`session_id` = '$session_id' AND `docs`.`session_id` = '$session_id'
AND `props`.`visibility`<>'2' AND `props`.`visibility`<>'2'
AND `props`.`to_group_id`=".$to_group_id.""; AND `props`.`to_group_id`=".$to_group_id."";
$query_session_doc = Database::query($sql_session_doc, __FILE__, __LINE__); $query_session_doc = Database::query($sql_session_doc);
while ($rows_course_session_file = Database::fetch_assoc($query_session_doc)) { while ($rows_course_session_file = Database::fetch_assoc($query_session_doc)) {
$zip_folder->add($FileZip['PATH_COURSE'].$_course['directory'].'/document'.$rows_course_session_file['path'], $zip_folder->add($FileZip['PATH_COURSE'].$_course['directory'].'/document'.$rows_course_session_file['path'],
PCLZIP_OPT_ADD_PATH, $_course['directory']."/".$ListSession[$session_id], PCLZIP_OPT_ADD_PATH, $_course['directory']."/".$ListSession[$session_id],
@ -194,7 +194,7 @@ function fullexportspecial(){
AND `docs`.`session_id` = '0' AND `docs`.`session_id` = '0'
AND `props`.`visibility`<>'2' AND `props`.`visibility`<>'2'
AND `props`.`to_group_id`=".$to_group_id.""; AND `props`.`to_group_id`=".$to_group_id."";
$query = Database::query($sql ,__FILE__,__LINE__); $query = Database::query($sql );
while ($rows_course_file = Database::fetch_assoc($query)) { while ($rows_course_file = Database::fetch_assoc($query)) {
$rows_course_file['path']; $rows_course_file['path'];
$zip_folder->add($FileZip['PATH_COURSE'].$_course['directory']."/document".$rows_course_file['path'], $zip_folder->add($FileZip['PATH_COURSE'].$_course['directory']."/document".$rows_course_file['path'],
@ -207,7 +207,7 @@ function fullexportspecial(){
$sql_session = "SELECT id, name, course_code FROM $tbl_session_course $sql_session = "SELECT id, name, course_code FROM $tbl_session_course
INNER JOIN $tbl_session ON id_session = id INNER JOIN $tbl_session ON id_session = id
WHERE course_code = '$code_course' "; WHERE course_code = '$code_course' ";
$query_session = Database::query($sql_session, __FILE__, __LINE__); $query_session = Database::query($sql_session);
while ($rows_session = Database::fetch_assoc($query_session)) { while ($rows_session = Database::fetch_assoc($query_session)) {
$session_id = $rows_session['id']; $session_id = $rows_session['id'];
$sql_session_doc = "SELECT path FROM $tbl_document AS docs,$tbl_property AS props $sql_session_doc = "SELECT path FROM $tbl_document AS docs,$tbl_property AS props
@ -218,7 +218,7 @@ function fullexportspecial(){
AND `docs`.`session_id` = '$session_id' AND `docs`.`session_id` = '$session_id'
AND `props`.`visibility`<>'2' AND `props`.`visibility`<>'2'
AND `props`.`to_group_id`=".$to_group_id.""; AND `props`.`to_group_id`=".$to_group_id."";
$query_session_doc = Database::query($sql_session_doc, __FILE__, __LINE__); $query_session_doc = Database::query($sql_session_doc);
while ($rows_course_session_file = Database::fetch_assoc($query_session_doc)) { while ($rows_course_session_file = Database::fetch_assoc($query_session_doc)) {
$zip_folder->add($FileZip['PATH_COURSE'].$_course['directory'].'/document'.$rows_course_session_file['path'], $zip_folder->add($FileZip['PATH_COURSE'].$_course['directory'].'/document'.$rows_course_session_file['path'],
PCLZIP_OPT_ADD_PATH, $_course['directory']."/".$rows_session['name'], PCLZIP_OPT_ADD_PATH, $_course['directory']."/".$rows_session['name'],

34
main/admin/statistics/statistics.lib.php
Unescape View File

@ -34,7 +34,7 @@ class Statistics
{ {
$sql .= " WHERE category_code = '".Database::escape_string($category_code)."'"; $sql .= " WHERE category_code = '".Database::escape_string($category_code)."'";
} }
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
return $obj->number; return $obj->number;
} }
@ -57,7 +57,7 @@ class Statistics
{ {
$sql = "SELECT COUNT(DISTINCT(cu.user_id)) AS number FROM $course_user_table cu, $course_table c WHERE cu.status = ".intval(Database::escape_string($status))." AND c.code = cu.course_code AND c.category_code = '".Database::escape_string($category_code)."'"; $sql = "SELECT COUNT(DISTINCT(cu.user_id)) AS number FROM $course_user_table cu, $course_table c WHERE cu.status = ".intval(Database::escape_string($status))." AND c.code = cu.course_code AND c.category_code = '".Database::escape_string($category_code)."'";
} }
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
return $obj->number; return $obj->number;
} }
@ -78,7 +78,7 @@ class Statistics
$sql .= " AND (user.username LIKE '%".$keyword."%' OR default_event_type LIKE '%".$keyword."%' OR default_value_type LIKE '%".$keyword."%' OR default_value LIKE '%".$keyword."%') "; $sql .= " AND (user.username LIKE '%".$keyword."%' OR default_event_type LIKE '%".$keyword."%' OR default_value_type LIKE '%".$keyword."%' OR default_value LIKE '%".$keyword."%') ";
} }
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
return $obj->total_number_of_items; return $obj->total_number_of_items;
} }
@ -113,7 +113,7 @@ class Statistics
} }
$sql .= " LIMIT $from,$number_of_items "; $sql .= " LIMIT $from,$number_of_items ";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$activities = array (); $activities = array ();
while ($row = Database::fetch_row($res)) { while ($row = Database::fetch_row($res)) {
$row[4] = api_format_date(DATE_TIME_FORMAT_LONG, strtotime($row[4])); $row[4] = api_format_date(DATE_TIME_FORMAT_LONG, strtotime($row[4]));
@ -130,7 +130,7 @@ class Statistics
{ {
$category_table = Database :: get_main_table(TABLE_MAIN_CATEGORY); $category_table = Database :: get_main_table(TABLE_MAIN_CATEGORY);
$sql = "SELECT * FROM $category_table ORDER BY tree_pos"; $sql = "SELECT * FROM $category_table ORDER BY tree_pos";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$categories = array (); $categories = array ();
while ($category = Database::fetch_object($res)) while ($category = Database::fetch_object($res))
{ {
@ -244,7 +244,7 @@ class Statistics
$sql = "SELECT DATE_FORMAT( login_date, '%w' ) AS stat_date , count( login_id ) AS number_of_logins FROM ".$table." GROUP BY stat_date ORDER BY DATE_FORMAT( login_date, '%w' ) "; $sql = "SELECT DATE_FORMAT( login_date, '%w' ) AS stat_date , count( login_id ) AS number_of_logins FROM ".$table." GROUP BY stat_date ORDER BY DATE_FORMAT( login_date, '%w' ) ";
break; break;
} }
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$result = array(); $result = array();
while($obj = Database::fetch_object($res)) while($obj = Database::fetch_object($res))
{ {
@ -277,7 +277,7 @@ class Statistics
$sql[get_lang('Total')] = "SELECT count(login_user_id) AS number FROM $table"; $sql[get_lang('Total')] = "SELECT count(login_user_id) AS number FROM $table";
foreach($sql as $index => $query) foreach($sql as $index => $query)
{ {
$res = Database::query($query,__FILE__,__LINE__); $res = Database::query($query);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
$total_logins[$index] = $obj->number; $total_logins[$index] = $obj->number;
} }
@ -295,7 +295,7 @@ class Statistics
$tool_names[$tool] = get_lang(ucfirst($tool), ''); $tool_names[$tool] = get_lang(ucfirst($tool), '');
} }
$sql = "SELECT access_tool, count( access_id ) AS number_of_logins FROM $table WHERE access_tool IN ('".implode("','",$tools)."') GROUP BY access_tool "; $sql = "SELECT access_tool, count( access_id ) AS number_of_logins FROM $table WHERE access_tool IN ('".implode("','",$tools)."') GROUP BY access_tool ";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$result = array(); $result = array();
while($obj = Database::fetch_object($res)) while($obj = Database::fetch_object($res))
{ {
@ -310,7 +310,7 @@ class Statistics
{ {
$table = Database::get_main_table(TABLE_MAIN_COURSE); $table = Database::get_main_table(TABLE_MAIN_COURSE);
$sql = "SELECT course_language, count( code ) AS number_of_courses FROM $table GROUP BY course_language "; $sql = "SELECT course_language, count( code ) AS number_of_courses FROM $table GROUP BY course_language ";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$result = array(); $result = array();
while($obj = Database::fetch_object($res)) while($obj = Database::fetch_object($res))
{ {
@ -325,10 +325,10 @@ class Statistics
{ {
$user_table = Database :: get_main_table(TABLE_MAIN_USER); $user_table = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT COUNT(*) AS n FROM $user_table"; $sql = "SELECT COUNT(*) AS n FROM $user_table";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$count1 = Database::fetch_object($res); $count1 = Database::fetch_object($res);
$sql = "SELECT COUNT(*) AS n FROM $user_table WHERE LENGTH(picture_uri) > 0"; $sql = "SELECT COUNT(*) AS n FROM $user_table WHERE LENGTH(picture_uri) > 0";
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$count2 = Database::fetch_object($res); $count2 = Database::fetch_object($res);
$result[get_lang('No')] = $count1->n - $count2->n; // #users without picture $result[get_lang('No')] = $count1->n - $count2->n; // #users without picture
$result[get_lang('Yes')] = $count2->n; // #users with picture $result[get_lang('Yes')] = $count2->n; // #users with picture
@ -405,13 +405,13 @@ class Statistics
$date_diff = $values['date_diff']; $date_diff = $values['date_diff'];
$table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LASTACCESS); $table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_LASTACCESS);
$sql = "SELECT * FROM $table GROUP BY access_cours_code HAVING access_cours_code <> '' AND DATEDIFF( NOW() , access_date ) <= ". $date_diff; $sql = "SELECT * FROM $table GROUP BY access_cours_code HAVING access_cours_code <> '' AND DATEDIFF( NOW() , access_date ) <= ". $date_diff;
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
$number_of_courses = Database::num_rows($res); $number_of_courses = Database::num_rows($res);
$sql .= ' ORDER BY '.$columns[$column].' '.$sql_order[$direction]; $sql .= ' ORDER BY '.$columns[$column].' '.$sql_order[$direction];
$from = ($page_nr -1) * $per_page; $from = ($page_nr -1) * $per_page;
$sql .= ' LIMIT '.$from.','.$per_page; $sql .= ' LIMIT '.$from.','.$per_page;
echo '<p>'.get_lang('LastAccess').' &gt;= '.$date_diff.' '.get_lang('Days').'</p>'; echo '<p>'.get_lang('LastAccess').' &gt;= '.$date_diff.' '.get_lang('Days').'</p>';
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
if (Database::num_rows($res) > 0) if (Database::num_rows($res) > 0)
{ {
$courses = array (); $courses = array ();
@ -434,7 +434,7 @@ class Statistics
echo get_lang('NoSearchResults'); echo get_lang('NoSearchResults');
} }
} }
/** /**
* Displays the statistics of the messages sent and received by each user in the social network * Displays the statistics of the messages sent and received by each user in the social network
* @param string Type of message sent or received * @param string Type of message sent or received
@ -454,7 +454,7 @@ class Statistics
$sql = "SELECT lastname, firstname, username, COUNT($field) AS count_message $sql = "SELECT lastname, firstname, username, COUNT($field) AS count_message
FROM ".$message_table." m LEFT JOIN ".$user_table." u ON m.$field = u.user_id FROM ".$message_table." m LEFT JOIN ".$user_table." u ON m.$field = u.user_id
GROUP BY m.$field"; GROUP BY m.$field";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$messages_sent = array(); $messages_sent = array();
while ($messages = Database::fetch_array($res)) { while ($messages = Database::fetch_array($res)) {
$users = $messages['firstname'].' '.$messages['lastname'].' ('.$messages['username'].')'; $users = $messages['firstname'].' '.$messages['lastname'].' ('.$messages['username'].')';
@ -462,7 +462,7 @@ class Statistics
} }
return $messages_sent; return $messages_sent;
} }
/** /**
* Count the number of friends for social network users * Count the number of friends for social network users
*/ */
@ -472,7 +472,7 @@ class Statistics
$sql = "SELECT lastname, firstname, username, COUNT(friend_user_id) AS count_friend $sql = "SELECT lastname, firstname, username, COUNT(friend_user_id) AS count_friend
FROM ".$user_friend_table." uf LEFT JOIN ".$user_table." u ON uf.user_id = u.user_id FROM ".$user_friend_table." uf LEFT JOIN ".$user_table." u ON uf.user_id = u.user_id
GROUP BY uf.user_id"; GROUP BY uf.user_id";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$list_friends = array(); $list_friends = array();
while ($friends = Database::fetch_array($res)) { while ($friends = Database::fetch_array($res)) {
$users = $friends['firstname'].' '.$friends['lastname'].' ('.$friends['username'].')'; $users = $friends['firstname'].' '.$friends['lastname'].' ('.$friends['username'].')';

20
main/admin/sub_language.class.php
Unescape View File

@ -52,7 +52,7 @@ class SubLanguageManager {
public static function get_all_information_of_sub_language ($parent_id,$sub_language_id) { public static function get_all_information_of_sub_language ($parent_id,$sub_language_id) {
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql='SELECT * FROM '.$tbl_admin_languages.' WHERE parent_id="'.Database::escape_string($parent_id).'" AND id="'.Database::escape_string($sub_language_id).'"'; $sql='SELECT * FROM '.$tbl_admin_languages.' WHERE parent_id="'.Database::escape_string($parent_id).'" AND id="'.Database::escape_string($sub_language_id).'"';
$rs=Database::query($sql,__FILE__,__LINE__); $rs=Database::query($sql);
$all_information=array(); $all_information=array();
while ($row=Database::fetch_array($rs,'ASSOC')) { while ($row=Database::fetch_array($rs,'ASSOC')) {
$all_information=$row; $all_information=$row;
@ -67,7 +67,7 @@ class SubLanguageManager {
public static function get_all_information_of_language ($parent_id) { public static function get_all_information_of_language ($parent_id) {
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql='SELECT * FROM '.$tbl_admin_languages.' WHERE id="'.Database::escape_string($parent_id).'"'; $sql='SELECT * FROM '.$tbl_admin_languages.' WHERE id="'.Database::escape_string($parent_id).'"';
$rs=Database::query($sql,__FILE__,__LINE__); $rs=Database::query($sql);
$all_information=array(); $all_information=array();
while ($row=Database::fetch_array($rs,'ASSOC')) { while ($row=Database::fetch_array($rs,'ASSOC')) {
$all_information=$row; $all_information=$row;
@ -130,7 +130,7 @@ class SubLanguageManager {
public static function removed_sub_language ($parent_id,$sub_language_id) { public static function removed_sub_language ($parent_id,$sub_language_id) {
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql = 'DELETE FROM '.$tbl_admin_languages.' WHERE parent_id="'.Database::escape_string($parent_id).'" AND id="'.Database::escape_string($sub_language_id).'" '; $sql = 'DELETE FROM '.$tbl_admin_languages.' WHERE parent_id="'.Database::escape_string($parent_id).'" AND id="'.Database::escape_string($sub_language_id).'" ';
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
} }
/** /**
* check if language exist by id * check if language exist by id
@ -140,7 +140,7 @@ class SubLanguageManager {
public static function check_if_exist_language_by_id ($language_id) { public static function check_if_exist_language_by_id ($language_id) {
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql='SELECT count(*) as count FROM '.$tbl_admin_languages.' WHERE id="'.Database::escape_string($language_id).'"'; $sql='SELECT count(*) as count FROM '.$tbl_admin_languages.' WHERE id="'.Database::escape_string($language_id).'"';
$rs=Database::query($sql,__FILE__,__LINE__); $rs=Database::query($sql);
if (Database::num_rows($rs)>0) { if (Database::num_rows($rs)>0) {
if (Database::result($rs,0,'count') ==1) { if (Database::result($rs,0,'count') ==1) {
return true; return true;
@ -160,7 +160,7 @@ class SubLanguageManager {
public static function get_name_of_language_by_id ($language_id) { public static function get_name_of_language_by_id ($language_id) {
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql='SELECT original_name FROM '.$tbl_admin_languages.' WHERE id="'.Database::escape_string($language_id).'"'; $sql='SELECT original_name FROM '.$tbl_admin_languages.' WHERE id="'.Database::escape_string($language_id).'"';
$rs=Database::query($sql,__FILE__,__LINE__); $rs=Database::query($sql);
if (Database::num_rows($rs)>0) { if (Database::num_rows($rs)>0) {
return Database::result($rs,0,'original_name'); return Database::result($rs,0,'original_name');
} else { } else {
@ -176,7 +176,7 @@ class SubLanguageManager {
public static function check_if_language_is_sub_language ($language_id) { public static function check_if_language_is_sub_language ($language_id) {
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql='SELECT count(*) AS count FROM '.$tbl_admin_languages.' WHERE id="'.Database::escape_string($language_id).'" AND NOT ISNULL(parent_id)'; $sql='SELECT count(*) AS count FROM '.$tbl_admin_languages.' WHERE id="'.Database::escape_string($language_id).'" AND NOT ISNULL(parent_id)';
$rs=Database::query($sql,__FILE__,__LINE__); $rs=Database::query($sql);
if (Database::num_rows($rs)>0 && Database::result($rs,'0','count')==1) { if (Database::num_rows($rs)>0 && Database::result($rs,'0','count')==1) {
return true; return true;
@ -192,7 +192,7 @@ class SubLanguageManager {
public static function check_if_language_is_father ($language_id) { public static function check_if_language_is_father ($language_id) {
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql='SELECT count(*) AS count FROM '.$tbl_admin_languages.' WHERE parent_id="'.Database::escape_string($language_id).'" AND NOT ISNULL(parent_id);'; $sql='SELECT count(*) AS count FROM '.$tbl_admin_languages.' WHERE parent_id="'.Database::escape_string($language_id).'" AND NOT ISNULL(parent_id);';
$rs=Database::query($sql,__FILE__,__LINE__); $rs=Database::query($sql);
if (Database::num_rows($rs)>0 && Database::result($rs,'0','count')==1) { if (Database::num_rows($rs)>0 && Database::result($rs,'0','count')==1) {
return true; return true;
@ -208,7 +208,7 @@ class SubLanguageManager {
public static function make_unavailable_language ($language_id) { public static function make_unavailable_language ($language_id) {
$tbl_admin_languages= Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages= Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql_make_unavailable = "UPDATE $tbl_admin_languages SET available='0' WHERE id='".Database::escape_string($language_id)."'"; $sql_make_unavailable = "UPDATE $tbl_admin_languages SET available='0' WHERE id='".Database::escape_string($language_id)."'";
$result = Database::query($sql_make_unavailable,__FILE__,__LINE__); $result = Database::query($sql_make_unavailable);
} }
/** /**
* Make available the language * Make available the language
@ -218,7 +218,7 @@ class SubLanguageManager {
public static function make_available_language ($language_id) { public static function make_available_language ($language_id) {
$tbl_admin_languages= Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages= Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql_make_available = "UPDATE $tbl_admin_languages SET available='1' WHERE id='".Database::escape_string($language_id)."'"; $sql_make_available = "UPDATE $tbl_admin_languages SET available='1' WHERE id='".Database::escape_string($language_id)."'";
$result = Database::query($sql_make_available,__FILE__,__LINE__); $result = Database::query($sql_make_available);
} }
/** /**
* Set platform language * Set platform language
@ -229,7 +229,7 @@ class SubLanguageManager {
$tbl_admin_languages= Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages= Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$tbl_settings_current = Database :: get_main_table(TABLE_MAIN_SETTINGS_CURRENT); $tbl_settings_current = Database :: get_main_table(TABLE_MAIN_SETTINGS_CURRENT);
$sql_update = "SELECT english_name FROM ". $tbl_admin_languages." WHERE id='".Database::escape_string($language_id)."'"; $sql_update = "SELECT english_name FROM ". $tbl_admin_languages." WHERE id='".Database::escape_string($language_id)."'";
$result = Database::query($sql_update,__FILE__,__LINE__); $result = Database::query($sql_update);
$lang=Database::fetch_array($result); $lang=Database::fetch_array($result);
$sql_update_2 = "UPDATE ".$tbl_settings_current." SET selected_value='".$lang['english_name']."' WHERE variable='platformLanguage'"; $sql_update_2 = "UPDATE ".$tbl_settings_current." SET selected_value='".$lang['english_name']."' WHERE variable='platformLanguage'";
$result_2 = Database::query($sql_update_2); $result_2 = Database::query($sql_update_2);

10
main/admin/sub_language_add.php
Unescape View File

@ -36,7 +36,7 @@ require_once api_get_path(LIBRARY_PATH).'formvalidator/FormValidator.class.php';
function add_sub_language ($original_name,$english_name,$isocode,$sublanguage_available,$parent_id) { function add_sub_language ($original_name,$english_name,$isocode,$sublanguage_available,$parent_id) {
$tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE); $tbl_admin_languages = Database :: get_main_table(TABLE_MAIN_LANGUAGE);
$sql='INSERT INTO '.$tbl_admin_languages.'(original_name,english_name,isocode,dokeos_folder,available,parent_id) VALUES ("'.api_htmlentities($original_name).'","'.$english_name.'","'.$isocode.'","'.$english_name.'","'.$sublanguage_available.'","'.$parent_id.'")'; $sql='INSERT INTO '.$tbl_admin_languages.'(original_name,english_name,isocode,dokeos_folder,available,parent_id) VALUES ("'.api_htmlentities($original_name).'","'.$english_name.'","'.$isocode.'","'.$english_name.'","'.$sublanguage_available.'","'.$parent_id.'")';
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
} }
/** /**
* check if language exists * check if language exists
@ -46,9 +46,9 @@ function check_if_language_exist ($original_name,$english_name,$isocode,$sublang
$sql_original_name='SELECT count(*) AS count_original_name FROM '.$tbl_admin_languages.' WHERE original_name="'.Database::escape_string(api_htmlentities($original_name)).'" '; $sql_original_name='SELECT count(*) AS count_original_name FROM '.$tbl_admin_languages.' WHERE original_name="'.Database::escape_string(api_htmlentities($original_name)).'" ';
$sql_english_name='SELECT count(*) AS count_english_name FROM '.$tbl_admin_languages.' WHERE english_name="'.Database::escape_string($english_name).'" '; $sql_english_name='SELECT count(*) AS count_english_name FROM '.$tbl_admin_languages.' WHERE english_name="'.Database::escape_string($english_name).'" ';
$sql_isocode='SELECT count(*) AS count_isocode FROM '.$tbl_admin_languages.' WHERE isocode="'.Database::escape_string($isocode).'" '; $sql_isocode='SELECT count(*) AS count_isocode FROM '.$tbl_admin_languages.' WHERE isocode="'.Database::escape_string($isocode).'" ';
$rs_original_name=Database::query($sql_original_name,__FILE__,__LINE__); $rs_original_name=Database::query($sql_original_name);
$rs_english_name=Database::query($sql_english_name,__FILE__,__LINE__); $rs_english_name=Database::query($sql_english_name);
$rs_isocode=Database::query($sql_isocode,__FILE__,__LINE__); $rs_isocode=Database::query($sql_isocode);
$count_original_name=Database::result($rs_original_name,0,'count_original_name'); $count_original_name=Database::result($rs_original_name,0,'count_original_name');
$count_english_name=Database::result($rs_english_name,0,'count_english_name'); $count_english_name=Database::result($rs_english_name,0,'count_english_name');
$count_isocode=Database::result($rs_isocode,0,'count_isocode'); $count_isocode=Database::result($rs_isocode,0,'count_isocode');
@ -94,7 +94,7 @@ function check_if_exist_language_by_id ($language_id) {
*/ */
function ckeck_if_is_parent_of_sub_language ($parent_id) { function ckeck_if_is_parent_of_sub_language ($parent_id) {
$sql='SELECT count(*) AS count FROM language WHERE parent_id="'.Database::escape_string($parent_id).'"'; $sql='SELECT count(*) AS count FROM language WHERE parent_id="'.Database::escape_string($parent_id).'"';
$rs=Database::query($sql,__FILE__,__LINE__); $rs=Database::query($sql);
if (Database::num_rows($rs)>0 && Database::result($rs,0,'count')==1) { if (Database::num_rows($rs)>0 && Database::result($rs,0,'count')==1) {
return true; return true;
} else { } else {

4
main/admin/subscribe_class2course.php
Unescape View File

@ -99,10 +99,10 @@ if ($_POST['formSent'])
} }
$sql = "SELECT id,name FROM $tbl_class WHERE name LIKE '".$first_letter_class."%' ORDER BY ". (count($classes) > 0 ? "(id IN('".implode("','", $classes)."')) DESC," : "")." name"; $sql = "SELECT id,name FROM $tbl_class WHERE name LIKE '".$first_letter_class."%' ORDER BY ". (count($classes) > 0 ? "(id IN('".implode("','", $classes)."')) DESC," : "")." name";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_classes = Database::store_result($result); $db_classes = Database::store_result($result);
$sql = "SELECT code,visual_code,title FROM $tbl_course WHERE visual_code LIKE '".$first_letter_course."%' ORDER BY ". (count($courses) > 0 ? "(code IN('".implode("','", $courses)."')) DESC," : "")." visual_code"; $sql = "SELECT code,visual_code,title FROM $tbl_course WHERE visual_code LIKE '".$first_letter_course."%' ORDER BY ". (count($courses) > 0 ? "(code IN('".implode("','", $courses)."')) DESC," : "")." visual_code";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_courses = Database::store_result($result); $db_courses = Database::store_result($result);
if (!empty ($error_message)) if (!empty ($error_message))
{ {

6
main/admin/subscribe_user2class.php
Unescape View File

@ -53,7 +53,7 @@ $tbl_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$tbl_user = Database :: get_main_table(TABLE_MAIN_USER); $tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql = "SELECT name FROM $tbl_class WHERE id='$class_id'"; $sql = "SELECT name FROM $tbl_class WHERE id='$class_id'";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
if (!list ($class_name) = Database::fetch_row($result)) if (!list ($class_name) = Database::fetch_row($result))
{ {
@ -115,10 +115,10 @@ Display :: display_header($tool_name);
//api_display_tool_title($tool_name); //api_display_tool_title($tool_name);
$target_name = api_sort_by_first_name() ? 'firstname' : 'lastname'; $target_name = api_sort_by_first_name() ? 'firstname' : 'lastname';
$sql = "SELECT u.user_id,lastname,firstname,username FROM $tbl_user u LEFT JOIN $tbl_class_user cu ON u.user_id=cu.user_id AND class_id='$class_id' WHERE ".$target_name." LIKE '".$first_letter_left."%' AND class_id IS NULL ORDER BY ". (count($left_user_list) > 0 ? "(user_id IN(".implode(',', $left_user_list).")) DESC," : "")." ".$target_name; $sql = "SELECT u.user_id,lastname,firstname,username FROM $tbl_user u LEFT JOIN $tbl_class_user cu ON u.user_id=cu.user_id AND class_id='$class_id' WHERE ".$target_name." LIKE '".$first_letter_left."%' AND class_id IS NULL ORDER BY ". (count($left_user_list) > 0 ? "(user_id IN(".implode(',', $left_user_list).")) DESC," : "")." ".$target_name;
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$left_users = Database::store_result($result); $left_users = Database::store_result($result);
$sql = "SELECT u.user_id,lastname,firstname,username FROM $tbl_user u,$tbl_class_user cu WHERE cu.user_id=u.user_id AND class_id='$class_id' AND ".$target_name." LIKE '".$first_letter_right."%' ORDER BY ". (count($right_user_list) > 0 ? "(user_id IN(".implode(',', $right_user_list).")) DESC," : "")." ".$target_name; $sql = "SELECT u.user_id,lastname,firstname,username FROM $tbl_user u,$tbl_class_user cu WHERE cu.user_id=u.user_id AND class_id='$class_id' AND ".$target_name." LIKE '".$first_letter_right."%' ORDER BY ". (count($right_user_list) > 0 ? "(user_id IN(".implode(',', $right_user_list).")) DESC," : "")." ".$target_name;
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$right_users = Database::store_result($result); $right_users = Database::store_result($result);
if (!empty ($error_message)) if (!empty ($error_message))
{ {

6
main/admin/subscribe_user2course.php
Unescape View File

@ -162,7 +162,7 @@ if ($_POST['form_sent']) {
*/ */
if(empty($first_letter_user)) { if(empty($first_letter_user)) {
$sql = "SELECT count(*) as nb_users FROM $tbl_user"; $sql = "SELECT count(*) as nb_users FROM $tbl_user";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$num_row = Database::fetch_array($result); $num_row = Database::fetch_array($result);
if($num_row['nb_users']>1000) if($num_row['nb_users']>1000)
{//if there are too much users to gracefully handle with the HTML select list, {//if there are too much users to gracefully handle with the HTML select list,
@ -238,7 +238,7 @@ if ($_configuration['multiple_access_urls']==true) {
} }
} }
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_users = Database::store_result($result); $db_users = Database::store_result($result);
unset($result); unset($result);
@ -256,7 +256,7 @@ if ($_configuration['multiple_access_urls']==true) {
} }
} }
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
$db_courses = Database::store_result($result); $db_courses = Database::store_result($result);
unset($result); unset($result);

4
main/admin/user_add.php
Unescape View File

@ -358,7 +358,7 @@ if( $form->validate()) {
if ($platform_admin) { if ($platform_admin) {
$sql = "INSERT INTO $table_admin SET user_id = '".$user_id."'"; $sql = "INSERT INTO $table_admin SET user_id = '".$user_id."'";
Database::query($sql,__FILE__,__LINE__); Database::query($sql);
} }
if (!empty($email) && $send_mail) { if (!empty($email) && $send_mail) {
$recipient_name = api_get_person_name($firstname, $lastname, null, PERSON_NAME_EMAIL_ADDRESS); $recipient_name = api_get_person_name($firstname, $lastname, null, PERSON_NAME_EMAIL_ADDRESS);
@ -369,7 +369,7 @@ if( $form->validate()) {
if ($_configuration['multiple_access_urls'] == true) { if ($_configuration['multiple_access_urls'] == true) {
$access_url_id = api_get_current_access_url_id(); $access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1) { if ($access_url_id != -1) {
$url = api_get_access_url($access_url_id); $url = api_get_access_url($access_url_id);
$emailbody = get_lang('Dear')." ".stripslashes(api_get_person_name($firstname, $lastname)).",\n\n".get_lang('YouAreReg')." ".api_get_setting('siteName') ." ".get_lang('WithTheFollowingSettings')."\n\n".get_lang('Username')." : ". $username ."\n". get_lang('Pass')." : ".stripslashes($password)."\n\n" .get_lang('Address') ." ". api_get_setting('siteName') ." ". get_lang('Is') ." : ". $url['url'] ."\n\n". get_lang('Problem'). "\n\n". get_lang('Formula').",\n\n".api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n". get_lang('Manager'). " ".api_get_setting('siteName')."\nT. ".api_get_setting('administratorTelephone')."\n" .get_lang('Email') ." : ".api_get_setting('emailAdministrator'); $emailbody = get_lang('Dear')." ".stripslashes(api_get_person_name($firstname, $lastname)).",\n\n".get_lang('YouAreReg')." ".api_get_setting('siteName') ." ".get_lang('WithTheFollowingSettings')."\n\n".get_lang('Username')." : ". $username ."\n". get_lang('Pass')." : ".stripslashes($password)."\n\n" .get_lang('Address') ." ". api_get_setting('siteName') ." ". get_lang('Is') ." : ". $url['url'] ."\n\n". get_lang('Problem'). "\n\n". get_lang('Formula').",\n\n".api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'))."\n". get_lang('Manager'). " ".api_get_setting('siteName')."\nT. ".api_get_setting('administratorTelephone')."\n" .get_lang('Email') ." : ".api_get_setting('emailAdministrator');
} }

6
main/admin/user_edit.php
Unescape View File

@ -72,7 +72,7 @@ $interbreadcrumb[] = array('url' => "user_list.php","name" => get_lang('UserList
$table_user = Database::get_main_table(TABLE_MAIN_USER); $table_user = Database::get_main_table(TABLE_MAIN_USER);
$table_admin = Database::get_main_table(TABLE_MAIN_ADMIN); $table_admin = Database::get_main_table(TABLE_MAIN_ADMIN);
$sql = "SELECT u.*, a.user_id AS is_admin FROM $table_user u LEFT JOIN $table_admin a ON a.user_id = u.user_id WHERE u.user_id = '".$user_id."'"; $sql = "SELECT u.*, a.user_id AS is_admin FROM $table_user u LEFT JOIN $table_admin a ON a.user_id = u.user_id WHERE u.user_id = '".$user_id."'";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
if (Database::num_rows($res) != 1) { if (Database::num_rows($res) != 1) {
header('Location: user_list.php'); header('Location: user_list.php');
exit; exit;
@ -359,10 +359,10 @@ if ( $form->validate()) {
if ($user_id != $_SESSION['_uid']) { if ($user_id != $_SESSION['_uid']) {
if ($platform_admin == 1) { if ($platform_admin == 1) {
$sql = "INSERT IGNORE INTO $table_admin SET user_id = '".$user_id."'"; $sql = "INSERT IGNORE INTO $table_admin SET user_id = '".$user_id."'";
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
} else { } else {
$sql = "DELETE FROM $table_admin WHERE user_id = '".$user_id."'"; $sql = "DELETE FROM $table_admin WHERE user_id = '".$user_id."'";
Database::query($sql, __FILE__, __LINE__); Database::query($sql);
} }
} }

4
main/admin/user_export.php
Unescape View File

@ -67,7 +67,7 @@ if ($_configuration['multiple_access_urls']==true) {
ORDER BY visual_code"; ORDER BY visual_code";
} }
} }
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
while ($course = Database::fetch_object($result)) while ($course = Database::fetch_object($result))
{ {
$courses[$course->code] = $course->visual_code.' - '.$course->title; $courses[$course->code] = $course->visual_code.' - '.$course->title;
@ -134,7 +134,7 @@ if ($form->validate())
} }
} }
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
while($user = Database::fetch_array($res,'ASSOC')) { while($user = Database::fetch_array($res,'ASSOC')) {
$student_data= UserManager :: get_extra_user_data($user['UserId'],true,false); $student_data= UserManager :: get_extra_user_data($user['UserId'],true,false);
foreach($student_data as $key=>$value) { foreach($student_data as $key=>$value) {

16
main/admin/user_fields.php
Unescape View File

@ -319,7 +319,7 @@ function move_user_field($direction,$field_id)
$found = false; $found = false;
$sql = "SELECT id, field_order FROM $table_user_field ORDER BY field_order $sortdirection"; $sql = "SELECT id, field_order FROM $table_user_field ORDER BY field_order $sortdirection";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
while($row = Database::fetch_array($result)) while($row = Database::fetch_array($result))
{ {
if ($found) if ($found)
@ -339,8 +339,8 @@ function move_user_field($direction,$field_id)
$sql1 = "UPDATE ".$table_user_field." SET field_order = '".Database::escape_string($next_order)."' WHERE id = '".Database::escape_string($this_id)."'"; $sql1 = "UPDATE ".$table_user_field." SET field_order = '".Database::escape_string($next_order)."' WHERE id = '".Database::escape_string($this_id)."'";
$sql2 = "UPDATE ".$table_user_field." SET field_order = '".Database::escape_string($this_order)."' WHERE id = '".Database::escape_string($next_id)."'"; $sql2 = "UPDATE ".$table_user_field." SET field_order = '".Database::escape_string($this_order)."' WHERE id = '".Database::escape_string($next_id)."'";
Database::query($sql1,__FILE__,__LINE__); Database::query($sql1);
Database::query($sql2,__FILE__,__LINE__); Database::query($sql2);
return true; return true;
} }
@ -364,26 +364,26 @@ function delete_user_fields($field_id)
// delete the fields // delete the fields
$sql = "DELETE FROM $table_user_field WHERE id = '".Database::escape_string($field_id)."'"; $sql = "DELETE FROM $table_user_field WHERE id = '".Database::escape_string($field_id)."'";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
if (Database::affected_rows() == 1) if (Database::affected_rows() == 1)
{ {
// delete the field options // delete the field options
$sql = "DELETE FROM $table_user_field_options WHERE field_id = '".Database::escape_string($field_id)."'"; $sql = "DELETE FROM $table_user_field_options WHERE field_id = '".Database::escape_string($field_id)."'";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
// delete the field values // delete the field values
$sql = "DELETE FROM $table_user_field_values WHERE field_id = '".Database::escape_string($field_id)."'"; $sql = "DELETE FROM $table_user_field_values WHERE field_id = '".Database::escape_string($field_id)."'";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
// recalculate the field_order because the value is used to show/hide the up/down icon // recalculate the field_order because the value is used to show/hide the up/down icon
// and the field_order value cannot be bigger than the number of fields // and the field_order value cannot be bigger than the number of fields
$sql = "SELECT * FROM $table_user_field ORDER BY field_order ASC"; $sql = "SELECT * FROM $table_user_field ORDER BY field_order ASC";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
$i = 1; $i = 1;
while($row = Database::fetch_array($result)) while($row = Database::fetch_array($result))
{ {
$sql_reorder = "UPDATE $table_user_field SET field_order = '".Database::escape_string($i)."' WHERE id = '".Database::escape_string($row['id'])."'"; $sql_reorder = "UPDATE $table_user_field SET field_order = '".Database::escape_string($i)."' WHERE id = '".Database::escape_string($row['id'])."'";
$result_reorder = Database::query($sql_reorder,__FILE__,__LINE__); $result_reorder = Database::query($sql_reorder);
$i++; $i++;
} }

10
main/admin/user_fields_options.php
Unescape View File

@ -132,7 +132,7 @@ function get_options_data($from, $number_of_items, $column, $direction)
id AS col2 id AS col2
FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order ASC"; FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order ASC";
$sql .= " LIMIT $from,$number_of_items"; $sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$return = array (); $return = array ();
while ($option = Database::fetch_row($res)) while ($option = Database::fetch_row($res))
{ {
@ -148,7 +148,7 @@ function get_number_of_options($from=null, $number_of_items=null, $column=null,
// The sql statement // The sql statement
$sql = "SELECT count(id) as total FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' "; $sql = "SELECT count(id) as total FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$row = Database::fetch_row($res); $row = Database::fetch_row($res);
return $row[0]; return $row[0];
} }
@ -208,7 +208,7 @@ function move_user_field_option($direction,$option_id)
$found = false; $found = false;
$sql = "SELECT id, option_order FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order $sortdirection"; $sql = "SELECT id, option_order FROM $table_userfields_options WHERE field_id='".Database::escape_string($_GET['field_id'])."' ORDER BY option_order $sortdirection";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql);
while($row = Database::fetch_array($result)) while($row = Database::fetch_array($result))
{ {
if ($found) if ($found)
@ -228,8 +228,8 @@ function move_user_field_option($direction,$option_id)
$sql1 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($next_order)."' WHERE id = '".Database::escape_string($this_id)."'"; $sql1 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($next_order)."' WHERE id = '".Database::escape_string($this_id)."'";
$sql2 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($this_order)."' WHERE id = '".Database::escape_string($next_id)."'"; $sql2 = "UPDATE ".$table_userfields_options." SET option_order = '".Database::escape_string($this_order)."' WHERE id = '".Database::escape_string($next_id)."'";
Database::query($sql1,__FILE__,__LINE__); Database::query($sql1);
Database::query($sql2,__FILE__,__LINE__); Database::query($sql2);
return true; return true;
} }

16
main/admin/user_information.php
Unescape View File

@ -113,7 +113,7 @@ $result=Database::query("SELECT DISTINCT id, name, date_start, date_end
FROM session_rel_user, session FROM session_rel_user, session
WHERE id_session=id AND id_user=$user_id WHERE id_session=id AND id_user=$user_id
AND (date_start <= NOW() AND date_end >= NOW() OR date_start='0000-00-00') AND (date_start <= NOW() AND date_end >= NOW() OR date_start='0000-00-00')
ORDER BY date_start, date_end, name",__FILE__,__LINE__); ORDER BY date_start, date_end, name");
$sessions=Database::store_result($result); $sessions=Database::store_result($result);
@ -123,7 +123,7 @@ $result=Database::query("SELECT DISTINCT id, name, date_start, date_end
INNER JOIN $tbl_session_course as session_rel_course INNER JOIN $tbl_session_course as session_rel_course
ON session_rel_course.id_coach = $user_id ON session_rel_course.id_coach = $user_id
AND (date_start <= NOW() AND date_end >= NOW() OR date_start='0000-00-00') AND (date_start <= NOW() AND date_end >= NOW() OR date_start='0000-00-00')
ORDER BY date_start, date_end, name",__FILE__,__LINE__); ORDER BY date_start, date_end, name");
$session_is_coach = Database::store_result($result); $session_is_coach = Database::store_result($result);
@ -157,16 +157,16 @@ if(count($sessions)>0){
WHERE session_course.id_session = $id_session WHERE session_course.id_session = $id_session
ORDER BY i"; ORDER BY i";
*/ */
// this query is very similar to the above query, but it will check the session_rel_course_user table if there are courses registered to our user or not // this query is very similar to the above query, but it will check the session_rel_course_user table if there are courses registered to our user or not
$personal_course_list_sql = "SELECT distinct course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, ".(api_is_western_name_order() ? "CONCAT(user.firstname,' ',user.lastname)" : "CONCAT(user.lastname,' ',user.firstname)")." t, email, course.course_language l, 1 sort, category_code user_course_cat, date_start, date_end, session.id as id_session, session.name as session_name, IF(session_course_user.id_user = 3,'2', '5') $personal_course_list_sql = "SELECT distinct course.code k, course.directory d, course.visual_code c, course.db_name db, course.title i, ".(api_is_western_name_order() ? "CONCAT(user.firstname,' ',user.lastname)" : "CONCAT(user.lastname,' ',user.firstname)")." t, email, course.course_language l, 1 sort, category_code user_course_cat, date_start, date_end, session.id as id_session, session.name as session_name, IF(session_course_user.id_user = 3,'2', '5')
FROM $tbl_session_course_user as session_course_user INNER JOIN $tbl_course AS course FROM $tbl_session_course_user as session_course_user INNER JOIN $tbl_course AS course
ON course.code = session_course_user.course_code AND session_course_user.id_session = $id_session ON course.code = session_course_user.course_code AND session_course_user.id_session = $id_session
INNER JOIN $tbl_session as session ON session_course_user.id_session = session.id INNER JOIN $tbl_session as session ON session_course_user.id_session = session.id
INNER JOIN $tbl_session_course as session_course INNER JOIN $tbl_session_course as session_course
LEFT JOIN $tbl_user as user ON user.user_id = session_course_user.id_user AND session_course_user.status = 2 LEFT JOIN $tbl_user as user ON user.user_id = session_course_user.id_user AND session_course_user.status = 2
WHERE session_course_user.id_user = $user_id ORDER BY i"; WHERE session_course_user.id_user = $user_id ORDER BY i";
$course_list_sql_result = Database::query($personal_course_list_sql, __FILE__, __LINE__); $course_list_sql_result = Database::query($personal_course_list_sql);
while ($result_row = Database::fetch_array($course_list_sql_result)){ while ($result_row = Database::fetch_array($course_list_sql_result)){
$key = $result_row['id_session'].' - '.$result_row['k']; $key = $result_row['id_session'].' - '.$result_row['k'];
@ -187,7 +187,7 @@ if(count($sessions)>0){
$tools = '<a href="course_information.php?code='.$my_course['k'].'&id_session='.$id_session.'">'.Display::return_icon('synthese_view.gif', get_lang('Overview')).'</a>'. $tools = '<a href="course_information.php?code='.$my_course['k'].'&id_session='.$id_session.'">'.Display::return_icon('synthese_view.gif', get_lang('Overview')).'</a>'.
'<a href="'.api_get_path(WEB_COURSE_PATH).$my_course['d'].'?id_session='.$id_session.'">'.Display::return_icon('course_home.gif', get_lang('CourseHomepage')).'</a>' . '<a href="'.api_get_path(WEB_COURSE_PATH).$my_course['d'].'?id_session='.$id_session.'">'.Display::return_icon('course_home.gif', get_lang('CourseHomepage')).'</a>' .
'<a href="session_course_edit.php?id_session='.$id_session.'&course_code='.$my_course['k'].'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>'; '<a href="session_course_edit.php?id_session='.$id_session.'&course_code='.$my_course['k'].'">'.Display::return_icon('edit.gif', get_lang('Edit')).'</a>';
if( $my_course->status == STUDENT ){ if( $my_course->status == STUDENT ){
$tools .= '<a href="user_information.php?action=unsubscribe&course_code='.$my_course['k'].'&user_id='.$user['user_id'].'">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>'; $tools .= '<a href="user_information.php?action=unsubscribe&course_code='.$my_course['k'].'&user_id='.$user['user_id'].'">'.Display::return_icon('delete.gif', get_lang('Delete')).'</a>';
@ -214,7 +214,7 @@ echo '</blockquote>';
* Show the courses in which this user is subscribed * Show the courses in which this user is subscribed
*/ */
$sql = 'SELECT * FROM '.$table_course_user.' cu, '.$table_course.' c WHERE cu.user_id = '.$user['user_id'].' AND cu.course_code = c.code'; $sql = 'SELECT * FROM '.$table_course_user.' cu, '.$table_course.' c WHERE cu.user_id = '.$user['user_id'].' AND cu.course_code = c.code';
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if (Database::num_rows($res) > 0) if (Database::num_rows($res) > 0)
{ {
$header=array(); $header=array();
@ -256,7 +256,7 @@ else
$table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER); $table_class_user = Database :: get_main_table(TABLE_MAIN_CLASS_USER);
$table_class = Database :: get_main_table(TABLE_MAIN_CLASS); $table_class = Database :: get_main_table(TABLE_MAIN_CLASS);
$sql = 'SELECT * FROM '.$table_class_user.' cu, '.$table_class.' c WHERE cu.user_id = '.$user['user_id'].' AND cu.class_id = c.id'; $sql = 'SELECT * FROM '.$table_class_user.' cu, '.$table_class.' c WHERE cu.user_id = '.$user['user_id'].' AND cu.class_id = c.id';
$res = Database::query($sql,__FILE__,__LINE__); $res = Database::query($sql);
if (Database::num_rows($res) > 0) if (Database::num_rows($res) > 0)
{ {
$header = array(); $header = array();

32
main/admin/user_list.php
Unescape View File

@ -162,7 +162,7 @@ function login_user($user_id) {
} }
$sql_query = "SELECT * FROM $main_user_table WHERE user_id='$user_id'"; $sql_query = "SELECT * FROM $main_user_table WHERE user_id='$user_id'";
$sql_result = Database::query($sql_query, __FILE__, __LINE__); $sql_result = Database::query($sql_query);
$result = Database :: fetch_array($sql_result); $result = Database :: fetch_array($sql_result);
// check if the user is allowed to 'login_as' // check if the user is allowed to 'login_as'
@ -202,7 +202,7 @@ function login_user($user_id) {
WHERE user.user_id = '".$user_id."'"; WHERE user.user_id = '".$user_id."'";
} }
$sql_result = Database::query($sql_query, __FILE__, __LINE__); $sql_result = Database::query($sql_query);
if (Database::num_rows($sql_result) > 0) { if (Database::num_rows($sql_result) > 0) {
@ -309,7 +309,7 @@ function get_number_of_users()
$sql.= " AND url_rel_user.access_url_id=".api_get_current_access_url_id(); $sql.= " AND url_rel_user.access_url_id=".api_get_current_access_url_id();
} }
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$obj = Database::fetch_object($res); $obj = Database::fetch_object($res);
return $obj->total_number_of_items; return $obj->total_number_of_items;
} }
@ -324,7 +324,7 @@ function get_number_of_users()
function get_user_data($from, $number_of_items, $column, $direction) function get_user_data($from, $number_of_items, $column, $direction)
{ {
global $_configuration,$origin; global $_configuration,$origin;
$user_table = Database :: get_main_table(TABLE_MAIN_USER); $user_table = Database :: get_main_table(TABLE_MAIN_USER);
$admin_table = Database :: get_main_table(TABLE_MAIN_ADMIN); $admin_table = Database :: get_main_table(TABLE_MAIN_ADMIN);
$sql = "SELECT $sql = "SELECT
@ -343,7 +343,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
", u.expiration_date AS exp ". ", u.expiration_date AS exp ".
" FROM $user_table u "; " FROM $user_table u ";
// adding the filter to see the user's only of the current access_url // adding the filter to see the user's only of the current access_url
if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) { if ((api_is_platform_admin() || api_is_session_admin()) && $_configuration['multiple_access_urls']==true && api_get_current_access_url_id()!=-1) {
$access_url_rel_user_table= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER); $access_url_rel_user_table= Database :: get_main_table(TABLE_MAIN_ACCESS_URL_REL_USER);
$sql.= " INNER JOIN $access_url_rel_user_table url_rel_user ON (u.user_id=url_rel_user.user_id)"; $sql.= " INNER JOIN $access_url_rel_user_table url_rel_user ON (u.user_id=url_rel_user.user_id)";
@ -400,7 +400,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
$sql .= " ORDER BY col$column $direction "; $sql .= " ORDER BY col$column $direction ";
$sql .= " LIMIT $from,$number_of_items"; $sql .= " LIMIT $from,$number_of_items";
$res = Database::query($sql, __FILE__, __LINE__); $res = Database::query($sql);
$users = array (); $users = array ();
$t = time(); $t = time();
@ -412,7 +412,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
$photo = '<center><a href="'.api_get_path(WEB_PATH).'whoisonline.php?origin=user_list&id='.$user[0].'" title="'.get_lang('Info').'" ><img src="'.$user_profile['file'].'" '.$user_profile['style'].' alt="'.api_get_person_name($user[2],$user[3]).'" title="'.api_get_person_name($user[2], $user[3]).'" /></a></center>'; $photo = '<center><a href="'.api_get_path(WEB_PATH).'whoisonline.php?origin=user_list&id='.$user[0].'" title="'.get_lang('Info').'" ><img src="'.$user_profile['file'].'" '.$user_profile['style'].' alt="'.api_get_person_name($user[2],$user[3]).'" title="'.api_get_person_name($user[2], $user[3]).'" /></a></center>';
} else { } else {
$photo = '<center><img src="'.$user_profile['file'].'" '.$user_profile['style'].' alt="'.api_get_person_name($user[2], $user[3]).'" title="'.api_get_person_name($user[2], $user[3]).'" /></center>'; $photo = '<center><img src="'.$user_profile['file'].'" '.$user_profile['style'].' alt="'.api_get_person_name($user[2], $user[3]).'" title="'.api_get_person_name($user[2], $user[3]).'" /></center>';
} }
if ($user[7] == 1 && $user[9] != '0000-00-00 00:00:00') { if ($user[7] == 1 && $user[9] != '0000-00-00 00:00:00') {
// check expiration date // check expiration date
@ -422,7 +422,7 @@ function get_user_data($from, $number_of_items, $column, $direction)
$user[7] = '-1'; $user[7] = '-1';
} }
} }
// forget about the expiration date field // forget about the expiration date field
$users[] = array($user[0],$photo,$user[1],$user[2],$user[3],$user[4],$user[5],$user[6],$user[7],$user[8]); $users[] = array($user[0],$photo,$user[1],$user[2],$user[3],$user[4],$user[5],$user[6],$user[7],$user[8]);
} }
return $users; return $users;
@ -503,17 +503,17 @@ function modify_filter($user_id,$url_params,$row)
} }
if ($is_admin) { if ($is_admin) {
$result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'),array('width'=> 22, 'heigth'=> 22)); $result .= Display::return_icon('admin_star.png', get_lang('IsAdministrator'),array('width'=> 22, 'heigth'=> 22));
} else { } else {
$result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator')); $result .= Display::return_icon('admin_star_na.png', get_lang('IsNotAdministrator'));
} }
if ($row['7'] == $statusname[DRH]) { if ($row['7'] == $statusname[DRH]) {
$result .= '<a href="dashboard_add_users_to_user.php?user='.$user_id.'">'.Display::return_icon('addd.gif', get_lang('Add')).'</a>&nbsp;&nbsp;'; $result .= '<a href="dashboard_add_users_to_user.php?user='.$user_id.'">'.Display::return_icon('addd.gif', get_lang('Add')).'</a>&nbsp;&nbsp;';
$result .= '<a href="dashboard_add_courses_to_user.php?user='.$user_id.'">'.Display::return_icon('addd.gif', get_lang('Add')).'</a>&nbsp;&nbsp;'; $result .= '<a href="dashboard_add_courses_to_user.php?user='.$user_id.'">'.Display::return_icon('addd.gif', get_lang('Add')).'</a>&nbsp;&nbsp;';
$result .= '<a href="dashboard_add_users_to_sessions.php?user='.$user_id.'">'.Display::return_icon('addd.gif', get_lang('Add')).'</a>&nbsp;&nbsp;'; $result .= '<a href="dashboard_add_users_to_sessions.php?user='.$user_id.'">'.Display::return_icon('addd.gif', get_lang('Add')).'</a>&nbsp;&nbsp;';
} }
return $result; return $result;
} }
@ -573,7 +573,7 @@ function lock_unlock_user($status,$user_id)
if(($status_db=='1' OR $status_db=='0') AND is_numeric($user_id)) if(($status_db=='1' OR $status_db=='0') AND is_numeric($user_id))
{ {
$sql="UPDATE $user_table SET active='".Database::escape_string($status_db)."' WHERE user_id='".Database::escape_string($user_id)."'"; $sql="UPDATE $user_table SET active='".Database::escape_string($status_db)."' WHERE user_id='".Database::escape_string($user_id)."'";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql);
} }
if ($result) if ($result)
@ -660,7 +660,7 @@ else
// to prevent too long messages // to prevent too long messages
if ($_GET['warn'] == 'session_message'){ if ($_GET['warn'] == 'session_message'){
$_GET['warn'] = $_SESSION['session_message_import_users']; $_GET['warn'] = $_SESSION['session_message_import_users'];
} }
Display::display_warning_message(urldecode($_GET['warn']),false); Display::display_warning_message(urldecode($_GET['warn']),false);
} }
if (!empty($_GET['message'])) { if (!empty($_GET['message'])) {
@ -775,7 +775,7 @@ else
$table = new SortableTable('users', 'get_number_of_users', 'get_user_data', (api_is_western_name_order() xor api_sort_by_first_name()) ? 3 : 2); $table = new SortableTable('users', 'get_number_of_users', 'get_user_data', (api_is_western_name_order() xor api_sort_by_first_name()) ? 3 : 2);
$table->set_additional_parameters($parameters); $table->set_additional_parameters($parameters);
$table->set_header(0, '', false); $table->set_header(0, '', false);
$table->set_header(1, get_lang('Photo'), false); $table->set_header(1, get_lang('Photo'), false);
$table->set_header(2, get_lang('OfficialCode')); $table->set_header(2, get_lang('OfficialCode'));
if (api_is_western_name_order()) { if (api_is_western_name_order()) {
$table->set_header(3, get_lang('FirstName')); $table->set_header(3, get_lang('FirstName'));

Write Preview
Loading…
Cancel
Save