chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #5397 - Cleaning code in main/auth directory, pass 2. Varions corrections.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent 0f280d784d
commit ee55afb8eb
6 changed files with 155 additions and 150 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      main/auth/courses.php
  2. 39
      main/auth/inscription.php
  3. 12
      main/auth/lostPassword.php
  4. 107
      main/auth/lost_password.lib.php
  5. 128
      main/auth/my_progress.php
  6. 6
      main/auth/profile.php

13
main/auth/courses.php
Unescape View File

@ -404,7 +404,6 @@ function browse_courses_in_category() {
display_subscribe_to_courses($courses);
}
/**
* displays the form for searching for a course and the results if a query has been submitted.
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
@ -412,12 +411,12 @@ function browse_courses_in_category() {
*/
function display_search_courses() {
global $_user, $stok;
echo "<p><strong>".get_lang("SearchCourse")."</strong><br />";
echo "<p><strong>".get_lang('SearchCourse')."</strong><br />";
echo "<form class=\"course_list\" method=\"post\" action=\"".api_get_self()."?action=subscribe\">",
'<input type="hidden" name="sec_token" value="'.$stok.'">',
"<input type=\"hidden\" name=\"search_course\" value=\"1\" />",
"<input type=\"text\" name=\"search_term\" value=\"".(empty($_POST['search_term']) ? '' : Security::remove_XSS($_POST['search_term']))."\" />",
"&nbsp;<button class=\"search\" type=\"submit\">",get_lang("_search"),"</button>",
"&nbsp;<button class=\"search\" type=\"submit\">",get_lang('_search'),"</button>",
"</form>";
if (isset($_POST['search_course'])) {
echo "<p><strong>".get_lang('SearchResultsFor')." ".api_htmlentities($_POST['search_term'], ENT_QUOTES, api_get_system_encoding())."</strong><br />";
@ -724,18 +723,18 @@ function display_courses($user_id, $show_course_icons, $user_courses) {
// Step 1: We get all the categories of the user.
$tucc = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."' ORDER BY sort ASC";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result)) {
if ($show_course_icons) {
// The edit link is clicked.
if (isset($_GET['categoryid']) && $_GET['categoryid'] == $row['id']) {
// We display the edit form for the category.
echo "<tr><td colspan=\"2\" class=\"user_course_category\">";
echo "<tr><td colspan=\"2\" class=\"user_course_category\">";
echo '<a name="category'.$row['id'].'"></a>'; // display an internal anchor.
display_edit_course_category_form($row['id']);
} else {
// We simply display the title of the category.
echo "<tr><td colspan=\"2\" class=\"user_course_category\">";
echo "<tr><td colspan=\"2\" class=\"user_course_category\">";
echo '<a name="category'.$row['id'].'"></a>'; // display an internal anchor.
echo $row['title'];
}
@ -900,7 +899,7 @@ function display_course_icons($key, $number_of_courses, $course) {
echo "<form action=\"".api_get_self()."\" method=\"post\" onsubmit=\"javascript: if (!confirm('".addslashes(api_htmlentities(get_lang("ConfirmUnsubscribeFromCourse"), ENT_QUOTES, api_get_system_encoding()))."')) return false;\">";
echo '<input type="hidden" name="sec_token" value="'.$stok.'">';
echo "<input type=\"hidden\" name=\"unsubscribe\" value=\"".$course['code']."\" />";
echo '<input type="image" name="unsub" style="border-color:#fff" src="'.api_get_path(WEB_IMG_PATH).'delete.gif" title="'.get_lang('_unsubscribe').'" alt="'.get_lang('_unsubscribe').'" /></form>';
echo '<input type="image" name="unsub" style="border-color:#fff" src="'.api_get_path(WEB_IMG_PATH).'delete.gif" title="'.get_lang('_unsubscribe').'" alt="'.get_lang('_unsubscribe').'" /></form>';
} else {
display_info_text(get_lang('UnsubscribeNotAllowed'));
}

39
main/auth/inscription.php
Unescape View File

@ -58,10 +58,12 @@ Display :: display_header($tool_name);
echo '<div class="actions-title">';
echo $tool_name;
echo '</div>';
// Forbidden to self-register
if (api_get_setting('allow_registration') == 'false') {
api_not_allowed();
}
//api_display_tool_title($tool_name);
if (api_get_setting('allow_registration') == 'approval') {
Display::display_normal_message(get_lang('YourAccountHasToBeApproved'));
@ -357,7 +359,7 @@ if ($form->validate()) {
}
// creating a new user
$user_id = UserManager::create_user($values['firstname'],$values['lastname'],$values['status'],$values['email'],$values['username'],$values['pass1'],$values['official_code'], $values['language'],$values['phone'],$picture_uri);
$user_id = UserManager::create_user($values['firstname'], $values['lastname'], $values['status'], $values['email'], $values['username'], $values['pass1'], $values['official_code'], $values['language'], $values['phone'], $picture_uri);
// Terms & Conditions
if (api_get_setting('allow_terms_conditions') == 'true') {
@ -425,7 +427,7 @@ if ($form->validate()) {
// if the account has to be approved then we set the account to inactive, sent a mail to the platform admin and exit the page.
if (api_get_setting('allow_registration') == 'approval') {
$TABLE_USER= Database::get_main_table(TABLE_MAIN_USER);
$TABLE_USER = Database::get_main_table(TABLE_MAIN_USER);
// 1. set account inactive
$sql = "UPDATE ".$TABLE_USER." SET active='0' WHERE user_id='".$user_id."'";
Database::query($sql, __FILE__, __LINE__);
@ -436,9 +438,8 @@ if ($form->validate()) {
$sql_admin_list = "SELECT * FROM ".$TABLE_USER." WHERE user_id='".$row['user_id']."'";
$result_list = Database::query($sql_admin_list, __FILE__, __LINE__);
$admin_list=Database::fetch_array($result_list);
$emailto = $admin_list['email'];
$admin_list = Database::fetch_array($result_list);
$emailto = $admin_list['email'];
// 2. send mail to the platform admin
$emailfromaddr = api_get_setting('emailAdministrator');
@ -446,13 +447,18 @@ if ($form->validate()) {
$emailsubject = get_lang('ApprovalForNewAccount').': '.$values['username'];
$emailbody = get_lang('ApprovalForNewAccount')."\n";
$emailbody .= get_lang('UserName').': '.$values['username']."\n";
$emailbody .= get_lang('LastName').': '.$values['lastname']."\n";
$emailbody .= get_lang('FirstName').': '.$values['firstname']."\n";
if (api_is_western_name_order()) {
$emailbody .= get_lang('FirstName').': '.$values['firstname']."\n";
$emailbody .= get_lang('LastName').': '.$values['lastname']."\n";
} else {
$emailbody .= get_lang('LastName').': '.$values['lastname']."\n";
$emailbody .= get_lang('FirstName').': '.$values['firstname']."\n";
}
$emailbody .= get_lang('Email').': '.$values['email']."\n";
$emailbody .= get_lang('Status').': '.$values['status']."\n\n";
$emailbody .= get_lang('ManageUser').': '.api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id;
$sender_name = api_get_setting('administratorName').' '.api_get_setting('administratorSurname');
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
@api_mail('', $emailto, $emailsubject, $emailbody, $sender_name, $email_admin);
}
@ -462,7 +468,6 @@ if ($form->validate()) {
exit;
}
/*--------------------------------------
SESSION REGISTERING
--------------------------------------*/
@ -486,9 +491,9 @@ if ($form->validate()) {
EMAIL NOTIFICATION
--------------------------------------*/
if (strstr($values['email'], '@')) {
// Lets predefine some variables. Be sure to change the from address!
$recipient_name = $values['firstname'].' '.$values['lastname'];
if (strpos($values['email'], '@') !== false) {
// Let us predefine some variables. Be sure to change the from address!
$recipient_name = api_get_person_name($values['firstname'], $values['lastname']);
$email = $values['email'];
$emailfromaddr = api_get_setting('emailAdministrator');
$emailfromname = api_get_setting('siteName');
@ -496,7 +501,7 @@ if ($form->validate()) {
// The body can be as long as you wish, and any combination of text and variables
$portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']==true) {
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1 ){
$url = api_get_access_url($access_url_id);
@ -508,7 +513,7 @@ if ($form->validate()) {
// Here we are forming one large header line
// Every header must be followed by a \n except the last
$sender_name = api_get_setting('administratorName').' '.api_get_setting('administratorSurname');
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
@api_mail($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin);
}
@ -523,16 +528,16 @@ if ($form->validate()) {
$button_text = "";
if ($is_allowedCreateCourse) {
echo "<p>", get_lang('NowGoCreateYourCourse'), ".</p>\n";
$actionUrl = "../create_course/add_course.php";
$action_url = "../create_course/add_course.php";
$button_text = get_lang('CourseCreate');
} else {
echo "<p>", get_lang('NowGoChooseYourCourses'), ".</p>\n";
$actionUrl = "courses.php?action=subscribe";
$action_url = "courses.php?action=subscribe";
$button_text = get_lang('Next');
}
// ?uidReset=true&uidReq=$_user['user_id']
echo "<form action=\"", $actionUrl, "\" method=\"post\">\n", "<button type=\"submit\" class=\"next\" name=\"next\" value=\"", get_lang('Next'), "\" validationmsg=\" ", get_lang('Next'), " \">".$button_text."</button>\n", "</form><br />\n";
echo "<form action=\"", $action_url, "\" method=\"post\">\n", "<button type=\"submit\" class=\"next\" name=\"next\" value=\"", get_lang('Next'), "\" validationmsg=\" ", get_lang('Next'), " \">".$button_text."</button>\n", "</form><br />\n";
} else {
$form->display();

12
main/auth/lostPassword.php
Unescape View File

@ -34,17 +34,19 @@ $tool_name = get_lang('LostPass');
if (api_get_setting('allow_lostpassword') == 'false') {
api_not_allowed();
}
echo '<div class="actions-title">';
echo $tool_name;
echo '</div>';
if (isset ($_GET["reset"]) && isset ($_GET["id"])) {
if (isset ($_GET['reset']) && isset ($_GET['id'])) {
$msg = reset_password($_GET["reset"], $_GET["id"], true);
$msg1= '<a href="'.api_get_path(WEB_PATH).'main/auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>';
$msg1= '<a href="'.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>';
echo '<br /><br /><div class="actions" >'.$msg1.'</div>';
} else {
$form = new FormValidator('lost_password');
$form->addElement('text', 'user', get_lang('User'), array('size'=>'40'));
$form->addElement('text', 'email', get_lang('Email'), array('size'=>'40'));
@ -62,7 +64,7 @@ if (isset ($_GET["reset"]) && isset ($_GET["id"])) {
$condition = '';
if (!empty($email)) {
$condition = " AND LOWER(email) = '".mysql_real_escape_string($email)."' ";
$condition = " AND LOWER(email) = '".Database::escape_string($email)."' ";
}
$tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
@ -70,7 +72,7 @@ if (isset ($_GET["reset"]) && isset ($_GET["id"])) {
username AS loginName, password, email, status AS status,
official_code, phone, picture_uri, creator_id
FROM ".$tbl_user."
WHERE ( username = '".mysql_real_escape_string($user)."' $condition ) ";
WHERE ( username = '".Database::escape_string($user)."' $condition ) ";
$result = Database::query($query, __FILE__, __LINE__);
$num_rows = Database::num_rows($result);
@ -94,7 +96,7 @@ if (isset ($_GET["reset"]) && isset ($_GET["id"])) {
Display::display_error_message(get_lang('NoUserAccountWithThisEmailAddress'));
}
$msg .= '<a href="'.api_get_path(WEB_PATH).'main/auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>';
$msg .= '<a href="'.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>';
echo '<br /><br /><div class="actions" >'.$msg.'</div>';
} else {

107
main/auth/lost_password.lib.php
Unescape View File

@ -2,22 +2,24 @@
/* For licensing terms, see /dokeos_license.txt */
/**
* @deprecated by Ivan Tcholakov, 09-OCT-2009.
* Get email headers
*
* @return string
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
/*
function get_email_headers() {
global $charset;
$emailHeaders = "From: \"".addslashes(api_get_setting('administratorSurname')." ".api_get_setting('administratorName'))."\" <".api_get_setting('emailAdministrator').">\n";
$emailHeaders = "From: \"".addslashes(api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS))."\" <".api_get_setting('emailAdministrator').">\n";
$emailHeaders .= "Reply-To: ".api_get_setting('emailAdministrator')."\n";
$emailHeaders .= "Return-Path: ".api_get_setting('emailAdministrator')."\n";
$emailHeaders .= "X-Sender: ".api_get_setting('emailAdministrator')."\n";
$emailHeaders .= "X-Mailer: PHP / ".phpversion()."\n";
$emailHeaders .= "Content-Type: text/plain;\n\tcharset=\"".$charset."\"\n";
$emailHeaders .= "Content-Type: text/plain;\n\tcharset=\"".api_get_system_encoding()."\"\n";
$emailHeaders .= "Mime-Version: 1.0";
return $emailHeaders;
}
*/
/**
* Enter description here...
@ -43,34 +45,33 @@ function get_user_account_list($user, $reset = false, $by_username = false) {
if ($by_username) {
$secretword = get_secret_word($user["email"]);
$secret_word = get_secret_word($user['email']);
if ($reset) {
$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secretword."&id=".$user['uid'];
$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secret_word."&id=".$user['uid'];
} else {
$reset_link = get_lang('Pass')." : $user[password]";
}
$userAccountList = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
$user_account_list = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
if ($userAccountList) {
$userAccountList = "\n------------------------\n" . $userAccountList;
if ($user_account_list) {
$user_account_list = "\n------------------------\n" . $user_account_list;
}
} else {
foreach ($user as $thisUser) {
$secretword = get_secret_word($thisUser["email"]);
foreach ($user as $this_user) {
$secret_word = get_secret_word($this_user['email']);
if ($reset) {
$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secretword."&id=".$thisUser['uid'];
$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secret_word."&id=".$this_user['uid'];
} else {
$reset_link = get_lang('Pass')." : $thisUser[password]";
$reset_link = get_lang('Pass')." : $this_user[password]";
}
$userAccountList[] = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$thisUser['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
$user_account_list[] = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$this_user['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
}
if ($userAccountList) {
$userAccountList = implode("\n------------------------\n", $userAccountList);
if ($user_account_list) {
$user_account_list = implode("\n------------------------\n", $user_account_list);
}
}
} else {
@ -79,10 +80,10 @@ function get_user_account_list($user, $reset = false, $by_username = false) {
$user = $user[0];
}
$reset_link = get_lang('Pass')." : $user[password]";
$userAccountList = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".$reset_link.'';
$user_account_list = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".$reset_link.'';
}
return $userAccountList;
return $user_account_list;
}
/**
@ -92,37 +93,39 @@ function get_user_account_list($user, $reset = false, $by_username = false) {
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
function send_password_to_user($user, $by_username = false) {
global $charset;
global $_configuration;
/*
$emailHeaders = get_email_headers(); // Email Headers
$emailSubject = "[".get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
*/
$email_subject = "[".get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
if ($by_username) { // Show only for lost password
$userAccountList = get_user_account_list($user, false, $by_username); // BODY
$emailTo = $user["email"];
$user_account_list = get_user_account_list($user, false, $by_username); // BODY
$email_to = $user['email'];
} else {
$userAccountList = get_user_account_list($user); // BODY
$emailTo = $user[0]["email"];
$user_account_list = get_user_account_list($user); // BODY
$email_to = $user[0]['email'];
}
$portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1 ){
if ($access_url_id != -1 ) {
$url = api_get_access_url($access_url_id);
$portal_url = $url['url'];
}
}
$emailBody = get_lang('YourAccountParam')." ".$portal_url."\n\n$userAccountList";
$email_body = get_lang('YourAccountParam')." ".$portal_url."\n\n$user_account_list";
// SEND MESSAGE
$sender_name = get_setting('administratorName').' '.get_setting('administratorSurname');
$sender_name = api_get_person_name(get_setting('administratorName'), get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = get_setting('emailAdministrator');
if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name, $email_admin) == 1) {
if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) {
Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));
} else {
$message = get_lang('SystemUnableToSendEmailContact') . ' ' . Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
$message = get_lang('SystemUnableToSendEmailContact').' '.Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
}
}
@ -136,32 +139,34 @@ function send_password_to_user($user, $by_username = false) {
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/
function handle_encrypted_password($user, $by_username = false) {
global $charset;
global $_configuration;
/*
$emailHeaders = get_email_headers(); // Email Headers
$emailSubject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
*/
$email_subject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
if ($by_username) { // Show only for lost password
$userAccountList = get_user_account_list($user, true, $by_username); // BODY
$emailTo = $user["email"];
$user_account_list = get_user_account_list($user, true, $by_username); // BODY
$email_to = $user['email'];
} else {
$userAccountList = get_user_account_list($user, true); // BODY
$emailTo = $user[0]["email"];
$user_account_list = get_user_account_list($user, true); // BODY
$email_to = $user[0]['email'];
}
$secretword = get_secret_word($emailTo);
$emailBody = get_lang('DearUser')." :\n".get_lang("password_request")."\n\n";
$emailBody .= "-----------------------------------------------\n".$userAccountList."\n-----------------------------------------------\n\n";
$emailBody .= get_lang('PasswordEncryptedForSecurity');
$emailBody .= "\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin');
$sender_name = get_setting('administratorName').' '.get_setting('administratorSurname');
$secret_word = get_secret_word($email_to);
$email_body = get_lang('DearUser')." :\n".get_lang('password_request')."\n\n";
$email_body .= "-----------------------------------------------\n".$user_account_list."\n-----------------------------------------------\n\n";
$email_body .= get_lang('PasswordEncryptedForSecurity');
$email_body .= "\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin');
$sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator');
if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name, $email_admin) == 1) {
if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) {
Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));
} else {
$message = get_lang('SystemUnableToSendEmailContact') . ' ' . Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
$message = get_lang('SystemUnableToSendEmailContact').' '.Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
Display::display_error_message($message, false);
}
}
@ -172,7 +177,7 @@ function handle_encrypted_password($user, $by_username = false) {
*/
function get_secret_word($add) {
global $_configuration;
return $secretword = md5($_configuration['security_key'].$add);
return $secret_word = md5($_configuration['security_key'].$add);
}
/**
@ -189,21 +194,17 @@ function reset_password($secret, $id, $by_username = false) {
if ($result && $num_rows > 0) {
$user = Database::fetch_array($result);
} else {
return "Could not reset password.";
return 'Could not reset password.'; // TODO: This message has to be translated.
}
if (get_secret_word($user["email"]) == $secret) { // OK, secret word is good. Now change password and mail it.
$user["password"] = api_generate_password();
$crypted = $user["password"];
if (get_secret_word($user['email']) == $secret) { // OK, secret word is good. Now change password and mail it.
$user['password'] = api_generate_password();
$crypted = $user['password'];
$crypted = api_get_encrypted_password($crypted);
$sql = "UPDATE ".$tbl_user." SET password='$crypted' WHERE user_id=$id";
$result = Database::query($sql, __FILE__, __LINE__);
return send_password_to_user($user, $by_username);
} else {
return "Not allowed.";
return 'Not allowed.'; // TODO: This message has to be translated.
}
}

128
main/auth/my_progress.php
Unescape View File

@ -37,16 +37,16 @@ $tbl_course_quiz = Database :: get_course_table(TABLE_QUIZ_TEST);
// get course list
$sql = 'SELECT course_code FROM '.$tbl_course_user.' WHERE user_id='.intval($_user['user_id']);
$rs = Database::query($sql, __FILE__, __LINE__);
$Courses = array();
$courses = array();
while($row = Database :: fetch_array($rs)) {
$Courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']);
$courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']);
}
// get the list of sessions where the user is subscribed as student
$sql = 'SELECT DISTINCT course_code FROM '.Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER).' WHERE id_user='.intval($_user['user_id']);
$rs = Database::query($sql, __FILE__, __LINE__);
while($row = Database :: fetch_array($rs)) {
$Courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']);
$courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']);
}
echo '<div class="actions-title" >';
@ -66,7 +66,7 @@ $now = date('Y-m-d');
<th><?php echo get_lang('Progress'); ?></th>
<th><?php
echo get_lang('Score');
Display :: display_icon('info3.gif',get_lang('ScormAndLPTestTotalAverage') , array ('align' => 'absmiddle', 'hspace' => '3px'));
Display :: display_icon('info3.gif', get_lang('ScormAndLPTestTotalAverage'), array ('align' => 'absmiddle', 'hspace' => '3px'));
?></th>
<th><?php echo get_lang('LastConnexion'); ?></th>
<th><?php echo get_lang('Details'); ?></th>
@ -74,23 +74,19 @@ $now = date('Y-m-d');
<?php
$i = 0;
$totalWeighting = 0;
$totalScore = 0;
$totalItem = 0;
$totalProgress = 0;
foreach ($Courses as $enreg) {
foreach ($courses as $enreg) {
$weighting = 0;
$lastConnexion = Tracking :: get_last_connection_date_on_the_course($_user['user_id'], $enreg['code']);
$last_connection = Tracking :: get_last_connection_date_on_the_course($_user['user_id'], $enreg['code']);
$progress = Tracking :: get_avg_student_progress($_user['user_id'], $enreg['code']);
$total_time_login = Tracking :: get_time_spent_on_the_course($_user['user_id'], $enreg['code']);
$time = api_time_to_hms($total_time_login);
$pourcentageScore = Tracking :: get_average_test_scorm_and_lp ($_user['user_id'], $enreg['code']);
$percentage_score = Tracking :: get_average_test_scorm_and_lp ($_user['user_id'], $enreg['code']);
?>
<tr class='<?php echo $i?'row_odd':'row_even'; ?>'>
<td>
<?php echo api_html_entity_decode($enreg['title'], ENT_QUOTES, $charset); ?>
<?php echo api_html_entity_decode($enreg['title'], ENT_QUOTES, api_get_system_encoding()); ?>
</td>
<td align='center'>
<?php echo $time; ?>
@ -100,22 +96,22 @@ foreach ($Courses as $enreg) {
</td>
<td align='center'>
<?php
if (!is_null($pourcentageScore)) {
echo $pourcentageScore.'%';
if (!is_null($percentage_score)) {
echo $percentage_score.'%';
} else {
echo '0%';
}
?>
</td>
<td align='center' >
<?php echo $lastConnexion; ?>
<?php echo $last_connection; ?>
</td>
<td align='center'>
<a href="<?php echo api_get_self(); ?>?course=<?php echo $enreg['code']; ?>"> <?php Display::display_icon('2rightarrow.gif', get_lang('Details')); ?> </a>
</td>
</tr>
<?php
$i=$i ? 0 : 1;
$i = $i ? 0 : 1;
}
?>
</table>
@ -130,7 +126,7 @@ foreach ($Courses as $enreg) {
*/
if (isset($_GET['course'])) {
$course = Database::escape_string($_GET['course']);
$a_infosCours = CourseManager::get_course_information($course);
$course_info = CourseManager::get_course_information($course);
//get coach and session_name if there is one and if session_mode is activated
if (api_get_setting('use_session_mode') == 'true') {
@ -164,21 +160,21 @@ foreach ($Courses as $enreg) {
$sql = 'SELECT id_coach FROM '.$tbl_session_course.'
WHERE id_session='.$session_id.'
AND course_code = "'.Database::escape_string($_GET['course']).'"';
$rs = Database::query($sql,__FILE__,__LINE__);
$rs = Database::query($sql, __FILE__, __LINE__);
$session_course_coach_id = intval(Database::result($rs, 0, 0));
if ($session_course_coach_id != 0) {
$coach_infos = UserManager :: get_user_info_by_id($session_course_coach_id);
$a_infosCours['tutor_name'] = api_get_person_name($coach_infos['firstname'], $coach_infos['lastname']);
$coach_info = UserManager :: get_user_info_by_id($session_course_coach_id);
$course_info['tutor_name'] = api_get_person_name($coach_info['firstname'], $coach_info['lastname']);
}
else if($session_coach_id != 0) {
$coach_infos = UserManager :: get_user_info_by_id($session_coach_id);
$a_infosCours['tutor_name'] = api_get_person_name($coach_infos['firstname'], $coach_infos['lastname']);
$coach_info = UserManager :: get_user_info_by_id($session_coach_id);
$course_info['tutor_name'] = api_get_person_name($coach_info['firstname'], $coach_info['lastname']);
}
}
} // end if (api_get_setting('use_session_mode') == 'true')
$tableTitle = $a_infosCours['title'].' | Coach : '.$a_infosCours['tutor_name'].((!empty($session_name)) ? ' | '.get_lang('Session').' : '.$session_name : '');
$tableTitle = $course_info['title'].' | Coach : '.$course_info['tutor_name'].((!empty($session_name)) ? ' | '.get_lang('Session').' : '.$session_name : '');
?>
<table class="data_table" width="100%">
@ -194,28 +190,28 @@ foreach ($Courses as $enreg) {
<th class="head" style="color:#000"><?php echo get_lang('LastConnexion'); ?></th>
</tr>
<?php
$sqlLearnpath = "SELECT lp.name,lp.id FROM ".$a_infosCours['db_name'].".".$tbl_course_lp." AS lp";
$resultLearnpath = Database::query($sqlLearnpath);
if (Database::num_rows($resultLearnpath) > 0) {
while($a_learnpath = Database::fetch_array($resultLearnpath)) {
$progress = learnpath :: get_db_progress($a_learnpath['id'], $_user['user_id'], '%', $a_infosCours['db_name']);
$sql_learnpath = "SELECT lp.name,lp.id FROM ".$course_info['db_name'].".".$tbl_course_lp." AS lp";
$result_learnpath = Database::query($sql_learnpath, __FILE__, __LINE__);
if (Database::num_rows($result_learnpath) > 0) {
while($learnpath = Database::fetch_array($result_learnpath)) {
$progress = learnpath :: get_db_progress($learnpath['id'], $_user['user_id'], '%', $course_info['db_name']);
// calculates last connection time
$sql = 'SELECT MAX(start_time)
FROM '.$a_infosCours['db_name'].'.'.$tbl_course_lp_view_item.' AS item_view
INNER JOIN '.$a_infosCours['db_name'].'.'.$tbl_course_lp_view.' AS view
FROM '.$course_info['db_name'].'.'.$tbl_course_lp_view_item.' AS item_view
INNER JOIN '.$course_info['db_name'].'.'.$tbl_course_lp_view.' AS view
ON item_view.lp_view_id = view.id
AND view.lp_id = '.$a_learnpath['id'].'
AND view.lp_id = '.$learnpath['id'].'
AND view.user_id = '.$_user['user_id'];
$rs = Database::query($sql, __FILE__, __LINE__);
$start_time = Database::result($rs, 0, 0);
// calculates time
$sql = 'SELECT SUM(total_time)
FROM '.$a_infosCours['db_name'].'.'.$tbl_course_lp_view_item.' AS item_view
INNER JOIN '.$a_infosCours['db_name'].'.'.$tbl_course_lp_view.' AS view
FROM '.$course_info['db_name'].'.'.$tbl_course_lp_view_item.' AS item_view
INNER JOIN '.$course_info['db_name'].'.'.$tbl_course_lp_view.' AS view
ON item_view.lp_view_id = view.id
AND view.lp_id = '.$a_learnpath['id'].'
AND view.lp_id = '.$learnpath['id'].'
AND view.user_id = '.$_user['user_id'];
$rs = Database::query($sql, __FILE__, __LINE__);
$total_time = Database::result($rs, 0, 0);
@ -224,7 +220,7 @@ foreach ($Courses as $enreg) {
echo "<tr>
<td>
";
echo stripslashes($a_learnpath['name']);
echo stripslashes($learnpath['name']);
echo " </td>
<td align='center'>
";
@ -237,7 +233,7 @@ foreach ($Courses as $enreg) {
<td align='center' width=180px >
";
if ($start_time != '') {
echo $lastConnexion;
echo $last_connection;
} else {
echo '-';
}
@ -265,72 +261,72 @@ foreach ($Courses as $enreg) {
<?php
$sql='SELECT visibility FROM '.$a_infosCours['db_name'].'.'.TABLE_TOOL_LIST.' WHERE name="quiz"';
$resultVisibilityTests = Database::query($sql);
$sql = 'SELECT visibility FROM '.$course_info['db_name'].'.'.TABLE_TOOL_LIST.' WHERE name="quiz"';
$result_visibility_tests = Database::query($sql, __FILE__, __LINE__);
if (Database::result($resultVisibilityTests,0,'visibility')==1) {
$sqlExercices = " SELECT quiz.title,id, results_disabled
FROM ".$a_infosCours['db_name'].".".$tbl_course_quiz." AS quiz
if (Database::result($result_visibility_tests, 0, 'visibility') == 1) {
$sql_exercices = " SELECT quiz.title,id, results_disabled
FROM ".$course_info['db_name'].".".$tbl_course_quiz." AS quiz
WHERE active='1'";
$resuktExercices = Database::query($sqlExercices);
if (Database::num_rows($resuktExercices)>0) {
while ($a_exercices = Database::fetch_array($resuktExercices)) {
$sqlEssais = " SELECT COUNT(ex.exe_id) as essais
$result_exercices = Database::query($sql_exercices, __FILE__, __LINE__);
if (Database::num_rows($result_exercices) > 0) {
while ($exercices = Database::fetch_array($result_exercices)) {
$sql_essais = " SELECT COUNT(ex.exe_id) as essais
FROM $tbl_stats_exercices AS ex
WHERE ex.exe_user_id='".$_user['user_id']."' AND ex.exe_cours_id = '".$a_infosCours['code']."'
AND ex.exe_exo_id = ".$a_exercices['id']."
WHERE ex.exe_user_id='".$_user['user_id']."' AND ex.exe_cours_id = '".$course_info['code']."'
AND ex.exe_exo_id = ".$exercices['id']."
AND orig_lp_id = 0
AND orig_lp_item_id = 0 "
;
$resultEssais = Database::query($sqlEssais);
$a_essais = Database::fetch_array($resultEssais);
$result_essais = Database::query($sql_essais , __FILE__, __LINE__);
$essais = Database::fetch_array($result_essais);
$sqlScore = "SELECT exe_id , exe_result,exe_weighting
$sql_score = "SELECT exe_id , exe_result,exe_weighting
FROM $tbl_stats_exercices
WHERE exe_user_id = ".$_user['user_id']."
AND exe_cours_id = '".$a_infosCours['code']."'
AND exe_exo_id = ".$a_exercices['id']."
AND exe_cours_id = '".$course_info['code']."'
AND exe_exo_id = ".$exercices['id']."
AND orig_lp_id = 0
AND orig_lp_item_id = 0
ORDER BY exe_date DESC LIMIT 1";
$resultScore = Database::query($sqlScore);
$result_score = Database::query($sql_score, __FILE__, __LINE__);
$score = 0;
while($a_score = Database::fetch_array($resultScore)) {
$score = $score + $a_score['exe_result'];
$weighting = $weighting + $a_score['exe_weighting'];
$exe_id = $a_score['exe_id'];
while($current_score = Database::fetch_array($result_score)) {
$score = $score + $current_score['exe_result'];
$weighting = $weighting + $current_score['exe_weighting'];
$exe_id = $current_score['exe_id'];
}
if ($weighting > 0) {
// i.e 10.50%
$pourcentageScore = round(($score * 100) / $weighting, 2);
$percentage_score = round(($score * 100) / $weighting, 2);
} else {
$pourcentageScore = 0;
$percentage_score = 0;
}
$weighting = 0;
echo '<tr>
<td>';
echo $a_exercices['title'];
echo $exercices['title'];
echo '</td>';
if ($a_exercices['results_disabled'] == 0) {
if ($exercices['results_disabled'] == 0) {
echo '<td align="center">';
if ($a_essais['essais'] > 0) {
echo $pourcentageScore.'%';
if ($essais['essais'] > 0) {
echo $percentage_score.'%';
} else {
echo '/';
}
echo '</td>';
echo '<td align="center">';
echo $a_essais['essais'];
echo $essais['essais'];
echo '</td>
<td align="center" width="25">';
if ($a_essais['essais'] > 0) {
echo '<a href="../exercice/exercise_show.php?origin=myprogress&id='.$exe_id.'&cidReq='.$a_infosCours['code'].'&id_session='.Security::remove_XSS($_GET['id_session']).'"> '.Display::return_icon('quiz.gif', get_lang('Quiz')).' </a>';
if ($essais['essais'] > 0) {
echo '<a href="../exercice/exercise_show.php?origin=myprogress&id='.$exe_id.'&cidReq='.$course_info['code'].'&id_session='.Security::remove_XSS($_GET['id_session']).'"> '.Display::return_icon('quiz.gif', get_lang('Quiz')).' </a>';
}
echo '</td>';
} else {

6
main/auth/profile.php
Unescape View File

@ -452,7 +452,9 @@ function upload_user_production($user_id) {
$production_repository = $image_path['dir'].$user_id.'/';
if (!file_exists($production_repository)) {
mkpath($production_repository);
$perm = api_get_setting('permissions_for_new_directories');
$perm = octdec(!empty($perm) ? $perm : '0770');
@mkdir($production_repository, $perm, true);
}
$filename = replace_dangerous_char($_FILES['production']['name']);
@ -717,7 +719,7 @@ if (api_get_setting('allow_message_tool') == 'true') {
echo '</div><br />';
}
}*/
echo '<img src="../img/delete.gif" alt="'.get_lang('Close').'" title="'.get_lang('Close').'" class="message-delete" />';
echo '<img src="'.api_get_path(WEB_IMG_PATH).'delete.gif" alt="'.get_lang('Close').'" title="'.get_lang('Close').'" class="message-delete" />';
if ($number_of_new_messages_of_friend > 0) {
echo '<br />';
}

Write Preview
Loading…
Cancel
Save