chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #5397 - Cleaning code in main/auth directory, pass 2. Varions corrections.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent 0f280d784d
commit ee55afb8eb
6 changed files with 155 additions and 150 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 13
      main/auth/courses.php
  2. 39
      main/auth/inscription.php
  3. 12
      main/auth/lostPassword.php
  4. 107
      main/auth/lost_password.lib.php
  5. 128
      main/auth/my_progress.php
  6. 6
      main/auth/profile.php

13
main/auth/courses.php
Unescape View File

@ -404,7 +404,6 @@ function browse_courses_in_category() {
display_subscribe_to_courses($courses); display_subscribe_to_courses($courses);
} }
/** /**
* displays the form for searching for a course and the results if a query has been submitted. * displays the form for searching for a course and the results if a query has been submitted.
* @author Patrick Cool <patrick.cool@UGent.be>, Ghent University * @author Patrick Cool <patrick.cool@UGent.be>, Ghent University
@ -412,12 +411,12 @@ function browse_courses_in_category() {
*/ */
function display_search_courses() { function display_search_courses() {
global $_user, $stok; global $_user, $stok;
echo "<p><strong>".get_lang("SearchCourse")."</strong><br />"; echo "<p><strong>".get_lang('SearchCourse')."</strong><br />";
echo "<form class=\"course_list\" method=\"post\" action=\"".api_get_self()."?action=subscribe\">", echo "<form class=\"course_list\" method=\"post\" action=\"".api_get_self()."?action=subscribe\">",
'<input type="hidden" name="sec_token" value="'.$stok.'">', '<input type="hidden" name="sec_token" value="'.$stok.'">',
"<input type=\"hidden\" name=\"search_course\" value=\"1\" />", "<input type=\"hidden\" name=\"search_course\" value=\"1\" />",
"<input type=\"text\" name=\"search_term\" value=\"".(empty($_POST['search_term']) ? '' : Security::remove_XSS($_POST['search_term']))."\" />", "<input type=\"text\" name=\"search_term\" value=\"".(empty($_POST['search_term']) ? '' : Security::remove_XSS($_POST['search_term']))."\" />",
"&nbsp;<button class=\"search\" type=\"submit\">",get_lang("_search"),"</button>", "&nbsp;<button class=\"search\" type=\"submit\">",get_lang('_search'),"</button>",
"</form>"; "</form>";
if (isset($_POST['search_course'])) { if (isset($_POST['search_course'])) {
echo "<p><strong>".get_lang('SearchResultsFor')." ".api_htmlentities($_POST['search_term'], ENT_QUOTES, api_get_system_encoding())."</strong><br />"; echo "<p><strong>".get_lang('SearchResultsFor')." ".api_htmlentities($_POST['search_term'], ENT_QUOTES, api_get_system_encoding())."</strong><br />";
@ -724,18 +723,18 @@ function display_courses($user_id, $show_course_icons, $user_courses) {
// Step 1: We get all the categories of the user. // Step 1: We get all the categories of the user.
$tucc = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY); $tucc = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."' ORDER BY sort ASC"; $sql = "SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."' ORDER BY sort ASC";
$result = Database::query($sql,__FILE__,__LINE__); $result = Database::query($sql, __FILE__, __LINE__);
while ($row = Database::fetch_array($result)) { while ($row = Database::fetch_array($result)) {
if ($show_course_icons) { if ($show_course_icons) {
// The edit link is clicked. // The edit link is clicked.
if (isset($_GET['categoryid']) && $_GET['categoryid'] == $row['id']) { if (isset($_GET['categoryid']) && $_GET['categoryid'] == $row['id']) {
// We display the edit form for the category. // We display the edit form for the category.
echo "<tr><td colspan=\"2\" class=\"user_course_category\">"; echo "<tr><td colspan=\"2\" class=\"user_course_category\">";
echo '<a name="category'.$row['id'].'"></a>'; // display an internal anchor. echo '<a name="category'.$row['id'].'"></a>'; // display an internal anchor.
display_edit_course_category_form($row['id']); display_edit_course_category_form($row['id']);
} else { } else {
// We simply display the title of the category. // We simply display the title of the category.
echo "<tr><td colspan=\"2\" class=\"user_course_category\">"; echo "<tr><td colspan=\"2\" class=\"user_course_category\">";
echo '<a name="category'.$row['id'].'"></a>'; // display an internal anchor. echo '<a name="category'.$row['id'].'"></a>'; // display an internal anchor.
echo $row['title']; echo $row['title'];
} }
@ -900,7 +899,7 @@ function display_course_icons($key, $number_of_courses, $course) {
echo "<form action=\"".api_get_self()."\" method=\"post\" onsubmit=\"javascript: if (!confirm('".addslashes(api_htmlentities(get_lang("ConfirmUnsubscribeFromCourse"), ENT_QUOTES, api_get_system_encoding()))."')) return false;\">"; echo "<form action=\"".api_get_self()."\" method=\"post\" onsubmit=\"javascript: if (!confirm('".addslashes(api_htmlentities(get_lang("ConfirmUnsubscribeFromCourse"), ENT_QUOTES, api_get_system_encoding()))."')) return false;\">";
echo '<input type="hidden" name="sec_token" value="'.$stok.'">'; echo '<input type="hidden" name="sec_token" value="'.$stok.'">';
echo "<input type=\"hidden\" name=\"unsubscribe\" value=\"".$course['code']."\" />"; echo "<input type=\"hidden\" name=\"unsubscribe\" value=\"".$course['code']."\" />";
echo '<input type="image" name="unsub" style="border-color:#fff" src="'.api_get_path(WEB_IMG_PATH).'delete.gif" title="'.get_lang('_unsubscribe').'" alt="'.get_lang('_unsubscribe').'" /></form>'; echo '<input type="image" name="unsub" style="border-color:#fff" src="'.api_get_path(WEB_IMG_PATH).'delete.gif" title="'.get_lang('_unsubscribe').'" alt="'.get_lang('_unsubscribe').'" /></form>';
} else { } else {
display_info_text(get_lang('UnsubscribeNotAllowed')); display_info_text(get_lang('UnsubscribeNotAllowed'));
} }

39
main/auth/inscription.php
Unescape View File

@ -58,10 +58,12 @@ Display :: display_header($tool_name);
echo '<div class="actions-title">'; echo '<div class="actions-title">';
echo $tool_name; echo $tool_name;
echo '</div>'; echo '</div>';
// Forbidden to self-register // Forbidden to self-register
if (api_get_setting('allow_registration') == 'false') { if (api_get_setting('allow_registration') == 'false') {
api_not_allowed(); api_not_allowed();
} }
//api_display_tool_title($tool_name); //api_display_tool_title($tool_name);
if (api_get_setting('allow_registration') == 'approval') { if (api_get_setting('allow_registration') == 'approval') {
Display::display_normal_message(get_lang('YourAccountHasToBeApproved')); Display::display_normal_message(get_lang('YourAccountHasToBeApproved'));
@ -357,7 +359,7 @@ if ($form->validate()) {
} }
// creating a new user // creating a new user
$user_id = UserManager::create_user($values['firstname'],$values['lastname'],$values['status'],$values['email'],$values['username'],$values['pass1'],$values['official_code'], $values['language'],$values['phone'],$picture_uri); $user_id = UserManager::create_user($values['firstname'], $values['lastname'], $values['status'], $values['email'], $values['username'], $values['pass1'], $values['official_code'], $values['language'], $values['phone'], $picture_uri);
// Terms & Conditions // Terms & Conditions
if (api_get_setting('allow_terms_conditions') == 'true') { if (api_get_setting('allow_terms_conditions') == 'true') {
@ -425,7 +427,7 @@ if ($form->validate()) {
// if the account has to be approved then we set the account to inactive, sent a mail to the platform admin and exit the page. // if the account has to be approved then we set the account to inactive, sent a mail to the platform admin and exit the page.
if (api_get_setting('allow_registration') == 'approval') { if (api_get_setting('allow_registration') == 'approval') {
$TABLE_USER= Database::get_main_table(TABLE_MAIN_USER); $TABLE_USER = Database::get_main_table(TABLE_MAIN_USER);
// 1. set account inactive // 1. set account inactive
$sql = "UPDATE ".$TABLE_USER." SET active='0' WHERE user_id='".$user_id."'"; $sql = "UPDATE ".$TABLE_USER." SET active='0' WHERE user_id='".$user_id."'";
Database::query($sql, __FILE__, __LINE__); Database::query($sql, __FILE__, __LINE__);
@ -436,9 +438,8 @@ if ($form->validate()) {
$sql_admin_list = "SELECT * FROM ".$TABLE_USER." WHERE user_id='".$row['user_id']."'"; $sql_admin_list = "SELECT * FROM ".$TABLE_USER." WHERE user_id='".$row['user_id']."'";
$result_list = Database::query($sql_admin_list, __FILE__, __LINE__); $result_list = Database::query($sql_admin_list, __FILE__, __LINE__);
$admin_list=Database::fetch_array($result_list); $admin_list = Database::fetch_array($result_list);
$emailto = $admin_list['email']; $emailto = $admin_list['email'];
// 2. send mail to the platform admin // 2. send mail to the platform admin
$emailfromaddr = api_get_setting('emailAdministrator'); $emailfromaddr = api_get_setting('emailAdministrator');
@ -446,13 +447,18 @@ if ($form->validate()) {
$emailsubject = get_lang('ApprovalForNewAccount').': '.$values['username']; $emailsubject = get_lang('ApprovalForNewAccount').': '.$values['username'];
$emailbody = get_lang('ApprovalForNewAccount')."\n"; $emailbody = get_lang('ApprovalForNewAccount')."\n";
$emailbody .= get_lang('UserName').': '.$values['username']."\n"; $emailbody .= get_lang('UserName').': '.$values['username']."\n";
$emailbody .= get_lang('LastName').': '.$values['lastname']."\n"; if (api_is_western_name_order()) {
$emailbody .= get_lang('FirstName').': '.$values['firstname']."\n"; $emailbody .= get_lang('FirstName').': '.$values['firstname']."\n";
$emailbody .= get_lang('LastName').': '.$values['lastname']."\n";
} else {
$emailbody .= get_lang('LastName').': '.$values['lastname']."\n";
$emailbody .= get_lang('FirstName').': '.$values['firstname']."\n";
}
$emailbody .= get_lang('Email').': '.$values['email']."\n"; $emailbody .= get_lang('Email').': '.$values['email']."\n";
$emailbody .= get_lang('Status').': '.$values['status']."\n\n"; $emailbody .= get_lang('Status').': '.$values['status']."\n\n";
$emailbody .= get_lang('ManageUser').': '.api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id; $emailbody .= get_lang('ManageUser').': '.api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user_id;
$sender_name = api_get_setting('administratorName').' '.api_get_setting('administratorSurname'); $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator'); $email_admin = api_get_setting('emailAdministrator');
@api_mail('', $emailto, $emailsubject, $emailbody, $sender_name, $email_admin); @api_mail('', $emailto, $emailsubject, $emailbody, $sender_name, $email_admin);
} }
@ -462,7 +468,6 @@ if ($form->validate()) {
exit; exit;
} }
/*-------------------------------------- /*--------------------------------------
SESSION REGISTERING SESSION REGISTERING
--------------------------------------*/ --------------------------------------*/
@ -486,9 +491,9 @@ if ($form->validate()) {
EMAIL NOTIFICATION EMAIL NOTIFICATION
--------------------------------------*/ --------------------------------------*/
if (strstr($values['email'], '@')) { if (strpos($values['email'], '@') !== false) {
// Lets predefine some variables. Be sure to change the from address! // Let us predefine some variables. Be sure to change the from address!
$recipient_name = $values['firstname'].' '.$values['lastname']; $recipient_name = api_get_person_name($values['firstname'], $values['lastname']);
$email = $values['email']; $email = $values['email'];
$emailfromaddr = api_get_setting('emailAdministrator'); $emailfromaddr = api_get_setting('emailAdministrator');
$emailfromname = api_get_setting('siteName'); $emailfromname = api_get_setting('siteName');
@ -496,7 +501,7 @@ if ($form->validate()) {
// The body can be as long as you wish, and any combination of text and variables // The body can be as long as you wish, and any combination of text and variables
$portal_url = $_configuration['root_web']; $portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']==true) { if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id(); $access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1 ){ if ($access_url_id != -1 ){
$url = api_get_access_url($access_url_id); $url = api_get_access_url($access_url_id);
@ -508,7 +513,7 @@ if ($form->validate()) {
// Here we are forming one large header line // Here we are forming one large header line
// Every header must be followed by a \n except the last // Every header must be followed by a \n except the last
$sender_name = api_get_setting('administratorName').' '.api_get_setting('administratorSurname'); $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator'); $email_admin = api_get_setting('emailAdministrator');
@api_mail($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin); @api_mail($recipient_name, $email, $emailsubject, $emailbody, $sender_name, $email_admin);
} }
@ -523,16 +528,16 @@ if ($form->validate()) {
$button_text = ""; $button_text = "";
if ($is_allowedCreateCourse) { if ($is_allowedCreateCourse) {
echo "<p>", get_lang('NowGoCreateYourCourse'), ".</p>\n"; echo "<p>", get_lang('NowGoCreateYourCourse'), ".</p>\n";
$actionUrl = "../create_course/add_course.php"; $action_url = "../create_course/add_course.php";
$button_text = get_lang('CourseCreate'); $button_text = get_lang('CourseCreate');
} else { } else {
echo "<p>", get_lang('NowGoChooseYourCourses'), ".</p>\n"; echo "<p>", get_lang('NowGoChooseYourCourses'), ".</p>\n";
$actionUrl = "courses.php?action=subscribe"; $action_url = "courses.php?action=subscribe";
$button_text = get_lang('Next'); $button_text = get_lang('Next');
} }
// ?uidReset=true&uidReq=$_user['user_id'] // ?uidReset=true&uidReq=$_user['user_id']
echo "<form action=\"", $actionUrl, "\" method=\"post\">\n", "<button type=\"submit\" class=\"next\" name=\"next\" value=\"", get_lang('Next'), "\" validationmsg=\" ", get_lang('Next'), " \">".$button_text."</button>\n", "</form><br />\n"; echo "<form action=\"", $action_url, "\" method=\"post\">\n", "<button type=\"submit\" class=\"next\" name=\"next\" value=\"", get_lang('Next'), "\" validationmsg=\" ", get_lang('Next'), " \">".$button_text."</button>\n", "</form><br />\n";
} else { } else {
$form->display(); $form->display();

12
main/auth/lostPassword.php
Unescape View File

@ -34,17 +34,19 @@ $tool_name = get_lang('LostPass');
if (api_get_setting('allow_lostpassword') == 'false') { if (api_get_setting('allow_lostpassword') == 'false') {
api_not_allowed(); api_not_allowed();
} }
echo '<div class="actions-title">'; echo '<div class="actions-title">';
echo $tool_name; echo $tool_name;
echo '</div>'; echo '</div>';
if (isset ($_GET["reset"]) && isset ($_GET["id"])) { if (isset ($_GET['reset']) && isset ($_GET['id'])) {
$msg = reset_password($_GET["reset"], $_GET["id"], true); $msg = reset_password($_GET["reset"], $_GET["id"], true);
$msg1= '<a href="'.api_get_path(WEB_PATH).'main/auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>'; $msg1= '<a href="'.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>';
echo '<br /><br /><div class="actions" >'.$msg1.'</div>'; echo '<br /><br /><div class="actions" >'.$msg1.'</div>';
} else { } else {
$form = new FormValidator('lost_password'); $form = new FormValidator('lost_password');
$form->addElement('text', 'user', get_lang('User'), array('size'=>'40')); $form->addElement('text', 'user', get_lang('User'), array('size'=>'40'));
$form->addElement('text', 'email', get_lang('Email'), array('size'=>'40')); $form->addElement('text', 'email', get_lang('Email'), array('size'=>'40'));
@ -62,7 +64,7 @@ if (isset ($_GET["reset"]) && isset ($_GET["id"])) {
$condition = ''; $condition = '';
if (!empty($email)) { if (!empty($email)) {
$condition = " AND LOWER(email) = '".mysql_real_escape_string($email)."' "; $condition = " AND LOWER(email) = '".Database::escape_string($email)."' ";
} }
$tbl_user = Database :: get_main_table(TABLE_MAIN_USER); $tbl_user = Database :: get_main_table(TABLE_MAIN_USER);
@ -70,7 +72,7 @@ if (isset ($_GET["reset"]) && isset ($_GET["id"])) {
username AS loginName, password, email, status AS status, username AS loginName, password, email, status AS status,
official_code, phone, picture_uri, creator_id official_code, phone, picture_uri, creator_id
FROM ".$tbl_user." FROM ".$tbl_user."
WHERE ( username = '".mysql_real_escape_string($user)."' $condition ) "; WHERE ( username = '".Database::escape_string($user)."' $condition ) ";
$result = Database::query($query, __FILE__, __LINE__); $result = Database::query($query, __FILE__, __LINE__);
$num_rows = Database::num_rows($result); $num_rows = Database::num_rows($result);
@ -94,7 +96,7 @@ if (isset ($_GET["reset"]) && isset ($_GET["id"])) {
Display::display_error_message(get_lang('NoUserAccountWithThisEmailAddress')); Display::display_error_message(get_lang('NoUserAccountWithThisEmailAddress'));
} }
$msg .= '<a href="'.api_get_path(WEB_PATH).'main/auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>'; $msg .= '<a href="'.api_get_path(WEB_CODE_PATH).'auth/lostPassword.php" class="fake_button_back" >'.get_lang('Back').'</a>';
echo '<br /><br /><div class="actions" >'.$msg.'</div>'; echo '<br /><br /><div class="actions" >'.$msg.'</div>';
} else { } else {

107
main/auth/lost_password.lib.php
Unescape View File

@ -2,22 +2,24 @@
/* For licensing terms, see /dokeos_license.txt */ /* For licensing terms, see /dokeos_license.txt */
/** /**
* @deprecated by Ivan Tcholakov, 09-OCT-2009.
* Get email headers * Get email headers
* *
* @return string * @return string
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/ */
/*
function get_email_headers() { function get_email_headers() {
global $charset; $emailHeaders = "From: \"".addslashes(api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS))."\" <".api_get_setting('emailAdministrator').">\n";
$emailHeaders = "From: \"".addslashes(api_get_setting('administratorSurname')." ".api_get_setting('administratorName'))."\" <".api_get_setting('emailAdministrator').">\n";
$emailHeaders .= "Reply-To: ".api_get_setting('emailAdministrator')."\n"; $emailHeaders .= "Reply-To: ".api_get_setting('emailAdministrator')."\n";
$emailHeaders .= "Return-Path: ".api_get_setting('emailAdministrator')."\n"; $emailHeaders .= "Return-Path: ".api_get_setting('emailAdministrator')."\n";
$emailHeaders .= "X-Sender: ".api_get_setting('emailAdministrator')."\n"; $emailHeaders .= "X-Sender: ".api_get_setting('emailAdministrator')."\n";
$emailHeaders .= "X-Mailer: PHP / ".phpversion()."\n"; $emailHeaders .= "X-Mailer: PHP / ".phpversion()."\n";
$emailHeaders .= "Content-Type: text/plain;\n\tcharset=\"".$charset."\"\n"; $emailHeaders .= "Content-Type: text/plain;\n\tcharset=\"".api_get_system_encoding()."\"\n";
$emailHeaders .= "Mime-Version: 1.0"; $emailHeaders .= "Mime-Version: 1.0";
return $emailHeaders; return $emailHeaders;
} }
*/
/** /**
* Enter description here... * Enter description here...
@ -43,34 +45,33 @@ function get_user_account_list($user, $reset = false, $by_username = false) {
if ($by_username) { if ($by_username) {
$secretword = get_secret_word($user["email"]); $secret_word = get_secret_word($user['email']);
if ($reset) { if ($reset) {
$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secretword."&id=".$user['uid']; $reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secret_word."&id=".$user['uid'];
} else { } else {
$reset_link = get_lang('Pass')." : $user[password]"; $reset_link = get_lang('Pass')." : $user[password]";
} }
$userAccountList = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.''; $user_account_list = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
if ($userAccountList) { if ($user_account_list) {
$userAccountList = "\n------------------------\n" . $userAccountList; $user_account_list = "\n------------------------\n" . $user_account_list;
} }
} else { } else {
foreach ($user as $thisUser) { foreach ($user as $this_user) {
$secretword = get_secret_word($thisUser["email"]); $secret_word = get_secret_word($this_user['email']);
if ($reset) { if ($reset) {
$reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secretword."&id=".$thisUser['uid']; $reset_link = $portal_url."main/auth/lostPassword.php?reset=".$secret_word."&id=".$this_user['uid'];
} else { } else {
$reset_link = get_lang('Pass')." : $thisUser[password]"; $reset_link = get_lang('Pass')." : $this_user[password]";
} }
$userAccountList[] = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$thisUser['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.''; $user_account_list[] = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$this_user['loginName']."\n".get_lang('ResetLink').' : '.$reset_link.'';
} }
if ($userAccountList) { if ($user_account_list) {
$userAccountList = implode("\n------------------------\n", $userAccountList); $user_account_list = implode("\n------------------------\n", $user_account_list);
} }
} }
} else { } else {
@ -79,10 +80,10 @@ function get_user_account_list($user, $reset = false, $by_username = false) {
$user = $user[0]; $user = $user[0];
} }
$reset_link = get_lang('Pass')." : $user[password]"; $reset_link = get_lang('Pass')." : $user[password]";
$userAccountList = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".$reset_link.''; $user_account_list = get_lang('YourRegistrationData')." : \n".get_lang('UserName').' : '.$user['loginName']."\n".$reset_link.'';
} }
return $userAccountList; return $user_account_list;
} }
/** /**
@ -92,37 +93,39 @@ function get_user_account_list($user, $reset = false, $by_username = false) {
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/ */
function send_password_to_user($user, $by_username = false) { function send_password_to_user($user, $by_username = false) {
global $charset;
global $_configuration; global $_configuration;
/*
$emailHeaders = get_email_headers(); // Email Headers $emailHeaders = get_email_headers(); // Email Headers
$emailSubject = "[".get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT */
$email_subject = "[".get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
if ($by_username) { // Show only for lost password if ($by_username) { // Show only for lost password
$userAccountList = get_user_account_list($user, false, $by_username); // BODY $user_account_list = get_user_account_list($user, false, $by_username); // BODY
$emailTo = $user["email"]; $email_to = $user['email'];
} else { } else {
$userAccountList = get_user_account_list($user); // BODY $user_account_list = get_user_account_list($user); // BODY
$emailTo = $user[0]["email"]; $email_to = $user[0]['email'];
} }
$portal_url = $_configuration['root_web']; $portal_url = $_configuration['root_web'];
if ($_configuration['multiple_access_urls']) { if ($_configuration['multiple_access_urls']) {
$access_url_id = api_get_current_access_url_id(); $access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1 ){ if ($access_url_id != -1 ) {
$url = api_get_access_url($access_url_id); $url = api_get_access_url($access_url_id);
$portal_url = $url['url']; $portal_url = $url['url'];
} }
} }
$emailBody = get_lang('YourAccountParam')." ".$portal_url."\n\n$userAccountList"; $email_body = get_lang('YourAccountParam')." ".$portal_url."\n\n$user_account_list";
// SEND MESSAGE // SEND MESSAGE
$sender_name = get_setting('administratorName').' '.get_setting('administratorSurname'); $sender_name = api_get_person_name(get_setting('administratorName'), get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = get_setting('emailAdministrator'); $email_admin = get_setting('emailAdministrator');
if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name, $email_admin) == 1) { if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) {
Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed')); Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));
} else { } else {
$message = get_lang('SystemUnableToSendEmailContact') . ' ' . Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>"; $message = get_lang('SystemUnableToSendEmailContact').' '.Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
} }
} }
@ -136,32 +139,34 @@ function send_password_to_user($user, $by_username = false) {
* @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University * @author Olivier Cauberghe <olivier.cauberghe@UGent.be>, Ghent University
*/ */
function handle_encrypted_password($user, $by_username = false) { function handle_encrypted_password($user, $by_username = false) {
global $charset;
global $_configuration; global $_configuration;
/*
$emailHeaders = get_email_headers(); // Email Headers $emailHeaders = get_email_headers(); // Email Headers
$emailSubject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT */
$email_subject = "[".api_get_setting('siteName')."] ".get_lang('LoginRequest'); // SUBJECT
if ($by_username) { // Show only for lost password if ($by_username) { // Show only for lost password
$userAccountList = get_user_account_list($user, true, $by_username); // BODY $user_account_list = get_user_account_list($user, true, $by_username); // BODY
$emailTo = $user["email"]; $email_to = $user['email'];
} else { } else {
$userAccountList = get_user_account_list($user, true); // BODY $user_account_list = get_user_account_list($user, true); // BODY
$emailTo = $user[0]["email"]; $email_to = $user[0]['email'];
} }
$secretword = get_secret_word($emailTo); $secret_word = get_secret_word($email_to);
$emailBody = get_lang('DearUser')." :\n".get_lang("password_request")."\n\n"; $email_body = get_lang('DearUser')." :\n".get_lang('password_request')."\n\n";
$emailBody .= "-----------------------------------------------\n".$userAccountList."\n-----------------------------------------------\n\n"; $email_body .= "-----------------------------------------------\n".$user_account_list."\n-----------------------------------------------\n\n";
$emailBody .= get_lang('PasswordEncryptedForSecurity'); $email_body .= get_lang('PasswordEncryptedForSecurity');
$emailBody .= "\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin'); $email_body .= "\n\n".get_lang('Formula').",\n".get_lang('PlataformAdmin');
$sender_name = get_setting('administratorName').' '.get_setting('administratorSurname'); $sender_name = api_get_person_name(api_get_setting('administratorName'), api_get_setting('administratorSurname'), null, PERSON_NAME_EMAIL_ADDRESS);
$email_admin = api_get_setting('emailAdministrator'); $email_admin = api_get_setting('emailAdministrator');
if (@api_mail('', $emailTo, $emailSubject, $emailBody, $sender_name, $email_admin) == 1) { if (@api_mail('', $email_to, $email_subject, $email_body, $sender_name, $email_admin) == 1) {
Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed')); Display::display_confirmation_message(get_lang('YourPasswordHasBeenEmailed'));
} else { } else {
$message = get_lang('SystemUnableToSendEmailContact') . ' ' . Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>"; $message = get_lang('SystemUnableToSendEmailContact').' '.Display :: encrypted_mailto_link(get_setting('emailAdministrator'), get_lang('PlatformAdmin')).".</p>";
Display::display_error_message($message, false); Display::display_error_message($message, false);
} }
} }
@ -172,7 +177,7 @@ function handle_encrypted_password($user, $by_username = false) {
*/ */
function get_secret_word($add) { function get_secret_word($add) {
global $_configuration; global $_configuration;
return $secretword = md5($_configuration['security_key'].$add); return $secret_word = md5($_configuration['security_key'].$add);
} }
/** /**
@ -189,21 +194,17 @@ function reset_password($secret, $id, $by_username = false) {
if ($result && $num_rows > 0) { if ($result && $num_rows > 0) {
$user = Database::fetch_array($result); $user = Database::fetch_array($result);
} else { } else {
return "Could not reset password."; return 'Could not reset password.'; // TODO: This message has to be translated.
} }
if (get_secret_word($user["email"]) == $secret) { // OK, secret word is good. Now change password and mail it. if (get_secret_word($user['email']) == $secret) { // OK, secret word is good. Now change password and mail it.
$user['password'] = api_generate_password();
$user["password"] = api_generate_password(); $crypted = $user['password'];
$crypted = $user["password"];
$crypted = api_get_encrypted_password($crypted); $crypted = api_get_encrypted_password($crypted);
$sql = "UPDATE ".$tbl_user." SET password='$crypted' WHERE user_id=$id"; $sql = "UPDATE ".$tbl_user." SET password='$crypted' WHERE user_id=$id";
$result = Database::query($sql, __FILE__, __LINE__); $result = Database::query($sql, __FILE__, __LINE__);
return send_password_to_user($user, $by_username); return send_password_to_user($user, $by_username);
} else { } else {
return 'Not allowed.'; // TODO: This message has to be translated.
return "Not allowed.";
} }
} }

128
main/auth/my_progress.php
Unescape View File

@ -37,16 +37,16 @@ $tbl_course_quiz = Database :: get_course_table(TABLE_QUIZ_TEST);
// get course list // get course list
$sql = 'SELECT course_code FROM '.$tbl_course_user.' WHERE user_id='.intval($_user['user_id']); $sql = 'SELECT course_code FROM '.$tbl_course_user.' WHERE user_id='.intval($_user['user_id']);
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$Courses = array(); $courses = array();
while($row = Database :: fetch_array($rs)) { while($row = Database :: fetch_array($rs)) {
$Courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']); $courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']);
} }
// get the list of sessions where the user is subscribed as student // get the list of sessions where the user is subscribed as student
$sql = 'SELECT DISTINCT course_code FROM '.Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER).' WHERE id_user='.intval($_user['user_id']); $sql = 'SELECT DISTINCT course_code FROM '.Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER).' WHERE id_user='.intval($_user['user_id']);
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
while($row = Database :: fetch_array($rs)) { while($row = Database :: fetch_array($rs)) {
$Courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']); $courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']);
} }
echo '<div class="actions-title" >'; echo '<div class="actions-title" >';
@ -66,7 +66,7 @@ $now = date('Y-m-d');
<th><?php echo get_lang('Progress'); ?></th> <th><?php echo get_lang('Progress'); ?></th>
<th><?php <th><?php
echo get_lang('Score'); echo get_lang('Score');
Display :: display_icon('info3.gif',get_lang('ScormAndLPTestTotalAverage') , array ('align' => 'absmiddle', 'hspace' => '3px')); Display :: display_icon('info3.gif', get_lang('ScormAndLPTestTotalAverage'), array ('align' => 'absmiddle', 'hspace' => '3px'));
?></th> ?></th>
<th><?php echo get_lang('LastConnexion'); ?></th> <th><?php echo get_lang('LastConnexion'); ?></th>
<th><?php echo get_lang('Details'); ?></th> <th><?php echo get_lang('Details'); ?></th>
@ -74,23 +74,19 @@ $now = date('Y-m-d');
<?php <?php
$i = 0; $i = 0;
$totalWeighting = 0;
$totalScore = 0;
$totalItem = 0;
$totalProgress = 0;
foreach ($Courses as $enreg) { foreach ($courses as $enreg) {
$weighting = 0; $weighting = 0;
$lastConnexion = Tracking :: get_last_connection_date_on_the_course($_user['user_id'], $enreg['code']); $last_connection = Tracking :: get_last_connection_date_on_the_course($_user['user_id'], $enreg['code']);
$progress = Tracking :: get_avg_student_progress($_user['user_id'], $enreg['code']); $progress = Tracking :: get_avg_student_progress($_user['user_id'], $enreg['code']);
$total_time_login = Tracking :: get_time_spent_on_the_course($_user['user_id'], $enreg['code']); $total_time_login = Tracking :: get_time_spent_on_the_course($_user['user_id'], $enreg['code']);
$time = api_time_to_hms($total_time_login); $time = api_time_to_hms($total_time_login);
$pourcentageScore = Tracking :: get_average_test_scorm_and_lp ($_user['user_id'], $enreg['code']); $percentage_score = Tracking :: get_average_test_scorm_and_lp ($_user['user_id'], $enreg['code']);
?> ?>
<tr class='<?php echo $i?'row_odd':'row_even'; ?>'> <tr class='<?php echo $i?'row_odd':'row_even'; ?>'>
<td> <td>
<?php echo api_html_entity_decode($enreg['title'], ENT_QUOTES, $charset); ?> <?php echo api_html_entity_decode($enreg['title'], ENT_QUOTES, api_get_system_encoding()); ?>
</td> </td>
<td align='center'> <td align='center'>
<?php echo $time; ?> <?php echo $time; ?>
@ -100,22 +96,22 @@ foreach ($Courses as $enreg) {
</td> </td>
<td align='center'> <td align='center'>
<?php <?php
if (!is_null($pourcentageScore)) { if (!is_null($percentage_score)) {
echo $pourcentageScore.'%'; echo $percentage_score.'%';
} else { } else {
echo '0%'; echo '0%';
} }
?> ?>
</td> </td>
<td align='center' > <td align='center' >
<?php echo $lastConnexion; ?> <?php echo $last_connection; ?>
</td> </td>
<td align='center'> <td align='center'>
<a href="<?php echo api_get_self(); ?>?course=<?php echo $enreg['code']; ?>"> <?php Display::display_icon('2rightarrow.gif', get_lang('Details')); ?> </a> <a href="<?php echo api_get_self(); ?>?course=<?php echo $enreg['code']; ?>"> <?php Display::display_icon('2rightarrow.gif', get_lang('Details')); ?> </a>
</td> </td>
</tr> </tr>
<?php <?php
$i=$i ? 0 : 1; $i = $i ? 0 : 1;
} }
?> ?>
</table> </table>
@ -130,7 +126,7 @@ foreach ($Courses as $enreg) {
*/ */
if (isset($_GET['course'])) { if (isset($_GET['course'])) {
$course = Database::escape_string($_GET['course']); $course = Database::escape_string($_GET['course']);
$a_infosCours = CourseManager::get_course_information($course); $course_info = CourseManager::get_course_information($course);
//get coach and session_name if there is one and if session_mode is activated //get coach and session_name if there is one and if session_mode is activated
if (api_get_setting('use_session_mode') == 'true') { if (api_get_setting('use_session_mode') == 'true') {
@ -164,21 +160,21 @@ foreach ($Courses as $enreg) {
$sql = 'SELECT id_coach FROM '.$tbl_session_course.' $sql = 'SELECT id_coach FROM '.$tbl_session_course.'
WHERE id_session='.$session_id.' WHERE id_session='.$session_id.'
AND course_code = "'.Database::escape_string($_GET['course']).'"'; AND course_code = "'.Database::escape_string($_GET['course']).'"';
$rs = Database::query($sql,__FILE__,__LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$session_course_coach_id = intval(Database::result($rs, 0, 0)); $session_course_coach_id = intval(Database::result($rs, 0, 0));
if ($session_course_coach_id != 0) { if ($session_course_coach_id != 0) {
$coach_infos = UserManager :: get_user_info_by_id($session_course_coach_id); $coach_info = UserManager :: get_user_info_by_id($session_course_coach_id);
$a_infosCours['tutor_name'] = api_get_person_name($coach_infos['firstname'], $coach_infos['lastname']); $course_info['tutor_name'] = api_get_person_name($coach_info['firstname'], $coach_info['lastname']);
} }
else if($session_coach_id != 0) { else if($session_coach_id != 0) {
$coach_infos = UserManager :: get_user_info_by_id($session_coach_id); $coach_info = UserManager :: get_user_info_by_id($session_coach_id);
$a_infosCours['tutor_name'] = api_get_person_name($coach_infos['firstname'], $coach_infos['lastname']); $course_info['tutor_name'] = api_get_person_name($coach_info['firstname'], $coach_info['lastname']);
} }
} }
} // end if (api_get_setting('use_session_mode') == 'true') } // end if (api_get_setting('use_session_mode') == 'true')
$tableTitle = $a_infosCours['title'].' | Coach : '.$a_infosCours['tutor_name'].((!empty($session_name)) ? ' | '.get_lang('Session').' : '.$session_name : ''); $tableTitle = $course_info['title'].' | Coach : '.$course_info['tutor_name'].((!empty($session_name)) ? ' | '.get_lang('Session').' : '.$session_name : '');
?> ?>
<table class="data_table" width="100%"> <table class="data_table" width="100%">
@ -194,28 +190,28 @@ foreach ($Courses as $enreg) {
<th class="head" style="color:#000"><?php echo get_lang('LastConnexion'); ?></th> <th class="head" style="color:#000"><?php echo get_lang('LastConnexion'); ?></th>
</tr> </tr>
<?php <?php
$sqlLearnpath = "SELECT lp.name,lp.id FROM ".$a_infosCours['db_name'].".".$tbl_course_lp." AS lp"; $sql_learnpath = "SELECT lp.name,lp.id FROM ".$course_info['db_name'].".".$tbl_course_lp." AS lp";
$resultLearnpath = Database::query($sqlLearnpath); $result_learnpath = Database::query($sql_learnpath, __FILE__, __LINE__);
if (Database::num_rows($resultLearnpath) > 0) { if (Database::num_rows($result_learnpath) > 0) {
while($a_learnpath = Database::fetch_array($resultLearnpath)) { while($learnpath = Database::fetch_array($result_learnpath)) {
$progress = learnpath :: get_db_progress($a_learnpath['id'], $_user['user_id'], '%', $a_infosCours['db_name']); $progress = learnpath :: get_db_progress($learnpath['id'], $_user['user_id'], '%', $course_info['db_name']);
// calculates last connection time // calculates last connection time
$sql = 'SELECT MAX(start_time) $sql = 'SELECT MAX(start_time)
FROM '.$a_infosCours['db_name'].'.'.$tbl_course_lp_view_item.' AS item_view FROM '.$course_info['db_name'].'.'.$tbl_course_lp_view_item.' AS item_view
INNER JOIN '.$a_infosCours['db_name'].'.'.$tbl_course_lp_view.' AS view INNER JOIN '.$course_info['db_name'].'.'.$tbl_course_lp_view.' AS view
ON item_view.lp_view_id = view.id ON item_view.lp_view_id = view.id
AND view.lp_id = '.$a_learnpath['id'].' AND view.lp_id = '.$learnpath['id'].'
AND view.user_id = '.$_user['user_id']; AND view.user_id = '.$_user['user_id'];
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$start_time = Database::result($rs, 0, 0); $start_time = Database::result($rs, 0, 0);
// calculates time // calculates time
$sql = 'SELECT SUM(total_time) $sql = 'SELECT SUM(total_time)
FROM '.$a_infosCours['db_name'].'.'.$tbl_course_lp_view_item.' AS item_view FROM '.$course_info['db_name'].'.'.$tbl_course_lp_view_item.' AS item_view
INNER JOIN '.$a_infosCours['db_name'].'.'.$tbl_course_lp_view.' AS view INNER JOIN '.$course_info['db_name'].'.'.$tbl_course_lp_view.' AS view
ON item_view.lp_view_id = view.id ON item_view.lp_view_id = view.id
AND view.lp_id = '.$a_learnpath['id'].' AND view.lp_id = '.$learnpath['id'].'
AND view.user_id = '.$_user['user_id']; AND view.user_id = '.$_user['user_id'];
$rs = Database::query($sql, __FILE__, __LINE__); $rs = Database::query($sql, __FILE__, __LINE__);
$total_time = Database::result($rs, 0, 0); $total_time = Database::result($rs, 0, 0);
@ -224,7 +220,7 @@ foreach ($Courses as $enreg) {
echo "<tr> echo "<tr>
<td> <td>
"; ";
echo stripslashes($a_learnpath['name']); echo stripslashes($learnpath['name']);
echo " </td> echo " </td>
<td align='center'> <td align='center'>
"; ";
@ -237,7 +233,7 @@ foreach ($Courses as $enreg) {
<td align='center' width=180px > <td align='center' width=180px >
"; ";
if ($start_time != '') { if ($start_time != '') {
echo $lastConnexion; echo $last_connection;
} else { } else {
echo '-'; echo '-';
} }
@ -265,72 +261,72 @@ foreach ($Courses as $enreg) {
<?php <?php
$sql='SELECT visibility FROM '.$a_infosCours['db_name'].'.'.TABLE_TOOL_LIST.' WHERE name="quiz"'; $sql = 'SELECT visibility FROM '.$course_info['db_name'].'.'.TABLE_TOOL_LIST.' WHERE name="quiz"';
$resultVisibilityTests = Database::query($sql); $result_visibility_tests = Database::query($sql, __FILE__, __LINE__);
if (Database::result($resultVisibilityTests,0,'visibility')==1) { if (Database::result($result_visibility_tests, 0, 'visibility') == 1) {
$sqlExercices = " SELECT quiz.title,id, results_disabled $sql_exercices = " SELECT quiz.title,id, results_disabled
FROM ".$a_infosCours['db_name'].".".$tbl_course_quiz." AS quiz FROM ".$course_info['db_name'].".".$tbl_course_quiz." AS quiz
WHERE active='1'"; WHERE active='1'";
$resuktExercices = Database::query($sqlExercices); $result_exercices = Database::query($sql_exercices, __FILE__, __LINE__);
if (Database::num_rows($resuktExercices)>0) { if (Database::num_rows($result_exercices) > 0) {
while ($a_exercices = Database::fetch_array($resuktExercices)) { while ($exercices = Database::fetch_array($result_exercices)) {
$sqlEssais = " SELECT COUNT(ex.exe_id) as essais $sql_essais = " SELECT COUNT(ex.exe_id) as essais
FROM $tbl_stats_exercices AS ex FROM $tbl_stats_exercices AS ex
WHERE ex.exe_user_id='".$_user['user_id']."' AND ex.exe_cours_id = '".$a_infosCours['code']."' WHERE ex.exe_user_id='".$_user['user_id']."' AND ex.exe_cours_id = '".$course_info['code']."'
AND ex.exe_exo_id = ".$a_exercices['id']." AND ex.exe_exo_id = ".$exercices['id']."
AND orig_lp_id = 0 AND orig_lp_id = 0
AND orig_lp_item_id = 0 " AND orig_lp_item_id = 0 "
; ;
$resultEssais = Database::query($sqlEssais); $result_essais = Database::query($sql_essais , __FILE__, __LINE__);
$a_essais = Database::fetch_array($resultEssais); $essais = Database::fetch_array($result_essais);
$sqlScore = "SELECT exe_id , exe_result,exe_weighting $sql_score = "SELECT exe_id , exe_result,exe_weighting
FROM $tbl_stats_exercices FROM $tbl_stats_exercices
WHERE exe_user_id = ".$_user['user_id']." WHERE exe_user_id = ".$_user['user_id']."
AND exe_cours_id = '".$a_infosCours['code']."' AND exe_cours_id = '".$course_info['code']."'
AND exe_exo_id = ".$a_exercices['id']." AND exe_exo_id = ".$exercices['id']."
AND orig_lp_id = 0 AND orig_lp_id = 0
AND orig_lp_item_id = 0 AND orig_lp_item_id = 0
ORDER BY exe_date DESC LIMIT 1"; ORDER BY exe_date DESC LIMIT 1";
$resultScore = Database::query($sqlScore); $result_score = Database::query($sql_score, __FILE__, __LINE__);
$score = 0; $score = 0;
while($a_score = Database::fetch_array($resultScore)) { while($current_score = Database::fetch_array($result_score)) {
$score = $score + $a_score['exe_result']; $score = $score + $current_score['exe_result'];
$weighting = $weighting + $a_score['exe_weighting']; $weighting = $weighting + $current_score['exe_weighting'];
$exe_id = $a_score['exe_id']; $exe_id = $current_score['exe_id'];
} }
if ($weighting > 0) { if ($weighting > 0) {
// i.e 10.50% // i.e 10.50%
$pourcentageScore = round(($score * 100) / $weighting, 2); $percentage_score = round(($score * 100) / $weighting, 2);
} else { } else {
$pourcentageScore = 0; $percentage_score = 0;
} }
$weighting = 0; $weighting = 0;
echo '<tr> echo '<tr>
<td>'; <td>';
echo $a_exercices['title']; echo $exercices['title'];
echo '</td>'; echo '</td>';
if ($a_exercices['results_disabled'] == 0) { if ($exercices['results_disabled'] == 0) {
echo '<td align="center">'; echo '<td align="center">';
if ($a_essais['essais'] > 0) { if ($essais['essais'] > 0) {
echo $pourcentageScore.'%'; echo $percentage_score.'%';
} else { } else {
echo '/'; echo '/';
} }
echo '</td>'; echo '</td>';
echo '<td align="center">'; echo '<td align="center">';
echo $a_essais['essais']; echo $essais['essais'];
echo '</td> echo '</td>
<td align="center" width="25">'; <td align="center" width="25">';
if ($a_essais['essais'] > 0) { if ($essais['essais'] > 0) {
echo '<a href="../exercice/exercise_show.php?origin=myprogress&id='.$exe_id.'&cidReq='.$a_infosCours['code'].'&id_session='.Security::remove_XSS($_GET['id_session']).'"> '.Display::return_icon('quiz.gif', get_lang('Quiz')).' </a>'; echo '<a href="../exercice/exercise_show.php?origin=myprogress&id='.$exe_id.'&cidReq='.$course_info['code'].'&id_session='.Security::remove_XSS($_GET['id_session']).'"> '.Display::return_icon('quiz.gif', get_lang('Quiz')).' </a>';
} }
echo '</td>'; echo '</td>';
} else { } else {

6
main/auth/profile.php
Unescape View File

@ -452,7 +452,9 @@ function upload_user_production($user_id) {
$production_repository = $image_path['dir'].$user_id.'/'; $production_repository = $image_path['dir'].$user_id.'/';
if (!file_exists($production_repository)) { if (!file_exists($production_repository)) {
mkpath($production_repository); $perm = api_get_setting('permissions_for_new_directories');
$perm = octdec(!empty($perm) ? $perm : '0770');
@mkdir($production_repository, $perm, true);
} }
$filename = replace_dangerous_char($_FILES['production']['name']); $filename = replace_dangerous_char($_FILES['production']['name']);
@ -717,7 +719,7 @@ if (api_get_setting('allow_message_tool') == 'true') {
echo '</div><br />'; echo '</div><br />';
} }
}*/ }*/
echo '<img src="../img/delete.gif" alt="'.get_lang('Close').'" title="'.get_lang('Close').'" class="message-delete" />'; echo '<img src="'.api_get_path(WEB_IMG_PATH).'delete.gif" alt="'.get_lang('Close').'" title="'.get_lang('Close').'" class="message-delete" />';
if ($number_of_new_messages_of_friend > 0) { if ($number_of_new_messages_of_friend > 0) {
echo '<br />'; echo '<br />';
} }

Write Preview
Loading…
Cancel
Save