diff --git a/main/conference/index.php b/main/conference/index.php index 10ab049fc9..ddae5fc0e2 100755 --- a/main/conference/index.php +++ b/main/conference/index.php @@ -5,8 +5,8 @@ */ require_once '../inc/global.inc.php'; api_protect_course_script(); -//Not sure what values can be set here I just found that $_SESSION["roomType"] could be the string "conference" -if ($_GET['type'] == 'conference') { +// Only allow conference or classroom modes. Others are likely to be attacks +if ($_GET['type'] == 'conference' or $_GET['type'] == 'classroom') { $_SESSION["roomType"] = $_GET['type']; } ?> diff --git a/main/exercice/answer.class.php b/main/exercice/answer.class.php index a3fddda2f0..b3592277d8 100755 --- a/main/exercice/answer.class.php +++ b/main/exercice/answer.class.php @@ -13,31 +13,31 @@ if(!class_exists('Answer')): class Answer { - var $questionId; + public $questionId; // these are arrays - var $answer; - var $correct; - var $comment; - var $weighting; - var $position; - var $hotspot_coordinates; - var $hotspot_type; - var $destination; + public $answer; + public $correct; + public $comment; + public $weighting; + public $position; + public $hotspot_coordinates; + public $hotspot_type; + public $destination; // these arrays are used to save temporarily new answers // then they are moved into the arrays above or deleted in the event of cancellation - var $new_answer; - var $new_correct; - var $new_comment; - var $new_weighting; - var $new_position; - var $new_hotspot_coordinates; - var $new_hotspot_type; - - var $nbrAnswers; - var $new_nbrAnswers; - var $new_destination; // id of the next question if feedback option is set to Directfeedback + public $new_answer; + public $new_correct; + public $new_comment; + public $new_weighting; + public $new_position; + public $new_hotspot_coordinates; + public $new_hotspot_type; + + public $nbrAnswers; + public $new_nbrAnswers; + public $new_destination; // id of the next question if feedback option is set to Directfeedback /** * constructor of the class diff --git a/main/exercice/exercice.php b/main/exercice/exercice.php index 1993b24930..0523efe7b7 100755 --- a/main/exercice/exercice.php +++ b/main/exercice/exercice.php @@ -643,9 +643,6 @@ if ($is_allowedToEdit) { $res = Database::query($query); $row = Database :: fetch_array($res, 'ASSOC'); api_item_property_update($_course, TOOL_DOCUMENT, $row['id'], 'invisible', $_user['user_id']); - #$query = "UPDATE $TBL_DOCUMENT SET visibility='$newVisibilityStatus' WHERE path=\"".$file."\""; //added by Toon - #Database::query($query); - //$dialogBox = get_lang('ViMod'); break; default : break; @@ -675,7 +672,7 @@ HotPotGCt($documentPath, 1, $_user['user_id']); //condition for the session $session_id = api_get_session_id(); -$condition_session = api_get_session_condition($session_id); +$condition_session = api_get_session_condition($session_id,true,true); // only for administrator if ($is_allowedToEdit) { @@ -686,7 +683,6 @@ if ($is_allowedToEdit) { } elseif ($show == 'test') { // only for students $sql = "SELECT id, title, type, description, results_disabled, session_id, start_time FROM $TBL_EXERCICES WHERE active='1' $condition_session ORDER BY title LIMIT " . (int) $from . "," . (int) ($limitExPage +1); - $result = Database::query($sql); } if ($show == 'test') { @@ -757,7 +753,6 @@ if (($is_allowedToEdit) and ($origin != 'learnpath')) { echo '' . Display :: return_icon('back.png', get_lang('GoBackToQuestionList')) . get_lang('GoBackToQuestionList') . ''; echo ''.Display::return_icon('csv.gif',get_lang('ExportAsCSV')).get_lang('ExportAsCSV').''; echo '' . Display :: return_icon('excel.gif', get_lang('ExportAsXLS')) . get_lang('ExportAsXLS') . ''; - //echo ''.Display::return_icon('synthese_view.gif',$alt).$alt.''; echo '
'; echo ''; echo ''; @@ -768,9 +763,6 @@ if (($is_allowedToEdit) and ($origin != 'learnpath')) { echo ''; echo ''; echo '
'; - //echo '
'; - //echo $extra_user_fields; - //echo '
'; } } } else { @@ -783,35 +775,6 @@ if (($is_allowedToEdit) and ($origin != 'learnpath')) { } if ($_configuration['tracking_enabled']) { if ($show == 'result') { - /*if (!function_exists('make_select')) - { - function make_select($name,$values,$checked='') - { - $output .= ''; - return $output; - } - }*/ - - /*if (!function_exists('make_select_users')) - { - function make_select_users($name,$values,$checked='') - { - $output .= ''; - return $output; - } - }*/ - if (api_is_allowed_to_edit(null,true)) { if (!$_GET['filter']) { $filter_by_not_revised = true; @@ -836,27 +799,9 @@ if ($_configuration['tracking_enabled']) { } else { $view_result = ''.Display :: return_icon('un_check.gif', get_lang('ShowUnCorrectedOnly')).get_lang('ShowUnCorrectedOnly').''; } - //$form_filter = '
'; - //$form_filter .= make_select('filter',array(1=>get_lang('FilterByNotRevised'),2=>get_lang('FilterByRevised')),$filter); - //$form_filter .= '
'; echo $view_result; } } - /*if (api_is_allowed_to_edit()) - { - $user_count = count($user_list_name); - if ($user_count >0 ) { - $form_filter = '
'; - $user_list_for_select =array(); - for ($i=0;$i<$user_count;$i++) { - $user_list_for_select[$user_list_id[$i]]=$user_list_name[$i]; - } - $form_filter .= make_select_users('filter_by_user',$user_list_for_select,(int)$_REQUEST['filter_by_user']); - $form_filter .= ''; - $form_filter .= '
'; - echo $form_filter; - } - } */ } echo ''; // closing the actions div @@ -870,9 +815,6 @@ if ($show == 'test') { - - time()) { $is_actived_time = false; } @@ -943,138 +883,113 @@ if ($show == 'test') { echo ''; echo ''; - $exid = $row['id']; - - //count number exercice - teacher - $sqlquery = "SELECT count(*) FROM $TBL_EXERCICE_QUESTION WHERE exercice_id = '" . Database :: escape_string($exid) . "'"; - $sqlresult = Database::query($sqlquery); - $rowi = Database :: result($sqlresult, 0); - - //count number random exercice - teacher - $sql_random_query = 'SELECT type,random,active,results_disabled,max_attempt FROM ' . $TBL_EXERCICES . ' WHERE id="' . Database :: escape_string($exid) . '" '; - $rs_random = Database::query($sql_random_query); - $row_random = Database :: fetch_array($rs_random); - if ($row_random['random'] > 0) { - echo $row_random['random'] . ' ' . api_strtolower(get_lang(($row_random['random'] > 1 ? 'Questions' : 'Question'))) . ''; - } else { - echo $rowi . ' ' . api_strtolower(get_lang(($rowi > 1 ? 'Questions' : 'Question'))) . ''; - } -?> - - <?php echo api_htmlentities(get_lang('Edit'),ENT_QUOTES,$charset); ?> - ')) return false;"><?php echo api_htmlentities(get_lang('CopyExercise'),ENT_QUOTES,$charset); ?> - ')) return false;" ><?php echo api_htmlentities(get_lang('CleanStudentResults'),ENT_QUOTES,$charset); ?> - - '.api_htmlentities(get_lang('EnableResults'),ENT_QUOTES,$charset).''; - } else { - //echo ''.api_htmlentities(get_lang('DisableResults'),ENT_QUOTES,$charset).''; - } -?> - - - - - - - - ')) return false;"> <?php echo api_htmlentities(get_lang('Delete'),ENT_QUOTES,$charset); ?> - - <?php echo api_htmlentities(get_lang('Deactivate'),ENT_QUOTES,$charset); ?> - - <?php echo api_htmlentities(get_lang('Activate'),ENT_QUOTES,$charset); ?> - - '; - - echo ""; - echo ""; - } else { // student only -?> - - - - - - - - - - - - 0) { - echo $row_random['random'] . ' ' . api_strtolower(get_lang(($row_random['random'] > 1 ? 'Questions' : 'Question'))); - } else { - //show results student - echo $rowi . ' ' . api_strtolower(get_lang(($rowi > 1 ? 'Questions' : 'Question'))); - } - echo ''; - echo ''; - $eid = $row['id']; - $uid = api_get_user_id(); - //this query might be improved later on by ordering by the new "tms" field rather than by exe_id - $qry = "SELECT * FROM $TBL_TRACK_EXERCICES - WHERE exe_exo_id = '" . Database :: escape_string($eid) . "' and exe_user_id = '" . Database :: escape_string($uid) . "' AND exe_cours_id = '" . api_get_course_id() . "' AND status <>'incomplete' AND orig_lp_id = 0 AND orig_lp_item_id = 0 AND session_id = '" . api_get_session_id() . "' - ORDER BY exe_id DESC"; - $qryres = Database::query($qry); - $num = Database :: num_rows($qryres); - - //hide the results - if (!$is_actived_time) { - $my_result_disabled = $row['results_disabled']; - if ($my_result_disabled == 0) { - if ($num > 0) { - $row = Database :: fetch_array($qryres); - $percentage = 0; - if ($row['exe_weighting'] != 0) { - $percentage = ($row['exe_result'] / $row['exe_weighting']) * 100; + $exid = $row['id']; + + //count number exercice - teacher + $sqlquery = "SELECT count(*) FROM $TBL_EXERCICE_QUESTION WHERE exercice_id = '" . Database :: escape_string($exid) . "'"; + $sqlresult = Database::query($sqlquery); + $rowi = Database :: result($sqlresult, 0); + + //count number random exercice - teacher + $sql_random_query = 'SELECT type,random,active,results_disabled,max_attempt FROM ' . $TBL_EXERCICES . ' WHERE id="' . Database :: escape_string($exid) . '" '; + $rs_random = Database::query($sql_random_query); + $row_random = Database :: fetch_array($rs_random); + if ($row_random['random'] > 0) { + echo $row_random['random'] . ' ' . api_strtolower(get_lang(($row_random['random'] > 1 ? 'Questions' : 'Question'))) . ''; + } else { + echo $rowi . ' ' . api_strtolower(get_lang(($rowi > 1 ? 'Questions' : 'Question'))) . ''; + } + echo ''; + if ($session_id == $row['session_id']) { + ?> + <?php echo api_htmlentities(get_lang('Edit'),ENT_QUOTES,$charset); ?> + ')) return false;"><?php echo api_htmlentities(get_lang('CopyExercise'),ENT_QUOTES,$charset); ?> + ')) return false;" ><?php echo api_htmlentities(get_lang('CleanStudentResults'),ENT_QUOTES,$charset); ?> + ')) return false;"> <?php echo api_htmlentities(get_lang('Delete'),ENT_QUOTES,$charset); ?> + + <?php echo api_htmlentities(get_lang('Deactivate'),ENT_QUOTES,$charset); ?> + + <?php echo api_htmlentities(get_lang('Activate'),ENT_QUOTES,$charset); ?> + '; + } else { // not session resource + echo get_lang('ExerciseEditionNotAvailableInSession'); + } + echo ""; + echo ""; + } else { // student only + ?> + + + + + + + + '; + $exid = $row['id']; + //count number exercise questions + $sqlquery = "SELECT count(*) FROM $TBL_EXERCICE_QUESTION WHERE exercice_id = '" . Database :: escape_string($exid) . "'"; + $sqlresult = Database::query($sqlquery); + $rowi = Database :: result($sqlresult, 0); + //count number random exercice + $sql_random_query = 'SELECT type,random,active,results_disabled,max_attempt FROM ' . $TBL_EXERCICES . ' WHERE id="' . Database :: escape_string($exid) . '" '; + $rs_random = Database::query($sql_random_query); + $row_random = Database :: fetch_array($rs_random); + if ($row_random['random'] > 0) { + echo $row_random['random'] . ' ' . api_strtolower(get_lang(($row_random['random'] > 1 ? 'Questions' : 'Question'))); + } else { + //show results student + echo $rowi . ' ' . api_strtolower(get_lang(($rowi > 1 ? 'Questions' : 'Question'))); + } + echo ''; + echo ''; + $eid = $row['id']; + $uid = api_get_user_id(); + //this query might be improved later on by ordering by the new "tms" field rather than by exe_id + $qry = "SELECT * FROM $TBL_TRACK_EXERCICES + WHERE exe_exo_id = '" . Database :: escape_string($eid) . "' and exe_user_id = '" . Database :: escape_string($uid) . "' AND exe_cours_id = '" . api_get_course_id() . "' AND status <>'incomplete' AND orig_lp_id = 0 AND orig_lp_item_id = 0 AND session_id = '" . api_get_session_id() . "' + ORDER BY exe_id DESC"; + $qryres = Database::query($qry); + $num = Database :: num_rows($qryres); + + //hide the results + if (!$is_actived_time) { + $my_result_disabled = $row['results_disabled']; + if ($my_result_disabled == 0) { + if ($num > 0) { + $row = Database :: fetch_array($qryres); + $percentage = 0; + if ($row['exe_weighting'] != 0) { + $percentage = ($row['exe_result'] / $row['exe_weighting']) * 100; + } + echo get_lang('Attempted') . ' (' . get_lang('Score') . ': '; + printf("%1.2f\n", $percentage); + echo " %)"; + } else { + echo get_lang('WillBeActivated' .' '. $row['start_time']); } - echo get_lang('Attempted') . ' (' . get_lang('Score') . ': '; - printf("%1.2f\n", $percentage); - echo " %)"; } else { - echo get_lang('WillBeActivated' .' '. $row['start_time']); + echo get_lang('CantShowResults'); } + echo ''; } else { - echo get_lang('CantShowResults'); + echo get_lang('NotAttempted'); } - echo ''; - } else { - echo get_lang('NotAttempted'); } - } // skips the last exercise, that is only used to know if we have or not to create a link "Next page" if ($i == $limitExPage) { break; @@ -1154,12 +1069,9 @@ if ($show == 'test') { <?php echo api_htmlentities(get_lang('Activate'),ENT_QUOTES,$charset); ?> - - - '; + echo ''; } else { // student only if ($active == 1) { $nbrActiveTests = $nbrActiveTests +1; @@ -1305,21 +1217,11 @@ if ($_configuration['tracking_enabled'] && ($show == 'result')) { $result_disabled = 0; if ($result_disabled == 0) { - //echo ''; $add_start_date = $lang_nostartdate; if ($is_allowedToEdit || $is_tutor) { $user = $results[$i][0]; - //echo '' . $user . ' '; } - //echo '' . $test . ''; - //echo ''; if ($results[$i][7] != "0000-00-00 00:00:00") { //echo ceil((($results[$i][4] - $results[$i][7]) / 60)) . ' ' . get_lang('MinMinutes'); $exe_date_timestamp = api_strtotime($results[$i][4], date_default_timezone_get()); diff --git a/main/exercice/exercise.class.php b/main/exercice/exercise.class.php index e988a84295..55e317987d 100755 --- a/main/exercice/exercise.class.php +++ b/main/exercice/exercise.class.php @@ -18,22 +18,22 @@ if(!class_exists('Exercise')): class Exercise { - var $id; - var $exercise; - var $description; - var $sound; - var $type; - var $random; - var $random_answers; - var $active; - var $timeLimit; - var $attempts; - var $feedbacktype; - var $end_time; - var $start_time; - var $questionList; // array with the list of this exercise's questions - var $results_disabled; - var $expired_time; + public $id; + public $exercise; + public $description; + public $sound; + public $type; + public $random; + public $random_answers; + public $active; + public $timeLimit; + public $attempts; + public $feedbacktype; + public $end_time; + public $start_time; + public $questionList; // array with the list of this exercise's questions + public $results_disabled; + public $expired_time; /** * constructor of the class * diff --git a/main/exercice/question.class.php b/main/exercice/question.class.php index 5578431c6a..c50fb82482 100755 --- a/main/exercice/question.class.php +++ b/main/exercice/question.class.php @@ -32,15 +32,15 @@ define('MULTIPLE_ANSWER_COMBINATION', 9); */ abstract class Question { - var $id; - var $question; - var $description; - var $weighting; - var $position; - var $type; - var $level; - var $picture; - var $exerciseList; // array with the list of exercises which this question is in + public $id; + public $question; + public $description; + public $weighting; + public $position; + public $type; + public $level; + public $picture; + public $exerciseList; // array with the list of exercises which this question is in private $isContent; static $typePicture = 'new_question.png'; diff --git a/main/inc/lib/main_api.lib.php b/main/inc/lib/main_api.lib.php index f4a55c9f30..b827a9d488 100755 --- a/main/inc/lib/main_api.lib.php +++ b/main/inc/lib/main_api.lib.php @@ -1573,7 +1573,7 @@ function api_get_session_image($session_id, $status_id) { $session_img = ''; if ((int)$status_id != 5) { //check whether is not a student if ($session_id > 0) { - $session_img = " ".Display::return_icon('star.png', get_lang('ResourceSession'), array('align' => 'absmiddle')); + $session_img = " ".Display::return_icon('star.png', get_lang('SessionSpecificResource'), array('align' => 'absmiddle')); } } return $session_img; diff --git a/main/link/link.php b/main/link/link.php index 1fe3cbac48..dd778147a5 100755 --- a/main/link/link.php +++ b/main/link/link.php @@ -88,7 +88,7 @@ $nameTools = get_lang('Links'); // Condition for the session $session_id = api_get_session_id(); -$condition_session = api_get_session_condition($session_id, false); +$condition_session = api_get_session_condition($session_id, false, true); if (isset($_GET['action']) && $_GET['action'] == 'addlink') { $nameTools = ''; @@ -306,7 +306,7 @@ if (api_is_allowed_to_edit(null, true) && isset($_GET['action'])) { // Author : $default_values = ''; - if ($_GET['action'] == 'editlink') { + if ($_GET['action'] == 'editlink') { $filter = array('course_code'=> "'". api_get_course_id() ."'", 'field_id' => $specific_field['id'], 'ref_id' => Security::remove_XSS($_GET['id']), 'tool_id' => '\''. TOOL_LINK .'\''); $values = get_specific_field_values_list($filter, array('value')); if (!empty($values)) { @@ -382,15 +382,6 @@ if (api_is_allowed_to_edit(null, true) && isset($_GET['action'])) { echo ""; } - /*elseif(($_GET['action'] == 'importcsv') and !$submit_import) { - echo "

", get_lang('CsvImport'), "

\n\n", - "
", - // uncomment if you want to set a limit: '', "\n", - '', "\n", - "", - "
"; - echo get_lang('CsvExplain'); - }*/ } if (!empty($down)) { @@ -478,13 +469,16 @@ if (empty($_GET['action']) || ($_GET['action'] != 'editlink' && $_GET['action'] echo ''; echo ''; echo '  '.Security::remove_XSS($myrow['category_title']).'
   '.$myrow['description']; - + echo ''; if (api_is_allowed_to_edit(null, true)) { - echo ''; - showcategoryadmintools($myrow['id']); - echo ''; + if ($session_id == $myrow['session_id']) { + echo ''; + showcategoryadmintools($myrow['id']); + echo ''; + } else { + echo ''.get_lang('EditionNotAvailableFromSession'); + } } - echo ''; echo ''; echo ''; echo showlinksofcategory($myrow['id']); @@ -515,4 +509,4 @@ if (empty($_GET['action']) || ($_GET['action'] != 'editlink' && $_GET['action'] echo ''; } -Display::display_footer(); +Display::display_footer(); \ No newline at end of file diff --git a/main/link/linkfunctions.php b/main/link/linkfunctions.php index d921927fcb..cc42d3923d 100755 --- a/main/link/linkfunctions.php +++ b/main/link/linkfunctions.php @@ -505,7 +505,7 @@ function showlinksofcategory($catid) { // Condition for the session $session_id = api_get_session_id(); - $condition_session = api_get_session_condition($session_id); + $condition_session = api_get_session_condition($session_id, true, true); $sqlLinks = "SELECT * FROM ".$tbl_link." link, ".$TABLE_ITEM_PROPERTY." itemproperties WHERE itemproperties.tool='".TOOL_LINK."' AND link.id=itemproperties.ref AND link.category_id='".$catid."' AND (itemproperties.visibility='0' OR itemproperties.visibility='1') $condition_session ORDER BY link.display_order DESC"; $result = Database::query($sqlLinks); @@ -531,28 +531,32 @@ function showlinksofcategory($catid) { echo ''; if (api_is_allowed_to_edit(null, true)) { - - echo '', get_lang('Modify'), ''; - echo '', get_lang('Delete'), ''; - // DISPLAY MOVE UP COMMAND only if it is not the top link - if ($i != 1) { - echo ''.get_lang('Up').'', "\n"; - } else { - echo ''.get_lang('Up').''; - } - - // DISPLAY MOVE DOWN COMMAND only if it is not the bottom link - if ($i < $numberoflinks) { - echo ''.get_lang('Down').'', "\n"; + if ($session_id == $myrow['session_id']) { + + echo '', get_lang('Modify'), ''; + echo '', get_lang('Delete'), ''; + // DISPLAY MOVE UP COMMAND only if it is not the top link + if ($i != 1) { + echo ''.get_lang('Up').'', "\n"; + } else { + echo ''.get_lang('Up').''; + } + + // DISPLAY MOVE DOWN COMMAND only if it is not the bottom link + if ($i < $numberoflinks) { + echo ''.get_lang('Down').'', "\n"; + } else { + echo ''.get_lang('Down').''; + } + + if ($myrow['visibility'] == '1') { + echo ''; + } + if ($myrow['visibility'] == '0') { + echo ''; + } } else { - echo ''.get_lang('Down').''; - } - - if ($myrow['visibility'] == '1') { - echo ''; - } - if ($myrow['visibility'] == '0') { - echo ''; + echo get_lang('EditionNotAvailableFromSession'); } } echo '';