chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Should fix big button in #5989

Browse Source
1.9.x
Julio Montoya 12 years ago
parent b58c53f309
commit fecf54e337
4 changed files with 45 additions and 29 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 43
      main/auth/courses.php
  2. 3
      main/inc/lib/course.lib.php
  3. 8
      main/inc/lib/security.lib.php
  4. 20
      main/inc/lib/userportal.lib.php

43
main/auth/courses.php
Unescape View File

@ -16,7 +16,10 @@ $cidReset = true; // Flag forcing the 'current course' reset
// including files
require_once '../inc/global.inc.php';
require_once api_get_path(LIBRARY_PATH).'auth.lib.php';
$ctok = $_SESSION['sec_token'];
require_once api_get_path(LIBRARY_PATH).'auth.lib.php';
require_once api_get_path(LIBRARY_PATH).'app_view.php';
require_once 'courses_controller.php';
require_once api_get_path(LIBRARY_PATH).'mail.lib.inc.php';
@ -31,23 +34,23 @@ if (api_get_setting('show_courses_descriptions_in_catalog') == 'true') {
if ($("#dialog").length == 0) {
dialog = $(\'<div id="dialog" style="display:hidden"></div>\').appendTo(\'body\');
}
// load remote content
dialog.load(
url,
url,
{},
function(responseText, textStatus, XMLHttpRequest) {
dialog.dialog({
modal : true,
width : 540,
height : 400,
});
modal : true,
width : 540,
height : 400,
});
});
//prevent the browser to follow the link
return false;
});
});
</script>';
}
@ -81,7 +84,7 @@ if (isset($_GET['action']) && in_array($_GET['action'],$actions)) {
$action = $_GET['action'];
}
if ($action == 'createcoursecategory') {
if ($action == 'createcoursecategory') {
$nameTools = get_lang('CreateCourseCategory');
}
if ($action == 'subscribe') {
@ -102,20 +105,20 @@ $interbreadcrumb[] = array('url' => api_get_path(WEB_PATH).'user_portal.php', 'n
if (empty($nameTools)) {
$nameTools = get_lang('CourseManagement');
} else {
if (!in_array($action, array('sortmycourses', 'createcoursecategory', 'display_random_courses', 'display_courses', 'subscribe'))) {
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'auth/courses.php', 'name' => get_lang('CourseManagement'));
}
if ($action == 'createcoursecategory') {
$interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'auth/courses.php?action=sortmycourses', 'name' => get_lang('SortMyCourses'));
}
}
$interbreadcrumb[] = array('url' => '#', 'name' => $nameTools);
}
// course description controller object
$courses_controller = new CoursesController();
$ctok = $_SESSION['sec_token'];
// We are moving a course or category of the user up/down the list (=Sort My Courses).
if (isset($_GET['move'])) {
@ -156,7 +159,7 @@ if ($action == 'deletecoursecategory' && isset($_GET['id'])) {
// We are creating a new user defined course category (= Create Course Category).
if (isset($_POST['create_course_category']) && isset($_POST['title_course_category']) && strlen(trim($_POST['title_course_category'])) > 0) {
if ($ctok == $_POST['sec_token']) {
$courses_controller->add_course_category($_POST['title_course_category']);
$courses_controller->add_course_category($_POST['title_course_category']);
}
}
@ -169,9 +172,9 @@ if (isset($_REQUEST['search_course'])) {
}
// Subscribe user to course
if (isset($_REQUEST['subscribe_course'])) {
if (isset($_REQUEST['subscribe_course'])) {
if ($ctok == $_GET['sec_token']) {
$courses_controller->subscribe_user($_GET['subscribe_course'], $_GET['search_term'], $_GET['category_code']);
$courses_controller->subscribe_user($_GET['subscribe_course'], $_GET['search_term'], $_GET['category_code']);
}
}
// We are unsubscribing from a course (=Unsubscribe from course).
@ -189,8 +192,8 @@ if (isset($_POST['unsubscribe'])) {
}
}
switch ($action) {
case 'subscribe_user_with_password':
$courses_controller->subscribe_user($_POST['subscribe_user_with_password'], $_POST['search_term'], $_POST['category_code']);
case 'subscribe_user_with_password':
$courses_controller->subscribe_user($_POST['subscribe_user_with_password'], $_POST['search_term'], $_POST['category_code']);
exit;
break;
case 'createcoursecategory':
@ -199,16 +202,16 @@ switch ($action) {
case 'deletecoursecategory':
$courses_controller->courses_list($action);
break;
case 'sortmycourses':
case 'sortmycourses':
$courses_controller->courses_list($action);
break;
case 'subscribe':
case 'subscribe':
case 'display_random_courses':
if ($user_can_view_page) {
$courses_controller->courses_categories($action);
} else {
api_not_allowed();
}
}
break;
case 'display_courses':
$courses_controller->courses_categories($action, $_GET['category_code']);

3
main/inc/lib/course.lib.php
Unescape View File

@ -3853,6 +3853,8 @@ class CourseManager {
public static function process_hot_course_item($courses, $my_course_code_list = array()) {
$ajax_url = api_get_path(WEB_AJAX_PATH).'course.ajax.php?a=add_course_vote';
$stok = Security::get_existing_token();
foreach ($courses as &$my_course) {
$course_info = api_get_course_info($my_course['course_code']);
$my_course['extra_info'] = $course_info;
@ -3862,7 +3864,6 @@ class CourseManager {
//Course visibility
if ($access_link && in_array('register', $access_link)) {
$stok = Security::get_token();
$my_course['extra_info']['register_button'] = Display::url(get_lang('Subscribe'), api_get_path(WEB_COURSE_PATH).$course_info['path'].'/index.php?action=subscribe&amp;sec_token='.$stok, array('class' => 'btn btn-primary'));
}

8
main/inc/lib/security.lib.php
Unescape View File

@ -190,6 +190,14 @@ class Security {
return $token;
}
public static function get_existing_token() {
if (isset($_SESSION['sec_token']) && !empty($_SESSION['sec_token'])) {
return $_SESSION['sec_token'];
} else {
return self::get_token();
}
}
/**
* Gets the user agent in the session to later check it with check_ua() to prevent
* most cases of session hijacking.

20
main/inc/lib/userportal.lib.php
Unescape View File

@ -350,7 +350,6 @@ class IndexManager {
*/
function return_courses_in_categories() {
$result = '';
$ctok = $_SESSION['sec_token'];
$stok = Security::get_token();
// Initialization.
@ -489,15 +488,17 @@ class IndexManager {
$courses_of_user = self::get_courses_of_user(api_get_user_id());
}
foreach ($course_list as $course) {
// $setting_show_also_closed_courses
if (!$setting_show_also_closed_courses) {
// If we do not show the closed courses
// we only show the courses that are open to the world (to everybody)
// and the courses that are open to the platform (if the current user is a registered user.
if( ($user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM) || ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD)) {
if (($user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM) || ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD)) {
$courses_shown++;
$courses_list_string .= "<li>\n";
$courses_list_string .= "<li>";
$courses_list_string .= '<a href="'.$web_course_path.$course['directory'].'/">'.$course['title'].'</a><br />';
$course_details = array();
if (api_get_setting('display_coursecode_in_courselist') == 'true') {
@ -510,7 +511,7 @@ class IndexManager {
$course_details[] = $course['course_language'];
}
$courses_list_string .= implode(' - ', $course_details);
$courses_list_string .= "</li>\n";
$courses_list_string .= "</li>";
}
} else {
// We DO show the closed courses.
@ -522,7 +523,7 @@ class IndexManager {
// 5. the user is the platform admin api_is_platform_admin().
//
$courses_shown++;
$courses_list_string .= "<li>\n";
$courses_list_string .= "<li>";
if ($course['visibility'] == COURSE_VISIBILITY_OPEN_WORLD
|| ($user_identified && $course['visibility'] == COURSE_VISIBILITY_OPEN_PLATFORM)
|| ($user_identified && key_exists($course['code'], $courses_of_user) && $course['visibility'] != COURSE_VISIBILITY_CLOSED)
@ -556,12 +557,15 @@ class IndexManager {
// We display a subscription link if:
// 1. it is allowed to register for the course and if the course is not already in the courselist of the user and if the user is identiefied
// 2.
if ($user_identified && !key_exists($course['code'], $courses_of_user)) {
if ($user_identified && !in_array($course['code'], $courses_of_user)) {
if ($course['subscribe'] == '1') {
$courses_list_string .= '<form action="main/auth/courses.php?action=subscribe&category='.Security::remove_XSS($_GET['category']).'" method="post">';
/*$courses_list_string .= '<form action="main/auth/courses.php?action=subscribe&category='.Security::remove_XSS($_GET['category']).'" method="post">';
$courses_list_string .= '<input type="hidden" name="sec_token" value="'.$stok.'">';
$courses_list_string .= '<input type="hidden" name="subscribe" value="'.$course['code'].'" />';
$courses_list_string .= '<input type="image" name="unsub" src="main/img/enroll.gif" alt="'.get_lang('Subscribe').'" />'.get_lang('Subscribe').'</form>';
$courses_list_string .= '<input type="image" name="unsub" src="main/img/enroll.gif" alt="'.get_lang('Subscribe').'" />'.get_lang('Subscribe').'</form>';
*/
$courses_list_string .= '<a class="btn btn-primary" href="main/auth/courses.php?action=subscribe_course&amp;sec_token='.$stok.'&amp;subscribe_course='.$course['code'].'&amp;category_code='.Security::remove_XSS($_GET['category']).'">'.get_lang('Subscribe').'</a><br />';
} else {
$courses_list_string .= '<br />'.get_lang('SubscribingNotAllowed');
}

Write Preview
Loading…
Cancel
Save