chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Feature #347 - Announcements and Authentication tool: Removing the parameters __FILE__ and __LINE__ in the Database::query() calls.

Browse Source
skala
Ivan Tcholakov 16 years ago
parent b4954dd54e
commit fedc0e93be
11 changed files with 137 additions and 138 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 30
      main/announcements/announcements.inc.php
  2. 54
      main/announcements/announcements.php
  3. 2
      main/announcements/download.php
  4. 2
      main/auth/course_description.php
  5. 104
      main/auth/courses.php
  6. 22
      main/auth/inscription.php
  7. 14
      main/auth/ldap/authldap.php
  8. 2
      main/auth/lostPassword.php
  9. 4
      main/auth/lost_password.lib.php
  10. 34
      main/auth/my_progress.php
  11. 7
      main/auth/profile.php

30
main/announcements/announcements.inc.php
Unescape View File

@ -71,7 +71,7 @@ function display_announcement($announcement_id)
AND toolitemproperties.to_group_id='0'
AND toolitemproperties.visibility='1'";
}
$sql_result = Database::query($sql_query,__FILE__,__LINE__);
$sql_result = Database::query($sql_query);
$result = Database::fetch_array($sql_result);
if ($result !== false) // A sanity check.
@ -358,7 +358,7 @@ function load_edit_users($tool, $id)
$id = Database::escape_string($id);
$sql = "SELECT * FROM $tbl_item_property WHERE tool='$tool' AND ref='$id'";
$result = Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result = Database::query($sql) or die(Database::error());
while ($row = Database::fetch_array($result))
{
$to_group=$row['to_group_id'];
@ -707,7 +707,7 @@ function sent_to($tool, $id)
$sent_to = array();
$sql="SELECT * FROM $tbl_item_property WHERE tool='$tool' AND ref='".$id."'";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
while ($row=Database::fetch_array($result)) {
@ -756,7 +756,7 @@ function change_visibility_announcement($tool,$id)
$sql = "SELECT * FROM $tbl_item_property WHERE tool='$tool' AND ref='$id'";
$result = Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result = Database::query($sql) or die(Database::error());
$row = Database::fetch_array($result);
if ($row['visibility']=='1')
@ -767,7 +767,7 @@ function change_visibility_announcement($tool,$id)
{
$sql_visibility="UPDATE $tbl_item_property SET visibility='1' WHERE tool='$tool' AND ref='$id'";
}
$result=Database::query($sql_visibility,__FILE__,__LINE__);
$result=Database::query($sql_visibility);
if ($result === false) {
return false;
}
@ -800,7 +800,7 @@ function store_advalvas_item($emailTitle, $newContent, $order, $to, $file = arra
// store in the table announcement
$sql = "INSERT INTO $tbl_announcement SET content = '$newContent', title = '$emailTitle', end_date = NOW(), display_order ='$order', session_id=".intval($_SESSION['id_session']);
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
if ($result === false) {
return false;
}
@ -858,7 +858,7 @@ function store_advalvas_group_item($emailTitle,$newContent, $order, $to, $to_use
// store in the table announcement
$sql = "INSERT INTO $tbl_announcement SET content = '$newContent', title = '$emailTitle', end_date = NOW(), display_order ='$order', session_id=".intval($_SESSION['id_session']);
$result = Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result = Database::query($sql) or die(Database::error());
if ($result === false) {
return false;
}
@ -924,7 +924,7 @@ function edit_advalvas_item($id,$emailTitle,$newContent,$to,$file = array(), $fi
// store the modifications in the table announcement
$sql = "UPDATE $tbl_announcement SET content='$newContent', title = '$emailTitle' WHERE id='$id'";
$result = Database::query($sql,__FILE__,__LINE__) or die(Database::error());
$result = Database::query($sql) or die(Database::error());
// save attachment file
$row_attach = get_attachment($id);
@ -940,7 +940,7 @@ function edit_advalvas_item($id,$emailTitle,$newContent,$to,$file = array(), $fi
// we remove everything from item_property for this
$sql_delete="DELETE FROM $tbl_item_property WHERE ref='$id' AND tool='announcement'";
$result = Database::query($sql_delete,__FILE__,__LINE__) or die(Database::error());
$result = Database::query($sql_delete) or die(Database::error());
// store in item_property (first the groups, then the users
if (!is_null($to)) // !is_null($to): when no user is selected we send it to everyone
@ -1006,7 +1006,7 @@ function update_mail_sent($insert_id)
$insert_id = Database::escape_string($insert_id);
// store the modifications in the table tbl_annoucement
$sql = "UPDATE $tbl_announcement SET email_sent='1' WHERE id='$insert_id'";
Database::query($sql,__FILE__,__LINE__);
Database::query($sql);
}
/**
@ -1032,7 +1032,7 @@ function get_all_annoucement_by_user_course($course_db, $user_id)
AND toolitemproperties.visibility='1'
AND announcement.session_id = 0
ORDER BY display_order DESC";
$rs = Database::query($sql,__FILE__,__LINE__);
$rs = Database::query($sql);
$num_rows = Database::num_rows($rs);
$content = '';
$i=0;
@ -1076,7 +1076,7 @@ function get_attachment($announcement_id) {
$announcement_id=Database::escape_string($announcement_id);
$row=array();
$sql = 'SELECT id,path, filename,comment FROM '. $tbl_announcement_attachment.' WHERE announcement_id = '.(int)$announcement_id.'';
$result=Database::query($sql, __FILE__, __LINE__);
$result=Database::query($sql);
if (Database::num_rows($result)!=0) {
$row=Database::fetch_array($result,ASSOC);
}
@ -1121,7 +1121,7 @@ function add_announcement_attachment_file($announcement_id, $file_comment, $file
// Storing the attachments if any
$sql = 'INSERT INTO '.$tbl_announcement_attachment.'(filename, comment, path, announcement_id, size) '.
"VALUES ( '$safe_file_name', '$file_comment', '$safe_new_file_name' , '$announcement_id', '".intval($file['size'])."' )";
$result = Database::query($sql, __LINE__, __FILE__);
$result = Database::query($sql);
$return = 1;
}
}
@ -1163,7 +1163,7 @@ function edit_announcement_attachment_file($id_attach, $file, $file_comment) {
$id_attach = intval($id_attach);
$sql = "UPDATE $tbl_announcement_attachment SET filename = '$safe_file_name', comment = '$safe_file_comment', path = '$safe_new_file_name', size ='".intval($file['size'])."'
WHERE id = '$id_attach'";
$result = Database::query($sql, __FILE__,__LINE__);
$result = Database::query($sql);
if ($result === false) {
$return = -1;
Display :: display_error_message(get_lang('UplUnableToSaveFile'));
@ -1186,7 +1186,7 @@ function delete_announcement_attachment_file($id) {
$tbl_announcement_attachment = Database::get_course_table(TABLE_ANNOUNCEMENT_ATTACHMENT);
$id=Database::escape_string($id);
$sql="DELETE FROM $tbl_announcement_attachment WHERE id = $id";
$result=Database::query($sql, __FILE__,__LINE__);
$result=Database::query($sql);
// update item_property
//api_item_property_update($_course, 'announcement_attachment', $id,'AnnouncementAttachmentDeleted', api_get_user_id());
}

54
main/announcements/announcements.php
Unescape View File

@ -270,7 +270,7 @@ if($surveyid)
{
$db_name=Database::escape_string($_REQUEST['db_name']);
$sql_temp = "SELECT * FROM $db_name.survey WHERE survey_id='$surveyid'";
$res_temp = Database::query($sql_temp, __FILE__, __LINE__);
$res_temp = Database::query($sql_temp);
$obj=@Database::fetch_object($res_temp);
$template=$obj->template;
}
@ -357,7 +357,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
-----------------------------------------------------------
*/
if (!empty($_GET['action']) AND $_GET['action']=='delete' AND isset($_GET['id'])) {
//Database::query("DELETE FROM $tbl_announcement WHERE id='$delete'",__FILE__,__LINE__);
//Database::query("DELETE FROM $tbl_announcement WHERE id='$delete'");
$id=intval(addslashes($_GET['id']));
if (api_get_session_id()!=0 && api_is_allowed_to_session_edit(false,true)==false) {
api_not_allowed();
@ -367,7 +367,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
// tooledit : visibility = 2 : only visibile for platform administrator
if ($ctok == $_GET['sec_token']) {
Database::query("UPDATE $tbl_item_property SET visibility='2' WHERE tool='".TOOL_ANNOUNCEMENT."' and ref='".$id."'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_item_property SET visibility='2' WHERE tool='".TOOL_ANNOUNCEMENT."' and ref='".$id."'");
delete_added_resource("Ad_Valvas", $delete);
@ -387,9 +387,9 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
*/
if (!empty($_GET['action']) and $_GET['action']=='delete_all') {
//Database::query("DELETE FROM $tbl_announcement",__FILE__,__LINE__);
//Database::query("DELETE FROM $tbl_announcement");
if (api_is_allowed_to_edit()) {
Database::query("UPDATE $tbl_item_property SET visibility='2' WHERE tool='".TOOL_ANNOUNCEMENT."'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_item_property SET visibility='2' WHERE tool='".TOOL_ANNOUNCEMENT."'");
delete_all_resources_type("Ad_Valvas");
@ -418,7 +418,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
if (!api_is_course_coach() || api_is_element_in_the_session(TOOL_ANNOUNCEMENT, $id)) {
$sql="SELECT * FROM $tbl_announcement WHERE id='$id'";
$rs = Database::query($sql,__FILE__,__LINE__);
$rs = Database::query($sql);
$myrow = Database::fetch_array($rs);
$last_id = $id;
$edit_attachment = edit_announcement_attachment_file($last_id, $_FILES['user_upload'], $file_comment);
@ -477,7 +477,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
"AND itemproperty.tool='".TOOL_ANNOUNCEMENT."' " .
"AND itemproperty.visibility<>2 " .
"ORDER BY display_order $sortDirection";
$result = Database::query($my_sql,__FILE__,__LINE__);
$result = Database::query($my_sql);
while (list ($announcementId, $announcementOrder) = Database::fetch_row($result)) {
// STEP 2 : FOUND THE NEXT ANNOUNCEMENT ID AND ORDER.
@ -488,10 +488,10 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
$nextAnnouncementOrder = $announcementOrder;
Database::query("UPDATE $tbl_announcement " .
"SET display_order = '$nextAnnouncementOrder' " .
"WHERE id = '$thisAnnouncementId'",__FILE__,__LINE__);
"WHERE id = '$thisAnnouncementId'");
Database::query("UPDATE $tbl_announcement " .
"SET display_order = '$thisAnnouncementOrder' " .
"WHERE id = '$nextAnnouncementId.'",__FILE__,__LINE__);
"WHERE id = '$nextAnnouncementId.'");
break;
}
@ -545,7 +545,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
if ($ctok == $_POST['sec_token']) {
if (!$surveyid) {
$result = Database::query("SELECT MAX(display_order) FROM $tbl_announcement WHERE session_id=".intval($_SESSION['id_session'])." OR session_id=0",__FILE__,__LINE__);
$result = Database::query("SELECT MAX(display_order) FROM $tbl_announcement WHERE session_id=".intval($_SESSION['id_session'])." OR session_id=0");
list($orderMax) = Database::fetch_row($result);
$order = $orderMax + 1;
$file = $_FILES['user_upload'];
@ -593,7 +593,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
//api_send_mail($to,$subject,$message,$headers);
@api_mail('',$to,$subject,$message,$sender_name,$email,$headers);
$sql_date="SELECT * FROM $db_name.survey WHERE survey_id='$surveyid'";
$res_date=Database::query($sql_date, __FILE__, __LINE__);
$res_date=Database::query($sql_date);
$obj_date=Database::fetch_object($res_date);
$end_date=$obj_date->avail_till;
$table_reminder = Database :: get_main_table(TABLE_MAIN_SURVEY_REMINDER); // TODO: To be checked. TABLE_MAIN_SURVEY_REMINDER has not been defined.
@ -602,19 +602,19 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
$time = $time['yday'];
$time = $time+7;
$sql_insert="INSERT INTO $table_reminder(sid,db_name,email,subject,content,reminder_choice,reminder_time,avail_till) values('$surveyid','$db_name','$to','".addslashes($subject)."','".addslashes($message)."','1','$time','$end_date')";
Database::query($sql_insert, __FILE__, __LINE__);
Database::query($sql_insert);
} else if ($_REQUEST['reminder']=="2") {
$time=getdate();
$time = $time['yday'];
$time = $time+14;
$sql_insert="INSERT INTO $table_reminder(sid,db_name,email,subject,content,reminder_choice,reminder_time,avail_till) values('$surveyid','$db_name','$to','".addslashes($subject)."','".addslashes($message)."','1','$time','$end_date')";
Database::query($sql_insert, __FILE__, __LINE__);
Database::query($sql_insert);
} else if($_REQUEST['reminder']=="3") {
$time=getdate();
$time = $time['yday'];
$time = $time+30;
$sql_insert="INSERT INTO $table_reminder(sid,db_name,email,subject,content,reminder_choice,reminder_time,avail_till) values('$surveyid','$db_name','$to','".addslashes($subject)."','".addslashes($message)."','1','$time','$end_date')";
Database::query($sql_insert, __FILE__, __LINE__);
Database::query($sql_insert);
}
}
}
@ -639,7 +639,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
WHERE gu.group_id IN (".$grouplist.")";
$groupMemberResult = Database::query($sql,__FILE__,__LINE__);
$groupMemberResult = Database::query($sql);
if ($groupMemberResult) {
@ -676,7 +676,7 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
}
if ($sqlmail != '') {
$rs_mail = Database::query($sqlmail,__FILE__,__LINE__);
$rs_mail = Database::query($sqlmail);
/*=================================================================================
send email one by one to avoid antispam
=================================================================================*/
@ -724,23 +724,23 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
$sender_name = api_get_person_name($_SESSION['_user']['firstName'], $_SESSION['_user']['lastName'], null, PERSON_NAME_EMAIL_ADDRESS);
$sender_email = $_SESSION['_user']['mail'];
// send attachment file
$data_file = array();
// send attachment file
$data_file = array();
$sql = 'SELECT path, filename FROM '.$tbl_announcement_attachment.' WHERE announcement_id = "'.$insert_id.'"';
$rs_attach = Database::query($sql, __FILE__, __LINE__);
$rs_attach = Database::query($sql);
if (Database::num_rows($rs_attach) > 0) {
$row_attach = Database::fetch_array($rs_attach);
$path_attach = api_get_path(SYS_COURSE_PATH).$_course['path'].'/upload/announcements/'.$row_attach['path'];
$filename_attach = $row_attach['filename'];
$data_file = array('path' => $path_attach,'filename' => $filename_attach);
}
@api_mail_html($recipient_name, $mailid, stripslashes($emailSubject), $mail_body, $sender_name, $sender_email, null, $data_file);
}
$sql_date="SELECT * FROM $db_name WHERE survey_id='$surveyid'";
$res_date=Database::query($sql_date, __FILE__, __LINE__);
$res_date=Database::query($sql_date);
$obj_date=Database::fetch_object($res_date);
$end_date=$obj_date->avail_till;
$table_reminder = Database :: get_main_table(TABLE_MAIN_SURVEY_REMINDER); // TODO: To be checked. TABLE_MAIN_SURVEY_REMINDER has not been defined.
@ -750,20 +750,20 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
$time = $time['yday'];
$time = $time+7;
$sql="INSERT INTO $table_reminder(sid,db_name,email,subject,content,reminder_choice,reminder_time,avail_till) values('$surveyid','$db_name','$mailid','".addslashes($emailSubject)."','".addslashes($mail_body)."','1','$time','$end_date')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
} else if ($_REQUEST['reminder']=="2") {
$time=getdate();
$time = $time['yday'];
$time = $time+14;
$sql="INSERT INTO $table_reminder(sid,db_name,email,subject,content,reminder_choice,reminder_time,avail_till) values('$surveyid','$db_name','$mailid','".addslashes($emailSubject)."','".addslashes($mail_body)."','1','$time','$end_date')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
} else if ($_REQUEST['reminder']=="3") {
$time=getdate();
$time = $time['yday'];
$time = $time+30;
$sql="INSERT INTO $table_reminder(sid,db_name,email,subject,content,reminder_choice,reminder_time,avail_till) values('$surveyid','$db_name','$mailid','".addslashes($emailSubject)."','".addslashes($mail_body)."','1','$time','$end_date')";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
}
update_mail_sent($insert_id);
@ -916,7 +916,7 @@ if(api_is_allowed_to_edit(false,true)) {
}
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$announcement_number = Database::num_rows($result);
/*----------------------------------------------------
@ -1342,7 +1342,7 @@ if ($display_announcement_list && !$surveyid) {
}
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$num_rows = Database::num_rows($result);
/*=================================================

2
main/announcements/download.php
Unescape View File

@ -84,7 +84,7 @@ event_download($doc_url);
$sql='SELECT filename FROM '.$tbl_announcement_attachment.'
WHERE path LIKE BINARY "'.$doc_url.'"';
$result= Database::query($sql, __FILE__, __LINE__);
$result= Database::query($sql);
$row= Database::fetch_array($result);
$title = str_replace(' ','_', $row['filename']);
DocumentManager::file_send_for_download($full_file_name,TRUE, $title);

2
main/auth/course_description.php
Unescape View File

@ -36,7 +36,7 @@ function show_course_description() {
$tbl_course_description = Database::get_course_table(TABLE_COURSE_DESCRIPTION, $database_course);
$sql = "SELECT * FROM $tbl_course_description WHERE session_id=0 ORDER BY id";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($description = Database::fetch_object($result)) {
$descriptions[$description->id] = $description;
}

104
main/auth/courses.php
Unescape View File

@ -285,7 +285,7 @@ function remove_user_from_course($user_id, $course_code) {
// because the course administrator cannot unsubscribe himself
// (s)he can only delete the course
$sql_check = "SELECT * FROM $tbl_course_user WHERE user_id='".$user_id."' AND course_code='".$course_code."' AND status='1'";
$result_check = Database::query($sql_check, __FILE__, __LINE__);
$result_check = Database::query($sql_check);
$number_of_rows = Database::num_rows($result_check);
if ($number_of_rows > 0) {
return false;
@ -326,9 +326,9 @@ function count_courses_in_category($category) {
// get course list auto-register
$sql = "SELECT course_code FROM $TABLE_COURSE_FIELD_VALUE tcfv INNER JOIN $TABLE_COURSE_FIELD tcf ON " .
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql, __FILE__, __LINE__);
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql);
if(Database::num_rows($special_course_result)>0) {
$special_course_list = array();
while ($result_row = Database::fetch_array($special_course_result)) {
@ -337,9 +337,9 @@ function count_courses_in_category($category) {
}
$without_special_courses = '';
if (!empty($special_course_list)) {
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
}
$sql = "SELECT * FROM $tbl_course WHERE category_code".(empty($category) ? " IS NULL" : "='".$category."'").$without_special_courses;
// Showing only the courses of the current Dokeos access_url_id.
global $_configuration;
@ -352,7 +352,7 @@ function count_courses_in_category($category) {
WHERE access_url_id = $url_access_id AND category_code".(empty($category) ? " IS NULL" : "='".$category."'").$without_special_courses;
}
}
return Database::num_rows(Database::query($sql, __FILE__, __LINE__));
return Database::num_rows(Database::query($sql));
}
/**
@ -370,7 +370,7 @@ function browse_course_categories() {
$sql = "SELECT * FROM $tbl_courses_nodes WHERE parent_id ".(empty($category) ? "IS NULL" : "='".$category."'")." GROUP BY code, parent_id ORDER BY tree_pos ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
echo "<ul>";
while ($row = Database::fetch_array($result)) {
$count_courses_in_categ = count_courses_in_category($row['code']);
@ -396,15 +396,15 @@ function browse_course_categories() {
* @return HTML code: a table with all the courses in a given category (title, code, tutor) and a subscription icon if applicable)
*/
function browse_courses_in_category() {
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
$tbl_course = Database::get_main_table(TABLE_MAIN_COURSE);
$TABLE_COURSE_FIELD = Database :: get_main_table(TABLE_MAIN_COURSE_FIELD);
$TABLE_COURSE_FIELD_VALUE = Database :: get_main_table(TABLE_MAIN_COURSE_FIELD_VALUES);
// get course list auto-register
$sql = "SELECT course_code FROM $TABLE_COURSE_FIELD_VALUE tcfv INNER JOIN $TABLE_COURSE_FIELD tcf ON " .
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql, __FILE__, __LINE__);
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql);
if(Database::num_rows($special_course_result)>0) {
$special_course_list = array();
while ($result_row = Database::fetch_array($special_course_result)) {
@ -413,9 +413,9 @@ function browse_courses_in_category() {
}
$without_special_courses = '';
if (!empty($special_course_list)) {
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
}
$category = Database::escape_string($_GET['category']);
echo "<p><strong>".get_lang('CoursesInCategory')."</strong>";
@ -435,7 +435,7 @@ function browse_courses_in_category() {
}
}
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$row['registration_code'] = !empty($row['registration_code']);
$courses[] = array('code' => $row['code'], 'directory' => $row['directory'], 'db' => $row['db_name'], 'visual_code' => $row['visual_code'], 'title' => $row['title'], 'tutor' => $row['tutor_name'], 'subscribe' => $row['subscribe'], 'unsubscribe' => $row['unsubscribe'], 'registration_code' => $registration_code);
@ -539,9 +539,9 @@ function search_courses($search_term) {
// get course list auto-register
$sql = "SELECT course_code FROM $TABLE_COURSE_FIELD_VALUE tcfv INNER JOIN $TABLE_COURSE_FIELD tcf ON " .
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql, __FILE__, __LINE__);
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql);
if(Database::num_rows($special_course_result)>0) {
$special_course_list = array();
while ($result_row = Database::fetch_array($special_course_result)) {
@ -550,9 +550,9 @@ function search_courses($search_term) {
}
$without_special_courses = '';
if (!empty($special_course_list)) {
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
}
$search_term_safe = Database::escape_string($search_term);
$sql_find = "SELECT * FROM $TABLECOURS WHERE (code LIKE '%".$search_term_safe."%' OR title LIKE '%".$search_term_safe."%' OR tutor_name LIKE '%".$search_term_safe."%') $without_special_courses ORDER BY title, visual_code ASC";
@ -566,7 +566,7 @@ function search_courses($search_term) {
WHERE access_url_id = $url_access_id AND (code LIKE '%".$search_term_safe."%' OR title LIKE '%".$search_term_safe."%' OR tutor_name LIKE '%".$search_term_safe."%' ) $without_special_courses ORDER BY title, visual_code ASC ";
}
}
$result_find = Database::query($sql_find, __FILE__, __LINE__);
$result_find = Database::query($sql_find);
while ($row = Database::fetch_array($result_find)) {
$courses[] = array('code' => $row['code'], 'directory' => $row['directory'], 'db' => $row['db_name'], 'visual_code' => $row['visual_code'], 'title' => $row['title'], 'tutor' => $row['tutor_name'], 'subscribe' => $row['subscribe'], 'unsubscribe' => $row['unsubscribe']);
}
@ -587,8 +587,8 @@ function delete_course_category($id) {
$id = intval($id);
$sql_delete = "DELETE FROM $tucc WHERE id='".$id."' and user_id='".$_user['user_id']."'";
$sql_update = "UPDATE $TABLECOURSUSER SET user_course_cat='0' WHERE user_course_cat='".$id."' AND user_id='".$_user['user_id']."'";
Database::query($sql_delete, __FILE__, __LINE__);
Database::query($sql_update, __FILE__, __LINE__);
Database::query($sql_delete);
Database::query($sql_update);
return get_lang('CourseCategoryDeleted');
}
@ -604,16 +604,16 @@ function store_course_category() {
// step 1: we determine the max value of the user defined course categories
$sql = "SELECT sort FROM $tucc WHERE user_id='".$_user['user_id']."' ORDER BY sort DESC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$maxsort = Database::fetch_array($result);
$nextsort = $maxsort['sort'] + 1;
// step 2: we check if there is already a category with this name, if not we store it, else we give an error.
$sql = "SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."' AND title='".Database::escape_string($_POST['title_course_category'])."'ORDER BY sort DESC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
if (Database::num_rows($result) == 0) {
$sql_insert = "INSERT INTO $tucc (user_id, title,sort) VALUES ('".$_user['user_id']."', '".api_htmlentities($_POST['title_course_category'], ENT_QUOTES, api_get_system_encoding())."', '".$nextsort."')";
Database::query($sql_insert, __FILE__, __LINE__);
Database::query($sql_insert);
Display::display_confirmation_message(get_lang("CourseCategoryStored"));
} else {
Display::display_error_message(get_lang('ACourseCategoryWithThisNameAlreadyExists'));
@ -638,7 +638,7 @@ function display_create_course_category_form()
echo get_lang('ExistingCourseCategories');
$tucc = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."'";
$result = Database::query($sql, __LINE__, __FILE__);
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
echo "<ul>\n";
while ($row = Database::fetch_array($result)) {
@ -669,7 +669,7 @@ function store_changecoursecategory($course_code, $newcategory) {
$max_sort_value = api_max_sort_value($newcategory, $_user['user_id']); // max_sort_value($newcategory);
$sql = "UPDATE $TABLECOURSUSER SET user_course_cat='".$newcategory."', sort='".($max_sort_value + 1)."' WHERE course_code='".$course_code."' AND user_id='".$_user['user_id']."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
return get_lang('EditCourseCategorySucces');
}
@ -710,8 +710,8 @@ function move_course($direction, $course2move, $category) {
if (count($target_course) > 0 && count($source_course) > 0) {
$sql_update1 = "UPDATE $TABLECOURSUSER SET sort='".$target_course['sort']."' WHERE course_code='".$source_course['code']."' AND user_id='".$_user['user_id']."'";
$sql_update2 = "UPDATE $TABLECOURSUSER SET sort='".$source_course['sort']."' WHERE course_code='".$target_course['code']."' AND user_id='".$_user['user_id']."'";
Database::query($sql_update2, __FILE__, __LINE__);
Database::query($sql_update1, __FILE__, __LINE__);
Database::query($sql_update2);
Database::query($sql_update1);
return get_lang('CourseSortingDone');
}
return '';
@ -749,8 +749,8 @@ function move_category($direction, $category2move) {
if (count($target_category) > 0 && count($source_category) > 0) {
$sql_update1="UPDATE $table_user_defined_category SET sort='".$target_category['sort']."' WHERE id='".$source_category['id']."' AND user_id='".$_user['user_id']."'";
$sql_update2="UPDATE $table_user_defined_category SET sort='".$source_category['sort']."' WHERE id='".$target_category['id']."' AND user_id='".$_user['user_id']."'";
Database::query($sql_update2, __FILE__, __LINE__);
Database::query($sql_update1, __FILE__, __LINE__);
Database::query($sql_update2);
Database::query($sql_update1);
return get_lang('CategorySortingDone');
}
return '';
@ -781,7 +781,7 @@ function display_courses($user_id, $show_course_icons, $user_courses) {
// Step 1: We get all the categories of the user.
$tucc = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."' ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
if ($show_course_icons) {
// The edit link is clicked.
@ -824,9 +824,9 @@ function display_courses_in_category($user_category_id, $showicons) {
// get course list auto-register
$sql = "SELECT course_code FROM $TABLE_COURSE_FIELD_VALUE tcfv INNER JOIN $TABLE_COURSE_FIELD tcf ON " .
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql, __FILE__, __LINE__);
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql);
if(Database::num_rows($special_course_result)>0) {
$special_course_list = array();
while ($result_row = Database::fetch_array($special_course_result)) {
@ -835,7 +835,7 @@ function display_courses_in_category($user_category_id, $showicons) {
}
$without_special_courses = '';
if (!empty($special_course_list)) {
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
}
$sql_select_courses = "SELECT course.code, course.visual_code, course.subscribe subscr, course.unsubscribe unsubscr,
@ -847,7 +847,7 @@ function display_courses_in_category($user_category_id, $showicons) {
AND course_rel_user.user_id = '".$_user['user_id']."'
AND course_rel_user.user_course_cat='".$user_category_id."' $without_special_courses
ORDER BY course_rel_user.user_course_cat, course_rel_user.sort ASC";
$result = Database::query($sql_select_courses,__FILE__,__LINE__);
$result = Database::query($sql_select_courses);
$number_of_courses = Database::num_rows($result);
$key = 0;
while ($course = Database::fetch_array($result)) {
@ -906,7 +906,7 @@ function get_user_course_category($id) {
global $_user, $_configuration;
$tucc = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$id = intval($id);
return Database::fetch_array(Database::query("SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."' AND id='$id'", __FILE__, __LINE__));
return Database::fetch_array(Database::query("SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."' AND id='$id'"));
}
/**
@ -1052,7 +1052,7 @@ function display_change_course_category_form($edit_course) {
$DATABASE_USER_TOOLS = $_configuration['user_personal_database'];
$tucc = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM $tucc WHERE user_id='".$_user['user_id']."'";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
$output = "<form name=\"edit_course_category\" method=\"post\" action=\"courses.php?action=".$safe['action']."\">\n";
$output .= '<input type="hidden" name="sec_token" value="'.$stok.'">';
@ -1108,9 +1108,9 @@ function get_courses_of_user($user_id) {
// get course list auto-register
$sql = "SELECT course_code FROM $TABLE_COURSE_FIELD_VALUE tcfv INNER JOIN $TABLE_COURSE_FIELD tcf ON " .
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql, __FILE__, __LINE__);
" tcfv.field_id = tcf.id WHERE tcf.field_variable = 'special_course' AND tcfv.field_value = 1 ";
$special_course_result = Database::query($sql);
if(Database::num_rows($special_course_result)>0) {
$special_course_list = array();
while ($result_row = Database::fetch_array($special_course_result)) {
@ -1119,13 +1119,13 @@ function get_courses_of_user($user_id) {
}
$without_special_courses = '';
if (!empty($special_course_list)) {
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
}
$without_special_courses = ' AND course.code NOT IN ('.implode(',',$special_course_list).')';
}
// Secondly we select the courses that are in a category (user_course_cat<>0) and sort these according to the sort of the category
$user_id = intval($user_id);
$sql_select_courses = "SELECT course.code k, course.visual_code vc, course.subscribe subscr, course.unsubscribe unsubscr,
course.title i, course.tutor_name t, course.db_name db, course.directory dir, course_rel_user.status status,
course_rel_user.sort sort, course_rel_user.user_course_cat user_course_cat
@ -1134,7 +1134,7 @@ function get_courses_of_user($user_id) {
WHERE course.code = course_rel_user.course_code
AND course_rel_user.user_id = '".$user_id."' $without_special_courses
ORDER BY course_rel_user.sort ASC";
$result = Database::query($sql_select_courses,__FILE__,__LINE__);
$result = Database::query($sql_select_courses);
while ($row = Database::fetch_array($result)) {
// we only need the database name of the course
$courses[] = array('db' => $row['db'], 'code' => $row['k'], 'visual_code' => $row['vc'], 'title' => $row['i'], 'directory' => $row['dir'], 'status' => $row['status'], 'tutor' => $row['t'], 'subscribe' => $row['subscr'], 'unsubscribe' => $row['unsubscr'], 'sort' => $row['sort'], 'user_course_category' => $row['user_course_cat']);
@ -1152,7 +1152,7 @@ function get_user_course_categories() {
global $_user;
$table_category = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM ".$table_category." WHERE user_id='".$_user['user_id']."' ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$output[] = $row['id'];
}
@ -1169,7 +1169,7 @@ function get_user_course_categories_info() {
global $_user;
$table_category = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql = "SELECT * FROM ".$table_category." WHERE user_id='".$_user['user_id']."' ORDER BY sort ASC";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
while ($row = Database::fetch_array($result)) {
$output[$row['id']] = $row;
}
@ -1213,6 +1213,6 @@ function store_edit_course_category() {
global $_user, $_configuration;
$tucc = Database::get_user_personal_table(TABLE_USER_COURSE_CATEGORY);
$sql_update = "UPDATE $tucc SET title='".api_htmlentities($_POST['title_course_category'], ENT_QUOTES, api_get_system_encoding())."' WHERE id='".(int)$_POST['edit_course_category']."'";
Database::query($sql_update, __FILE__, __LINE__);
Database::query($sql_update);
return get_lang('CourseCategoryEditStored');
}

22
main/auth/inscription.php
Unescape View File

@ -62,18 +62,18 @@ echo '</div>';
/****************/
//Header of Configure Inscription
$home= '../../home/';
if ($_configuration['multiple_access_urls']==true) {
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1){
$access_url_id = api_get_current_access_url_id();
if ($access_url_id != -1){
$url_info = api_get_access_url($access_url_id);
// "http://" and the final "/" replaced
$url = substr($url_info['url'],7,strlen($url_info['url'])-8);
// "http://" and the final "/" replaced
$url = substr($url_info['url'],7,strlen($url_info['url'])-8);
$clean_url = replace_dangerous_char($url);
$clean_url = str_replace('/','-',$clean_url);
$clean_url = $clean_url.'/';
$home_old = '../../home/';
$home_old = '../../home/';
$home= '../../home/'.$clean_url;
}
}
@ -456,14 +456,14 @@ if ($form->validate()) {
if ($store_extended) {
$sql .= implode(',', $sql_set);
$sql .= " WHERE user_id = '".Database::escape_string($user_id)."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
// if there is a default duration of a valid account then we have to change the expiration_date accordingly
if (api_get_setting('account_valid_duration') != '') {
$sql = "UPDATE ".Database::get_main_table(TABLE_MAIN_USER)."
SET expiration_date='registration_date+1' WHERE user_id='".$user_id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
}
// if the account has to be approved then we set the account to inactive, sent a mail to the platform admin and exit the page.
@ -471,14 +471,14 @@ if ($form->validate()) {
$TABLE_USER = Database::get_main_table(TABLE_MAIN_USER);
// 1. set account inactive
$sql = "UPDATE ".$TABLE_USER." SET active='0' WHERE user_id='".$user_id."'";
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
$sql_get_id_admin = "SELECT * FROM ".Database::get_main_table(TABLE_MAIN_ADMIN);
$result = Database::query($sql_get_id_admin, __FILE__, __LINE__);
$result = Database::query($sql_get_id_admin);
while ($row = Database::fetch_array($result)) {
$sql_admin_list = "SELECT * FROM ".$TABLE_USER." WHERE user_id='".$row['user_id']."'";
$result_list = Database::query($sql_admin_list, __FILE__, __LINE__);
$result_list = Database::query($sql_admin_list);
$admin_list = Database::fetch_array($result_list);
$emailto = $admin_list['email'];

14
main/auth/ldap/authldap.php
Unescape View File

@ -665,7 +665,7 @@ function ldap_add_user_to_session($UserList, $id_session)
$id_session = (int) $id_session;
// Une fois les utilisateurs importer dans la base des utilisateurs, on peux les affecter a<EFBFBD> la session
$result=Database::query("SELECT course_code FROM $tbl_session_rel_course " .
"WHERE id_session='$id_session'",__FILE__,__LINE__);
"WHERE id_session='$id_session'");
$CourseList=array();
while($row=Database::fetch_array($result))
{
@ -676,25 +676,25 @@ function ldap_add_user_to_session($UserList, $id_session)
foreach($UserList as $enreg_user)
{
$enreg_user = (int) $enreg_user;
Database::query("INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')",__FILE__,__LINE__);
Database::query("INSERT IGNORE INTO $tbl_session_rel_course_rel_user(id_session,course_code,id_user) VALUES('$id_session','$enreg_course','$enreg_user')");
}
$sql = "SELECT COUNT(id_user) as nbUsers FROM $tbl_session_rel_course_rel_user " .
"WHERE id_session='$id_session' AND course_code='$enreg_course'";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
list($nbr_users) = Database::fetch_array($rs);
Database::query("UPDATE $tbl_session_rel_course SET nbr_users=$nbr_users " .
"WHERE id_session='$id_session' AND course_code='$enreg_course'",__FILE__,__LINE__);
"WHERE id_session='$id_session' AND course_code='$enreg_course'");
}
foreach($UserList as $enreg_user)
{
$enreg_user = (int) $enreg_user;
Database::query("INSERT IGNORE INTO $tbl_session_rel_user(id_session, id_user) " .
"VALUES('$id_session','$enreg_user')",__FILE__,__LINE__);
"VALUES('$id_session','$enreg_user')");
}
// On mets a jour le nombre d'utilisateurs dans la session
$sql = "SELECT COUNT(id_user) as nbUsers FROM $tbl_session_rel_user WHERE id_session='$id_session'";
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
list($nbr_users) = Database::fetch_array($rs);
Database::query("UPDATE $tbl_session SET nbr_users=$nbr_users WHERE id='$id_session'",__FILE__,__LINE__);
Database::query("UPDATE $tbl_session SET nbr_users=$nbr_users WHERE id='$id_session'");
}
?>

2
main/auth/lostPassword.php
Unescape View File

@ -74,7 +74,7 @@ if (isset ($_GET['reset']) && isset ($_GET['id'])) {
FROM ".$tbl_user."
WHERE ( username = '".Database::escape_string($user)."' $condition ) ";
$result = Database::query($query, __FILE__, __LINE__);
$result = Database::query($query);
$num_rows = Database::num_rows($result);
if ($result && $num_rows > 0) {

4
main/auth/lost_password.lib.php
Unescape View File

@ -188,7 +188,7 @@ function reset_password($secret, $id, $by_username = false) {
$tbl_user = Database::get_main_table(TABLE_MAIN_USER);
$id = intval($id);
$sql = "SELECT user_id AS uid, lastname AS lastName, firstname AS firstName, username AS loginName, password, email FROM ".$tbl_user." WHERE user_id=$id";
$result = Database::query($sql,__FILE__,__LINE__);
$result = Database::query($sql);
$num_rows = Database::num_rows($result);
if ($result && $num_rows > 0) {
@ -202,7 +202,7 @@ function reset_password($secret, $id, $by_username = false) {
$crypted = $user['password'];
$crypted = api_get_encrypted_password($crypted);
$sql = "UPDATE ".$tbl_user." SET password='$crypted' WHERE user_id=$id";
$result = Database::query($sql, __FILE__, __LINE__);
$result = Database::query($sql);
return send_password_to_user($user, $by_username);
} else {
return 'Not allowed.'; // TODO: This message has to be translated.

34
main/auth/my_progress.php
Unescape View File

@ -35,7 +35,7 @@ $tbl_course_quiz = Database :: get_course_table(TABLE_QUIZ_TEST);
// get course list
$sql = 'SELECT course_code FROM '.$tbl_course_user.' WHERE user_id='.intval($_user['user_id']);
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$courses = array();
while($row = Database :: fetch_array($rs)) {
$courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']);
@ -43,7 +43,7 @@ while($row = Database :: fetch_array($rs)) {
// get the list of sessions where the user is subscribed as student
$sql = 'SELECT DISTINCT course_code FROM '.Database :: get_main_table(TABLE_MAIN_SESSION_COURSE_USER).' WHERE id_user='.intval($_user['user_id']);
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
while($row = Database :: fetch_array($rs)) {
$courses[$row['course_code']] = CourseManager::get_course_information($row['course_code']);
}
@ -104,13 +104,13 @@ foreach ($courses as $enreg) {
</td>
<td align='center'>
<?php
if ($enreg['code'] == $_GET['course']) {
if ($enreg['code'] == $_GET['course']) {
echo '<a href="#">';
Display::display_icon('2rightarrow_na.gif', get_lang('Details'));
} else {
echo '<a href="'.api_get_self().'?course='.$enreg['code'].'">';
Display::display_icon('2rightarrow.gif', get_lang('Details'));
}
}
echo '</a>';
?>
</td>
@ -145,7 +145,7 @@ foreach ($courses as $enreg) {
WHERE session_course_user.id_user = '.intval($_user['user_id']).'
AND session_course_user.course_code = "'.Database::escape_string($course).'"
ORDER BY id_session DESC';
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$row = Database::fetch_array($rs);
if (!empty($row[0])) {
@ -157,14 +157,14 @@ foreach ($courses as $enreg) {
// get session name and coach of the session
$sql = 'SELECT name, id_coach FROM '.$tbl_session.'
WHERE id='.$session_id;
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$session_name = Database::result($rs, 0, 'name');
$session_coach_id = intval(Database::result($rs, 0, 'id_coach'));
$sql = 'SELECT id_user FROM ' . $tbl_session_course_user . '
WHERE id_session=' . $session_id . '
AND course_code = "' . Database :: escape_string($course) . '" AND status=2';
$rs = Database::query($sql, __FILE__, __LINE__);
AND course_code = "' . Database :: escape_string($course) . '" AND status=2';
$rs = Database::query($sql);
$course_coachs = array();
while ($row_coachs = Database::fetch_array($rs)) {
$course_coachs[] = $row_coachs['id_user'];
@ -174,9 +174,9 @@ foreach ($courses as $enreg) {
$info_tutor_name = array();
foreach ($course_coachs as $course_coach) {
$coach_infos = UserManager :: get_user_info_by_id($course_coach);
$info_tutor_name[] = api_get_person_name($coach_infos['firstname'], $coach_infos['lastname']);
$info_tutor_name[] = api_get_person_name($coach_infos['firstname'], $coach_infos['lastname']);
}
$course_info['tutor_name'] = implode(",",$info_tutor_name);
$course_info['tutor_name'] = implode(",",$info_tutor_name);
} else if($session_coach_id != 0) {
$coach_info = UserManager :: get_user_info_by_id($session_coach_id);
$course_info['tutor_name'] = api_get_person_name($coach_info['firstname'], $coach_info['lastname']);
@ -201,7 +201,7 @@ foreach ($courses as $enreg) {
</tr>
<?php
$sql_learnpath = "SELECT lp.name,lp.id FROM ".$course_info['db_name'].".".$tbl_course_lp." AS lp";
$result_learnpath = Database::query($sql_learnpath, __FILE__, __LINE__);
$result_learnpath = Database::query($sql_learnpath);
if (Database::num_rows($result_learnpath) > 0) {
while($learnpath = Database::fetch_array($result_learnpath)) {
$progress = learnpath :: get_db_progress($learnpath['id'], $_user['user_id'], '%', $course_info['db_name']);
@ -213,7 +213,7 @@ foreach ($courses as $enreg) {
ON item_view.lp_view_id = view.id
AND view.lp_id = '.$learnpath['id'].'
AND view.user_id = '.$_user['user_id'];
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$start_time = Database::result($rs, 0, 0);
// calculates time
@ -223,7 +223,7 @@ foreach ($courses as $enreg) {
ON item_view.lp_view_id = view.id
AND view.lp_id = '.$learnpath['id'].'
AND view.user_id = '.$_user['user_id'];
$rs = Database::query($sql, __FILE__, __LINE__);
$rs = Database::query($sql);
$total_time = Database::result($rs, 0, 0);
@ -272,14 +272,14 @@ foreach ($courses as $enreg) {
<?php
$sql = 'SELECT visibility FROM '.$course_info['db_name'].'.'.TABLE_TOOL_LIST.' WHERE name="quiz"';
$result_visibility_tests = Database::query($sql, __FILE__, __LINE__);
$result_visibility_tests = Database::query($sql);
if (Database::result($result_visibility_tests, 0, 'visibility') == 1) {
$sql_exercices = " SELECT quiz.title,id, results_disabled
FROM ".$course_info['db_name'].".".$tbl_course_quiz." AS quiz
WHERE active='1'";
$result_exercices = Database::query($sql_exercices, __FILE__, __LINE__);
$result_exercices = Database::query($sql_exercices);
if (Database::num_rows($result_exercices) > 0) {
while ($exercices = Database::fetch_array($result_exercices)) {
$sql_essais = " SELECT COUNT(ex.exe_id) as essais
@ -289,7 +289,7 @@ foreach ($courses as $enreg) {
AND orig_lp_id = 0
AND orig_lp_item_id = 0 "
;
$result_essais = Database::query($sql_essais , __FILE__, __LINE__);
$result_essais = Database::query($sql_essais);
$essais = Database::fetch_array($result_essais);
$sql_score = "SELECT exe_id , exe_result,exe_weighting
@ -301,7 +301,7 @@ foreach ($courses as $enreg) {
AND orig_lp_item_id = 0
ORDER BY exe_date DESC LIMIT 1";
$result_score = Database::query($sql_score, __FILE__, __LINE__);
$result_score = Database::query($sql_score);
$score = 0;
while($current_score = Database::fetch_array($result_score)) {
$score = $score + $current_score['exe_result'];

7
main/auth/profile.php
Unescape View File

@ -523,7 +523,7 @@ function check_user_password($password){
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$password = api_get_encrypted_password($password);
$sql_password = "SELECT * FROM $table_user WHERE user_id='".$user_id."' AND password='".$password."'";
$result = Database::query($sql_password, __FILE__, __LINE__);
$result = Database::query($sql_password);
return Database::num_rows($result) != 0;
}
/**
@ -538,7 +538,7 @@ function check_user_email($email){
if ($user_id != strval(intval($user_id)) || empty($email)) { return false; }
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$sql_password = "SELECT * FROM $table_user WHERE user_id='".$user_id."' AND email='".$email."'";
$result = Database::query($sql_password, __FILE__, __LINE__);
$result = Database::query($sql_password);
return Database::num_rows($result) != 0;
}
/*
@ -688,8 +688,7 @@ elseif (isset($_POST['remove_production'])) {
$sql = rtrim($sql, ',');
}
$sql .= " WHERE user_id = '".$_user['user_id']."'";
//var_dump($sql); exit();
Database::query($sql, __FILE__, __LINE__);
Database::query($sql);
// User tag process
//1. Deleting all user tags

Write Preview
Loading…
Cancel
Save