chamilo-lms/main/social/select_options.php

<?php
$language_file = array('registration','messages','userInfo','admin');
$cidReset = true;
require '../inc/global.inc.php';
$track_online_table = Database::get_statistic_table(TABLE_STATISTIC_TRACK_E_ONLINE);
$tbl_my_user = Database :: get_main_table(TABLE_MAIN_USER);
$tbl_my_user_friend = Database :: get_main_table(TABLE_MAIN_USER_FRIEND);
$search=Security::remove_XSS($_POST['search']);
$current_date=date('Y-m-d H:i:s',time()); 
$html_form='<select id="id_search_name" name="id_search_name" size="8"" style="width:350px;">';
$user_id = api_get_user_id();
if (api_get_setting('allow_social_tool')=='true' && api_get_setting('allow_message_tool')=='true') {
	$sql = 'SELECT  u.user_id as id,concat(u.firstname," ",u.lastname," ","( ",u.email," )") as name 
	FROM '.$tbl_my_user_friend.' uf ' .
 	'INNER JOIN '.$tbl_my_user.' AS u  ON uf.friend_user_id = u.user_id ' .
 	'WHERE relation_type<>6 AND friend_user_id<>'.(int)$user_id.' AND uf.user_id<>'.(int)$user_id.
 	' AND concat(u.firstName,u.lastName) like CONCAT("%","'.$search.'","%") ';
} elseif (api_get_setting('allow_social_tool')=='false' && api_get_setting('allow_message_tool')=='true') {
	$valid=api_get_setting('time_limit_whosonline');
	$sql='SELECT DISTINCT u.user_id as id,concat(u.firstname," ",u.lastname," ","( ",u.email," )") as name
	 FROM '.$tbl_my_user.' u INNER JOIN '.$track_online_table.' t ON u.user_id=t.login_user_id 
	 WHERE DATE_ADD(login_date,INTERVAL "'.$valid.'" MINUTE) >= "'.$current_date.'" AND concat(u.firstName,u.lastName) like CONCAT("%","'.$search.'","%") '; 	
}

$res=Database::query($sql,__FILE__,__LINE__);
while ($row=Database::fetch_array($res,'ASSOC')) {
	$html_form.='<option value="'.$row['id'].'">'.api_xml_http_response_encode($row['name']).'</option>';	
}
$html_form.='</select>';
echo $html_form;
?>