MessageManager

Complexity

Total Complexity

248

Size/Duplication

Total Lines	2285
Duplicated Lines	0 %

Importance

Changes

0

42 Methods

Rating	Name	Duplication	Size	Complexity
B	getCountNewMessages()	0	24	5
A	get_message_by_user()	0	11	3
B	delete_message_attachment_file()	0	37	5
B	sendMessageAboutUser()	0	33	6
C	get_messages_by_parent()	0	34	7
F	send_message()	0	215	29
B	delete_message_by_user_sender()	0	27	3
B	send_message_simple()	0	58	7
A	get_messages_by_group()	0	21	4
D	get_message_data()	0	110	11
C	saveMessageAttachmentFile()	0	67	9
B	get_messages_by_group_by_message()	0	26	6
A	update_message()	0	15	3
A	update_message_status()	0	13	3
B	update_parent_ids_from_reply()	0	30	1
B	getNumberOfMessages()	0	26	3
A	getMessagesAboutUser()	0	14	2
B	delete_message_by_user_receiver()	0	26	3
A	getCountNewMessagesFromDB()	0	15	2
A	generate_message_form()	0	16	1
A	calculate_children()	0	13	2
A	generate_invitation_form()	0	9	1
A	getSearchForm()	0	22	1
B	get_links_message_attachment_files()	0	27	5
C	failedSentMailErrors()	0	57	11
B	hasAttachments()	0	30	4
A	get_message_by_id()	0	14	2
B	getAllMessagesBetweenStudents()	0	25	4
D	display_messages_for_group()	0	121	14
C	get_message_data_sent()	0	82	8
F	showMessageBox()	0	142	18
B	countMessagesFromLastReceivedMessage()	0	28	3
D	inbox_display()	0	94	13
D	display_message_for_group()	0	245	23
B	sendNotificationByRegisteredUser()	0	37	2
B	getUsersThatHadConversationWithUser()	0	25	4
B	getMessagesFromLastReceivedMessage()	0	32	4
A	get_user_id_by_email()	0	11	2
A	getNumberOfMessagesSent()	0	21	2
B	outbox_display()	0	50	6
A	order_desc_date()	0	3	1
B	message_recursive_sort()	0	15	5

<?php
/* For licensing terms, see /license.txt */

use ChamiloSession as Session;
use Chamilo\UserBundle\Entity\User;

This use statement conflicts with another class in this namespace, User. Consider defining an alias.

/**
 * Class MessageManager
 *
 * This class provides methods for messages management.
 * Include/require it in your code to use its features.
 *
 * @package chamilo.library
 */
class MessageManager
{
    /**
     * Get count new messages for the current user from the database.
     * @return int
     */
    public static function getCountNewMessages()
    {
        $userId = api_get_user_id();
        if (empty($userId)) {
            return false;

The expression return false returns the type false which is incompatible with the documented return type integer.

        }

        static $count;
        if (!isset($count)) {
            $cacheAvailable = api_get_configuration_value('apc');
            if ($cacheAvailable === true) {
                $var = api_get_configuration_value('apc_prefix').'social_messages_unread_u_'.$userId;

Are you sure api_get_configuration_value('apc_prefix') of type mixed|false can be used in concatenation?

                if (apcu_exists($var)) {
                    $count = apcu_fetch($var);
                } else {
                    $count = self::getCountNewMessagesFromDB($userId);
                    apcu_store($var, $count, 60);
                }
            } else {
                $count = self::getCountNewMessagesFromDB($userId);
            }
        }

        return $count;
    }

    /**
     * Execute the SQL necessary to know the number of messages in the database
     * @param   int $userId The user for which we need the unread messages count
     * @return  int The number of unread messages in the database for the given user
     */
    private static function getCountNewMessagesFromDB($userId)
    {
        if (empty($userId)) {
            return 0;
        }
        $table = Database::get_main_table(TABLE_MESSAGE);
        $sql = "SELECT COUNT(id) as count 
                FROM $table
                WHERE
                    user_receiver_id=".api_get_user_id()." AND
                    msg_status = ".MESSAGE_STATUS_UNREAD;
        $result = Database::query($sql);
        $row = Database::fetch_assoc($result);

        return $row['count'];
    }

    /**
     * Gets the total number of messages, used for the inbox sortable table
     * @param bool $unread
     * @return int
     */
    public static function getNumberOfMessages($unread = false)
    {
        $table = Database::get_main_table(TABLE_MESSAGE);
        if ($unread) {
            $condition_msg_status = ' msg_status = '.MESSAGE_STATUS_UNREAD.' ';
        } else {
            $condition_msg_status = ' msg_status IN('.MESSAGE_STATUS_NEW.','.MESSAGE_STATUS_UNREAD.') ';
        }

        $keyword = Session::read('message_search_keyword');
        $keywordCondition = '';
        if (!empty($keyword)) {
            $keyword = Database::escape_string($keyword);
            $keywordCondition = " AND (title like '%$keyword%' OR content LIKE '%$keyword%') ";
        }

        $sql = "SELECT COUNT(id) as number_messages
                FROM $table
                WHERE $condition_msg_status AND
                    user_receiver_id=".api_get_user_id()."
                    $keywordCondition
                ";
        $result = Database::query($sql);
        $result = Database::fetch_array($result);

        return $result['number_messages'];
    }

    /**
     * Gets information about some messages, used for the inbox sortable table
     * @param int $from
     * @param int $number_of_items
     * @param string $column
     * @param string $direction
     * @return array
     */
    public static function get_message_data(
        $from,
        $number_of_items,
        $column,
        $direction,
        $userId = 0
    ) {
        $from = (int)$from;
        $number_of_items = (int)$number_of_items;
        $userId = empty($userId) ? api_get_user_id() : (int)$userId;

        //forcing this order
        if (!isset($direction)) {
            $column = 2;
            $direction = 'DESC';
        } else {
            $column = intval($column);
            if (!in_array($direction, ['ASC', 'DESC'])) {
                $direction = 'ASC';
            }
        }

        if (!in_array($column, [0, 1, 2])) {
            $column = 2;
        }

        $keyword = Session::read('message_search_keyword');
        $keywordCondition = '';
        if (!empty($keyword)) {
            $keyword = Database::escape_string($keyword);
            $keywordCondition = " AND (title like '%$keyword%' OR content LIKE '%$keyword%') ";
        }

        $table = Database::get_main_table(TABLE_MESSAGE);
        $sql = "SELECT 
                    id as col0, 
                    title as col1, 
                    send_date as col2, 
                    msg_status as col3,
                    user_sender_id
                FROM $table
                WHERE
                    user_receiver_id=".$userId." AND
                    msg_status IN (".MESSAGE_STATUS_NEW.", ".MESSAGE_STATUS_UNREAD.")
                    $keywordCondition
                ORDER BY col$column $direction
                LIMIT $from, $number_of_items";

        $result = Database::query($sql);
        $message_list = [];
        $newMessageLink = api_get_path(WEB_CODE_PATH).'messages/new_message.php';
        while ($row = Database::fetch_array($result, 'ASSOC')) {
            $messageId = $row['col0'];
            $title = $row['col1'];
            $sendDate = $row['col2'];
            $status = $row['col3'];
            $senderId = $row['user_sender_id'];

            $title = Security::remove_XSS($title, STUDENT, true);
            $title = cut($title, 80, true);

            if ($status == 1) {
                $class = 'class = "unread"';
            } else {
                $class = 'class = "read"';
            }

            $userInfo = api_get_user_info($senderId);
            if (!empty($senderId) && !empty($userInfo)) {
                $message[1] = '<a '.$class.' href="view_message.php?id='.$messageId.'">'.$title.'</a><br />';
                $message[1] .= $userInfo['complete_name_with_username'];
                $message[3] =
                    Display::url(
                        Display::returnFontAwesomeIcon('reply', 2),
                        $newMessageLink.'?re_id='.$messageId,
                        ['title' => get_lang('ReplyToMessage')]
                    );
            } else {
                $message[1] = '<a '.$class.' href="view_message.php?id='.$messageId.'">'.$title.'</a><br />';
                $message[1] .= get_lang('UnknownUser');
                $message[3] =
                    Display::url(
                        Display::returnFontAwesomeIcon('reply', 2),
                        '#',
                        ['title' => get_lang('ReplyToMessage')]
                    );
            }

            $message[0] = $messageId;
            $message[2] = api_convert_and_format_date($sendDate, DATE_TIME_FORMAT_LONG);
            $message[3] .=
                '&nbsp;&nbsp;'.
                Display::url(
                    Display::returnFontAwesomeIcon('share', 2),
                    $newMessageLink.'?forward_id='.$messageId,
                    ['title' => get_lang('ForwardMessage')]
                ).
                '&nbsp;&nbsp;<a title="'.addslashes(
                    get_lang('DeleteMessage')
                ).'" onclick="javascript:if(!confirm('."'".addslashes(
                    api_htmlentities(get_lang('ConfirmDeleteMessage'))
                )."'".')) return false;" href="inbox.php?action=deleteone&id='.$messageId.'">'.
                Display::returnFontAwesomeIcon('trash', 2).'</a>';
            foreach ($message as $key => $value) {
                $message[$key] = api_xml_http_response_encode($value);
            }
            $message_list[] = $message;
        }

        return $message_list;
    }

    /**
     * @param array $aboutUserInfo
     * @param array $fromUserInfo
     * @param string $subject
     * @param string $content
     * @return bool
     */
    public static function sendMessageAboutUser(
        $aboutUserInfo,
        $fromUserInfo,
        $subject,
        $content
    ) {
        if (empty($aboutUserInfo) || empty($fromUserInfo)) {
            return false;
        }

        if (empty($fromUserInfo['id']) || empty($aboutUserInfo['id'])) {
            return false;
        }

        $table = Database::get_main_table(TABLE_MESSAGE);
        $now = api_get_utc_datetime();
        $params = [
            'user_sender_id' => $fromUserInfo['id'],
            'user_receiver_id' => $aboutUserInfo['id'],
            'msg_status' => MESSAGE_STATUS_CONVERSATION,
            'send_date' => $now,
            'title' => $subject,
            'content' => $content,
            'group_id' => 0,
            'parent_id' => 0,
            'update_date' => $now
        ];
        $id = Database::insert($table, $params);
        if ($id) {

The expression $id of type integer|false is loosely compared to true; this is ambiguous if the integer can be 0. You might want to explicitly use !== false instead.

            return true;
        }

        return false;
    }

    /**
     * @param array $aboutUserInfo
     * @return array
     */
    public static function getMessagesAboutUser($aboutUserInfo)
    {
        if (!empty($aboutUserInfo)) {
            $criteria = [
                'userReceiverId' => $aboutUserInfo['id'],
                'msgStatus' => MESSAGE_STATUS_CONVERSATION
            ];
            $repo = Database::getManager()->getRepository('ChamiloCoreBundle:Message');
            $messages = $repo->findBy($criteria, ['sendDate' => 'DESC']);

            return $messages;
        }

        return [];
    }

    /**
     * Sends a message to a user/group
     *
     * @param int $receiver_user_id
     * @param string $subject
     * @param string $content
     * @param array $file_attachments files array($_FILES) (optional)
     * @param array $file_comments about attachment files (optional)
     * @param int $group_id (optional)
     * @param int $parent_id (optional)
     * @param int $editMessageId id for updating the message (optional)
     * @param int $topic_id (optional) the default value is the current user_id
     * @param int $sender_id
     * @param bool $directMessage
     * @param int $forwardId
     * @param array $smsParameters
     *
     * @return bool
     */
    public static function send_message(
        $receiver_user_id,
        $subject,
        $content,
        array $file_attachments = [],
        array $file_comments = [],
        $group_id = 0,
        $parent_id = 0,
        $editMessageId = 0,
        $topic_id = 0,
        $sender_id = 0,
        $directMessage = false,
        $forwardId = 0,

The parameter $forwardId is not used and could be removed.

        $smsParameters = []
    ) {
        $table = Database::get_main_table(TABLE_MESSAGE);
        $group_id = (int) $group_id;
        $receiver_user_id = (int) $receiver_user_id;
        $parent_id = (int) $parent_id;
        $editMessageId = (int) $editMessageId;
        $topic_id = (int) $topic_id;

        if (!empty($receiver_user_id)) {
            $receiverUserInfo = api_get_user_info($receiver_user_id);

            // Disabling messages for inactive users.
            if ($receiverUserInfo['active'] == 0) {
                return false;
            }
        }

        $user_sender_id = empty($sender_id) ? api_get_user_id() : (int) $sender_id;
        if (empty($user_sender_id)) {
            Display::addFlash(Display::return_message(get_lang('UserDoesNotExist'), 'warning'));
            return false;
        }

        $totalFileSize = 0;
        if (is_array($file_attachments)) {
            foreach ($file_attachments as $file_attach) {
                $fileSize = isset($file_attach['size']) ? $file_attach['size'] : 0;
                if (is_array($fileSize)) {
                    foreach ($fileSize as $size) {
                        $totalFileSize += $size;
                    }
                } else {
                    $totalFileSize += $fileSize;
                }
            }
        }

        // Validating fields
        if (empty($subject) && empty($group_id)) {
            Display::addFlash(
                Display::return_message(
                    get_lang('YouShouldWriteASubject'),
                    'warning'
                )
            );
            return false;
        } elseif ($totalFileSize > intval(api_get_setting('message_max_upload_filesize'))) {
            $warning = sprintf(
                get_lang("FilesSizeExceedsX"),
                format_file_size(api_get_setting('message_max_upload_filesize'))
            );

            Display::addFlash(Display::return_message($warning, 'warning'));

            return false;
        }

        // Just in case we replace the and \n and \n\r while saving in the DB
        // $content = str_replace(array("\n", "\n\r"), '<br />', $content);
        $now = api_get_utc_datetime();
        if (!empty($receiver_user_id) || !empty($group_id)) {
            // message for user friend
            //@todo it's possible to edit a message? yes, only for groups
            if (!empty($editMessageId)) {
                $query = " UPDATE $table SET
                                update_date = '".$now."',
                                content = '".Database::escape_string($content)."'
                           WHERE id = '$editMessageId' ";
                Database::query($query);
                $messageId = $editMessageId;
            } else {
                $params = [
                    'user_sender_id' => $user_sender_id,
                    'user_receiver_id' => $receiver_user_id,
                    'msg_status' => MESSAGE_STATUS_UNREAD,
                    'send_date' => $now,
                    'title' => $subject,
                    'content' => $content,
                    'group_id' => $group_id,
                    'parent_id' => $parent_id,
                    'update_date' => $now
                ];
                $messageId = Database::insert($table, $params);
            }

            // Save attachment file for inbox messages
            if (is_array($file_attachments)) {
                $i = 0;
                foreach ($file_attachments as $file_attach) {
                    if ($file_attach['error'] == 0) {
                        self::saveMessageAttachmentFile(
                            $file_attach,
                            isset($file_comments[$i]) ? $file_comments[$i] : null,
                            $messageId,
                            null,
                            $receiver_user_id,
                            $group_id
                        );
                    }
                    $i++;
                }
            }

            if (empty($group_id)) {
                // message in outbox for user friend or group
                $params = [
                    'user_sender_id' => $user_sender_id,
                    'user_receiver_id' => $receiver_user_id,
                    'msg_status' => MESSAGE_STATUS_OUTBOX,
                    'send_date' => $now,
                    'title' => $subject,
                    'content' => $content,
                    'group_id' => $group_id,
                    'parent_id' => $parent_id,
                    'update_date' => $now
                ];
                $outbox_last_id = Database::insert($table, $params);

                // save attachment file for outbox messages
                if (is_array($file_attachments)) {
                    $o = 0;
                    foreach ($file_attachments as $file_attach) {
                        if ($file_attach['error'] == 0) {
                            $comment = isset($file_comments[$o]) ? $file_comments[$o] : '';
                            self::saveMessageAttachmentFile(
                                $file_attach,
                                $comment,
                                $outbox_last_id,
                                $user_sender_id
                            );
                        }
                        $o++;
                    }
                }
            }

            // Load user settings.
            $notification = new Notification();
            $sender_info = api_get_user_info($user_sender_id);

            // add file attachment additional attributes
            foreach ($file_attachments as $index => $file_attach) {
                $file_attachments[$index]['path'] = $file_attach['tmp_name'];
                $file_attachments[$index]['filename'] = $file_attach['name'];
            }

            if (empty($group_id)) {
                $type = Notification::NOTIFICATION_TYPE_MESSAGE;
                if ($directMessage) {
                    $type = Notification::NOTIFICATION_TYPE_DIRECT_MESSAGE;
                }
                $notification->saveNotification(
                    $messageId,

It seems like $messageId can also be of type false; however, parameter $messageId of Notification::saveNotification() does only seem to accept integer, maybe add an additional type check?

                    $type,
                    [$receiver_user_id],
                    $subject,
                    $content,
                    $sender_info,
                    $file_attachments,
                    $smsParameters
                );
            } else {
                $usergroup = new UserGroup();
                $group_info = $usergroup->get($group_id);
                $group_info['topic_id'] = $topic_id;
                $group_info['msg_id'] = $messageId;

                $user_list = $usergroup->get_users_by_group(
                    $group_id,
                    false,
                    [],
                    0,
                    1000
                );

                // Adding more sense to the message group
                $subject = sprintf(get_lang('ThereIsANewMessageInTheGroupX'), $group_info['name']);
                $new_user_list = [];
                foreach ($user_list as $user_data) {
                    $new_user_list[] = $user_data['id'];
                }
                $group_info = [
                    'group_info' => $group_info,
                    'user_info' => $sender_info,
                ];
                $notification->saveNotification(
                    $messageId,
                    Notification::NOTIFICATION_TYPE_GROUP,
                    $new_user_list,
                    $subject,
                    $content,
                    $group_info,
                    $file_attachments,
                    $smsParameters
                );
            }

            return $messageId;

The expression return $messageId also could return the type integer which is incompatible with the documented return type boolean.

        }

        return false;
    }

    /**
     * @param int $receiver_user_id
     * @param int $subject
     * @param string $message
     * @param int $sender_id
     * @param bool $sendCopyToDrhUsers send copy to related DRH users
     * @param bool $directMessage
     * @param array $smsParameters
     * @param bool $uploadFiles Do not upload files using the MessageManager class
     * @param bool $attachmentList
     *
     * @return bool
     */
    public static function send_message_simple(
        $receiver_user_id,
        $subject,
        $message,
        $sender_id = 0,
        $sendCopyToDrhUsers = false,
        $directMessage = false,
        $smsParameters = [],
        $uploadFiles = true,
        $attachmentList = []
    ) {
        $files = $_FILES ? $_FILES : [];
        if ($uploadFiles === false) {
            $files = [];
        }
        // $attachmentList must have: tmp_name, name, size keys
        if (!empty($attachmentList)) {
            $files = $attachmentList;
        }
        $result = self::send_message(
            $receiver_user_id,
            $subject,
            $message,
            $files,
            [],
            null,
            null,
            null,
            null,
            $sender_id,
            $directMessage,
            0,
            $smsParameters
        );

        if ($sendCopyToDrhUsers) {
            $userInfo = api_get_user_info($receiver_user_id);
            $drhList = UserManager::getDrhListFromUser($receiver_user_id);
            if (!empty($drhList)) {
                foreach ($drhList as $drhInfo) {
                    $message = sprintf(
                        get_lang('CopyOfMessageSentToXUser'),
                        $userInfo['complete_name']
                    ).' <br />'.$message;

                    self::send_message_simple(
                        $drhInfo['user_id'],
                        $subject,
                        $message,
                        $sender_id,
                        false,
                        $directMessage
                    );
                }
            }
        }

        return $result;
    }

    /**
     * Update parent ids for other receiver user from current message in groups
     * @author Christian Fasanando Flores
     * @param  int $parent_id
     * @param  int $receiver_user_id
     * @param  int $messageId
     * @return void
     */
    public static function update_parent_ids_from_reply(
        $parent_id,
        $receiver_user_id,
        $messageId
    ) {
        $table = Database::get_main_table(TABLE_MESSAGE);
        $parent_id = intval($parent_id);
        $receiver_user_id = intval($receiver_user_id);
        $messageId = intval($messageId);

        // first get data from message id (parent)
        $sql = "SELECT * FROM $table WHERE id = '$parent_id'";
        $rs_message = Database::query($sql);
        $row_message = Database::fetch_array($rs_message);

        // get message id from data found early for other receiver user
        $sql = "SELECT id FROM $table
                WHERE
                    user_sender_id ='{$row_message['user_sender_id']}' AND
                    title='{$row_message['title']}' AND
                    content='{$row_message['content']}' AND
                    group_id='{$row_message['group_id']}' AND
                    user_receiver_id='$receiver_user_id'";
        $result = Database::query($sql);
        $row = Database::fetch_array($result);

        // update parent_id for other user receiver
        $sql = "UPDATE $table SET parent_id = ".$row['id']."
                WHERE id = $messageId";
        Database::query($sql);
    }

    /**
     * @param int $user_receiver_id
     * @param int $id
     * @return bool
     */
    public static function delete_message_by_user_receiver($user_receiver_id, $id)
    {
        $table = Database::get_main_table(TABLE_MESSAGE);
        if ($id != strval(intval($id))) {
            return false;
        }
        $user_receiver_id = intval($user_receiver_id);
        $id = intval($id);
        $sql = "SELECT * FROM $table
                WHERE id = ".$id." AND msg_status <>".MESSAGE_STATUS_OUTBOX;
        $rs = Database::query($sql);

        if (Database::num_rows($rs) > 0) {
            // delete attachment file
            self::delete_message_attachment_file($id, $user_receiver_id);
            // delete message
            $query = "UPDATE $table 
                      SET msg_status = ".MESSAGE_STATUS_DELETED."
                      WHERE 
                        user_receiver_id=".$user_receiver_id." AND 
                        id = ".$id;
            Database::query($query);

            return true;
        } else {
            return false;
        }
    }

    /**
     * Set status deleted
     * @author Isaac FLores Paz <isaac.flores@dokeos.com>
     * @param  int
     * @param  int
     * @return bool
     */
    public static function delete_message_by_user_sender($user_sender_id, $id)
    {
        if ($id != strval(intval($id))) {
            return false;
        }

        $table = Database::get_main_table(TABLE_MESSAGE);

        $id = intval($id);
        $user_sender_id = intval($user_sender_id);

        $sql = "SELECT * FROM $table WHERE id='$id'";
        $rs = Database::query($sql);

        if (Database::num_rows($rs) > 0) {
            // delete attachment file
            self::delete_message_attachment_file($id, $user_sender_id);
            // delete message
            $sql = "UPDATE $table 
                    SET msg_status = ".MESSAGE_STATUS_DELETED."
                    WHERE user_sender_id='$user_sender_id' AND id='$id'";
            Database::query($sql);

            return true;
        }

        return false;
    }

    /**
     * Saves a message attachment files
     * @param  array $file_attach $_FILES['name']
     * @param  string    a comment about the uploaded file
     * @param  int        message id
     * @param  int        receiver user id (optional)
     * @param  int        sender user id (optional)
     * @param  int        group id (optional)
     */
    public static function saveMessageAttachmentFile(
        $file_attach,
        $file_comment,
        $message_id,
        $receiver_user_id = 0,
        $sender_user_id = 0,
        $group_id = 0
    ) {
        $tbl_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);

        // Try to add an extension to the file if it hasn't one
        $type = isset($file_attach['type']) ? $file_attach['type'] : '';
        if (empty($type)) {
            $type = DocumentManager::file_get_mime_type($file_attach['name']);
        }
        $new_file_name = add_ext_on_mime(stripslashes($file_attach['name']), $type);

        // user's file name
        $file_name = $file_attach['name'];
        if (!filter_extension($new_file_name)) {
            Display::addFlash(Display::return_message(get_lang('UplUnableToSaveFileFilteredExtension'), 'error'));
        } else {
            $new_file_name = uniqid('');
            if (!empty($receiver_user_id)) {
                $message_user_id = $receiver_user_id;
            } else {
                $message_user_id = $sender_user_id;
            }

            // User-reserved directory where photos have to be placed.*
            $userGroup = new UserGroup();
            if (!empty($group_id)) {
                $path_user_info = $userGroup->get_group_picture_path_by_id(
                    $group_id,
                    'system',
                    true
                );
            } else {
                $path_user_info['dir'] = UserManager::getUserPathById($message_user_id, 'system');

$path_user_info was never initialized. Although not strictly required by PHP, it is generally a good practice to add $path_user_info = array(); before regardless.

            }

            $path_message_attach = $path_user_info['dir'].'message_attachments/';
            // If this directory does not exist - we create it.
            if (!file_exists($path_message_attach)) {
                @mkdir($path_message_attach, api_get_permissions_for_new_directories(), true);

It seems like you do not handle an error condition for mkdir(). This can introduce security issues, and is generally not recommended.

            }

            $new_path = $path_message_attach.$new_file_name;

            if (is_uploaded_file($file_attach['tmp_name'])) {
                @copy($file_attach['tmp_name'], $new_path);

It seems like you do not handle an error condition for copy(). This can introduce security issues, and is generally not recommended.

            } else {
                // 'tmp_name' can be set by the ticket
                if (file_exists($file_attach['tmp_name'])) {
                    @copy($file_attach['tmp_name'], $new_path);
                }
            }

            // Storing the attachments if any
            $params = [
                'filename' => $file_name,
                'comment' => $file_comment,
                'path' => $new_file_name,
                'message_id' => $message_id,
                'size' => $file_attach['size']
            ];
            Database::insert($tbl_message_attach, $params);
        }
    }

    /**
     * Delete message attachment files (logically updating the row with a suffix _DELETE_id)
     * @param  int    message id
     * @param  int    message user id (receiver user id or sender user id)
     * @param  int    group id (optional)
     */
    public static function delete_message_attachment_file(
        $message_id,
        $message_uid,
        $group_id = 0
    ) {
        $message_id = intval($message_id);
        $message_uid = intval($message_uid);
        $table_message_attach = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);

        $sql = "SELECT * FROM $table_message_attach 
                WHERE message_id = '$message_id'";
        $rs = Database::query($sql);
        while ($row = Database::fetch_array($rs)) {
            $path = $row['path'];
            $attach_id = $row['id'];
            $new_path = $path.'_DELETED_'.$attach_id;

            if (!empty($group_id)) {
                $userGroup = new UserGroup();
                $path_user_info = $userGroup->get_group_picture_path_by_id(
                    $group_id,
                    'system',
                    true
                );
            } else {
                $path_user_info['dir'] = UserManager::getUserPathById(
                    $message_uid,
                    'system'
                );
            }

            $path_message_attach = $path_user_info['dir'].'message_attachments/';
            if (is_file($path_message_attach.$path)) {
                if (rename($path_message_attach.$path, $path_message_attach.$new_path)) {
                    $sql = "UPDATE $table_message_attach set path='$new_path'
                            WHERE id ='$attach_id'";
                    Database::query($sql);
                }
            }
        }
    }

    /**
     * update messages by user id and message id
     * @param  int $user_id
     * @param  int $message_id
     * @return bool
     */
    public static function update_message($user_id, $message_id)
    {
        if ($message_id != strval(intval($message_id)) || $user_id != strval(intval($user_id))) {
            return false;
        }

        $table = Database::get_main_table(TABLE_MESSAGE);
        $sql = "UPDATE $table SET 
                    msg_status = '".MESSAGE_STATUS_NEW."'
                WHERE
                    msg_status <> ".MESSAGE_STATUS_OUTBOX." AND
                    user_receiver_id = ".intval($user_id)." AND
                    id = '".intval($message_id)."'";
        Database::query($sql);
        return true;
    }

    /**
     * @param int $user_id
     * @param int $message_id
     * @param string $type
     * @return bool
     */
    public static function update_message_status($user_id, $message_id, $type)
    {
        $type = intval($type);
        if ($message_id != strval(intval($message_id)) || $user_id != strval(intval($user_id))) {
            return false;
        }
        $table_message = Database::get_main_table(TABLE_MESSAGE);
        $sql = "UPDATE $table_message SET
                    msg_status = '$type'
                WHERE
                    user_receiver_id = ".intval($user_id)." AND
                    id = '".intval($message_id)."'";
        Database::query($sql);
    }

    /**
     * get messages by user id and message id
     * @param  int $user_id
     * @param  int $message_id
     * @return array
     */
    public static function get_message_by_user($user_id, $message_id)
    {
        if ($message_id != strval(intval($message_id)) || $user_id != strval(intval($user_id))) {
            return false;

The expression return false returns the type false which is incompatible with the documented return type array.

        }
        $table = Database::get_main_table(TABLE_MESSAGE);
        $query = "SELECT * FROM $table
                  WHERE user_receiver_id=".intval($user_id)." AND id='".intval($message_id)."'";
        $result = Database::query($query);

        return $row = Database::fetch_array($result);
    }

    /**
     * get messages by group id
     * @param  int $group_id group id
     * @return array
     */
    public static function get_messages_by_group($group_id)
    {
        if ($group_id != strval(intval($group_id))) {
            return false;

The expression return false returns the type false which is incompatible with the documented return type array.

        }

        $table = Database::get_main_table(TABLE_MESSAGE);
        $group_id = intval($group_id);
        $sql = "SELECT * FROM $table
                WHERE
                    group_id= $group_id AND
                    msg_status NOT IN ('".MESSAGE_STATUS_OUTBOX."', '".MESSAGE_STATUS_DELETED."')
                ORDER BY id";
        $rs = Database::query($sql);
        $data = [];
        if (Database::num_rows($rs) > 0) {
            while ($row = Database::fetch_array($rs, 'ASSOC')) {
                $data[] = $row;
            }
        }
        return $data;
    }

    /**
     * get messages by group id
     * @param  int $group_id
     * @param int $message_id
     * @return array
     */
    public static function get_messages_by_group_by_message($group_id, $message_id)
    {
        if ($group_id != strval(intval($group_id))) {
            return false;

The expression return false returns the type false which is incompatible with the documented return type array.

        }
        $table = Database::get_main_table(TABLE_MESSAGE);
        $group_id = intval($group_id);
        $sql = "SELECT * FROM $table
                WHERE
                    group_id = $group_id AND
                    msg_status NOT IN ('".MESSAGE_STATUS_OUTBOX."', '".MESSAGE_STATUS_DELETED."')
                ORDER BY id ";

        $rs = Database::query($sql);
        $data = [];
        $parents = [];
        if (Database::num_rows($rs) > 0) {
            while ($row = Database::fetch_array($rs, 'ASSOC')) {
                if ($message_id == $row['parent_id'] || in_array($row['parent_id'], $parents)) {
                    $parents[] = $row['id'];
                    $data[] = $row;
                }
            }
        }

        return $data;
    }

    /**
     * Get messages by parent id optionally with limit
     * @param  int        parent id
     * @param  int        group id (optional)
     * @param  int        offset (optional)
     * @param  int        limit (optional)
     * @return array
     */
    public static function get_messages_by_parent($parent_id, $group_id = 0, $offset = 0, $limit = 0)
    {
        if ($parent_id != strval(intval($parent_id))) {
            return false;

The expression return false returns the type false which is incompatible with the documented return type array.

        }
        $table = Database::get_main_table(TABLE_MESSAGE);
        $parent_id = intval($parent_id);
        $condition_group_id = '';
        if (!empty($group_id)) {
            $group_id = intval($group_id);
            $condition_group_id = " AND group_id = '$group_id' ";
        }

        $condition_limit = '';
        if ($offset && $limit) {
            $offset = ($offset - 1) * $limit;
            $condition_limit = " LIMIT $offset,$limit ";
        }

        $sql = "SELECT * FROM $table
                WHERE
                    parent_id='$parent_id' AND
                    msg_status <> ".MESSAGE_STATUS_OUTBOX."
                    $condition_group_id
                ORDER BY send_date DESC $condition_limit ";
        $rs = Database::query($sql);
        $data = [];
        if (Database::num_rows($rs) > 0) {
            while ($row = Database::fetch_array($rs)) {
                $data[$row['id']] = $row;
            }
        }

        return $data;
    }

    /**
     * Gets information about messages sent
     * @param  integer
     * @param  integer
     * @param  string
     * @return array
     */
    public static function get_message_data_sent(
        $from,
        $number_of_items,
        $column,
        $direction
    ) {
        $from = intval($from);
        $number_of_items = intval($number_of_items);
        if (!isset($direction)) {
            $column = 2;
            $direction = 'DESC';
        } else {
            $column = intval($column);
            if (!in_array($direction, ['ASC', 'DESC'])) {
                $direction = 'ASC';
            }
        }

        if (!in_array($column, [0, 1, 2])) {
            $column = 2;
        }
        $table = Database::get_main_table(TABLE_MESSAGE);
        $request = api_is_xml_http_request();
        $keyword = Session::read('message_sent_search_keyword');
        $keywordCondition = '';
        if (!empty($keyword)) {
            $keyword = Database::escape_string($keyword);
            $keywordCondition = " AND (title like '%$keyword%' OR content LIKE '%$keyword%') ";
        }

        $sql = "SELECT
                    id as col0, 
                    title as col1, 
                    send_date as col2, 
                    user_receiver_id, 
                    msg_status,
                    user_sender_id
                FROM $table
                WHERE
                    user_sender_id = ".api_get_user_id()." AND
                    msg_status = ".MESSAGE_STATUS_OUTBOX."
                    $keywordCondition
                ORDER BY col$column $direction
                LIMIT $from, $number_of_items";
        $result = Database::query($sql);
        $i = 0;
        $message_list = [];
        while ($row = Database::fetch_array($result, 'ASSOC')) {
            $messageId = $row['col0'];
            $title = $row['col1'];
            $sendDate = $row['col2'];
            $status = $row['msg_status'];
            $senderId = $row['user_sender_id'];

            if ($request === true) {
                $message[0] = '<input type="checkbox" value='.$messageId.' name="out[]">';
            } else {
                $message[0] = $messageId;
            }

            $class = 'class = "read"';
            $title = Security::remove_XSS($title);
            $userInfo = api_get_user_info($senderId);
            if ($request === true) {
                $message[1] = '<a onclick="show_sent_message('.$messageId.')" href="javascript:void(0)">'.$userInfo['complete_name_with_username'].'</a>';
                $message[2] = '<a onclick="show_sent_message('.$messageId.')" href="javascript:void(0)">'.str_replace("\\", "", $title).'</a>';
                //date stays the same
                $message[3] = api_convert_and_format_date($sendDate, DATE_TIME_FORMAT_LONG);
                $message[4] = '&nbsp;&nbsp;<a title="'.addslashes(get_lang('DeleteMessage')).'" onclick="delete_one_message_outbox('.$messageId.')" href="javascript:void(0)"  >'.
                    Display::returnFontAwesomeIcon('trash', 2).'</a>';
            } else {
                $message[1] = '<a '.$class.' onclick="show_sent_message('.$messageId.')" href="../messages/view_message.php?id_send='.$messageId.'">'.$title.'</a><br />'.$userInfo['complete_name_with_username'];
                $message[2] = api_convert_and_format_date($sendDate, DATE_TIME_FORMAT_LONG);
                $message[3] = '<a title="'.addslashes(get_lang('DeleteMessage')).'" href="outbox.php?action=deleteone&id='.$messageId.'"  onclick="javascript:if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmDeleteMessage')))."'".')) return false;" >'.
                    Display::returnFontAwesomeIcon('trash', 2).'</a>';
            }

            $message_list[] = $message;

The variable $message does not seem to be defined for all execution paths leading up to this point.

            $i++;
        }

        return $message_list;
    }

    /**
     * Gets information about number messages sent
     * @author Isaac FLores Paz <isaac.flores@dokeos.com>
     * @param void
     * @return integer
     */
    public static function getNumberOfMessagesSent()
    {
        $table = Database::get_main_table(TABLE_MESSAGE);
        $keyword = Session::read('message_sent_search_keyword');
        $keywordCondition = '';
        if (!empty($keyword)) {
            $keyword = Database::escape_string($keyword);
            $keywordCondition = " AND (title like '%$keyword%' OR content LIKE '%$keyword%') ";
        }

        $sql = "SELECT COUNT(id) as number_messages 
                FROM $table
                WHERE
                  msg_status = ".MESSAGE_STATUS_OUTBOX." AND
                  user_sender_id = ".api_get_user_id()."
                  $keywordCondition
                ";
        $result = Database::query($sql);
        $result = Database::fetch_array($result);

        return $result['number_messages'];
    }

    /**
     * display message box in the inbox
     * @param int the message id
     * @param string inbox or outbox strings are available
     * @todo replace numbers with letters in the $row array pff...
     * @return string html with the message content
     */
    public static function showMessageBox($messageId, $source = 'inbox')
    {
        $table = Database::get_main_table(TABLE_MESSAGE);
        $messageId = intval($messageId);

        if ($source == 'outbox') {
            if (isset($messageId) && is_numeric($messageId)) {
                $query = "SELECT * FROM $table
                          WHERE
                            user_sender_id = ".api_get_user_id()." AND
                            id = ".$messageId." AND
                            msg_status = ".MESSAGE_STATUS_OUTBOX;
                $result = Database::query($query);
            }
        } else {
            if (is_numeric($messageId) && !empty($messageId)) {
                $query = "UPDATE $table SET
                          msg_status = '".MESSAGE_STATUS_NEW."'
                          WHERE
                            user_receiver_id=".api_get_user_id()." AND
                            id='".$messageId."'";
                Database::query($query);

                $query = "SELECT * FROM $table
                          WHERE
                            msg_status<> ".MESSAGE_STATUS_OUTBOX." AND
                            user_receiver_id=".api_get_user_id()." AND
                            id='".$messageId."'";
                $result = Database::query($query);
            }
        }
        $row = Database::fetch_array($result, 'ASSOC');

The variable $result does not seem to be defined for all execution paths leading up to this point.

        $user_sender_id = $row['user_sender_id'];

        // get file attachments by message id
        $files_attachments = self::get_links_message_attachment_files(
            $messageId,
            $source
        );

        $row['content'] = str_replace('</br>', '<br />', $row['content']);
        $title = Security::remove_XSS($row['title'], STUDENT, true);
        $content = Security::remove_XSS($row['content'], STUDENT, true);

        $name = get_lang('UnknownUser');
        $fromUser = api_get_user_info($user_sender_id);
        $userImage = '';
        if (!empty($user_sender_id) && !empty($fromUser)) {
            $name = $fromUser['complete_name_with_username'];
            $userImage = Display::img(
                $fromUser['avatar_small'],
                $name,
                ['title' => $name, 'class' => 'img-responsive img-circle', 'style' => 'max-width:35px'],
                false
            );
        }

        $message_content = Display::page_subheader(str_replace("\\", "", $title));

        $receiverUserInfo = [];
        if (!empty($row['user_receiver_id'])) {
            $receiverUserInfo = api_get_user_info($row['user_receiver_id']);
        }

        $message_content .= '<tr>';
        if (api_get_setting('allow_social_tool') == 'true') {
            $message_content .= '<div class="row">';
            if ($source == 'outbox') {
                $message_content .= '<div class="col-md-12">';
                $message_content .= '<ul class="list-message">';
                $message_content .= '<li>'.$userImage.'</li>';
                $message_content .= '<li>'.$name.'&nbsp;';
                if (!empty($receiverUserInfo)) {
                    $message_content .= api_strtolower(
                            get_lang('To')
                        ).'&nbsp;<b>'.$receiverUserInfo['complete_name_with_username'].'</b></li>';
                } else {
                    $message_content .= api_strtolower(get_lang('To')).'&nbsp;<b>-</b></li>';
                }

                $message_content .= '<li>'.Display::dateToStringAgoAndLongDate($row['send_date']).'</li>';
                $message_content .= '</ul>';
                $message_content .= '</div>';
            } else {
                $message_content .= '<div class="col-md-12">';
                $message_content .= '<ul class="list-message">';
                if (!empty($user_sender_id)) {
                    $message_content .= '<li>'.$userImage.'</li>';
                    $message_content .= '<li><a href="'.api_get_path(
                            WEB_PATH
                        ).'main/social/profile.php?u='.$user_sender_id.'">'.$name.'</a>';
                } else {
                    $message_content .= '<li>'.$name;
                }

                $message_content .= '&nbsp;'.api_strtolower(get_lang('To')).'&nbsp;'.get_lang('Me');
                $message_content .= '<li>'.Display::dateToStringAgoAndLongDate($row['send_date']).'</li>';
                $message_content .= '</ul>';
                $message_content .= '</div>';
            }
            $message_content .= '</div>';
        } else {
            if ($source == 'outbox') {
                $message_content .= get_lang('From').':&nbsp;'.$name.'</b> '.api_strtolower(get_lang('To')).' <b>'.
                    $receiverUserInfo['complete_name_with_username'].'</b>';
            } else {
                $message_content .= get_lang('From').':&nbsp;'.$name.'</b> '.api_strtolower(get_lang('To')).' <b>'.
                    get_lang('Me').'</b>';
            }
        }

        $message_content .= '		        
		        <hr style="color:#ddd" />
		        <table width="100%">
		            <tr>
		              <td valign=top class="view-message-content">'.str_replace("\\", "", $content).'</td>
		            </tr>
		        </table>
		        <div id="message-attach">'.(!empty($files_attachments) ? implode('<br />', $files_attachments) : '').'</div>
		        <div style="padding: 15px 0px 5px 0px">';
        $social_link = '';
        if (isset($_GET['f']) && $_GET['f'] == 'social') {
            $social_link = 'f=social';
        }
        if ($source == 'outbox') {
            $message_content .= '<a href="outbox.php?'.$social_link.'">'.
                Display::return_icon('back.png', get_lang('ReturnToOutbox')).'</a> &nbsp';
        } else {
            $message_content .= '<a href="inbox.php?'.$social_link.'">'.
                Display::return_icon('back.png', get_lang('ReturnToInbox')).'</a> &nbsp';
            $message_content .= '<a href="new_message.php?re_id='.$messageId.'&'.$social_link.'">'.
                Display::return_icon('message_reply.png', get_lang('ReplyToMessage')).'</a> &nbsp';
        }
        $message_content .= '<a href="inbox.php?action=deleteone&id='.$messageId.'&'.$social_link.'" >'.
            Display::return_icon('delete.png', get_lang('DeleteMessage')).'</a>&nbsp';

        $message_content .= '</div></td>
		      <td width=10></td>
		    </tr>
		</table>';

        return $message_content;
    }

    /**
     * get user id by user email
     * @param string $user_email
     * @return int user id
     */
    public static function get_user_id_by_email($user_email)
    {
        $tbl_user = Database::get_main_table(TABLE_MAIN_USER);
        $sql = 'SELECT user_id FROM '.$tbl_user.'
                WHERE email="'.Database::escape_string($user_email).'";';
        $rs = Database::query($sql);
        $row = Database::fetch_array($rs, 'ASSOC');
        if (isset($row['user_id'])) {
            return $row['user_id'];
        } else {
            return null;
        }
    }

    /**
     * Displays messages of a group with nested view
     *
     * @param int $group_id
     * @return string
     */
    public static function display_messages_for_group($group_id)
    {
        global $my_group_role;

        $rows = self::get_messages_by_group($group_id);
        $topics_per_page = 10;
        $html_messages = '';
        $query_vars = ['id' => $group_id, 'topics_page_nr' => 0];

        if (is_array($rows) && count($rows) > 0) {
            // prepare array for topics with its items
            $topics = [];
            $x = 0;
            foreach ($rows as $index => $value) {
                if (empty($value['parent_id'])) {
                    $topics[$value['id']] = $value;
                }
            }

            $new_topics = [];

            foreach ($topics as $id => $value) {
                $rows = null;
                $rows = self::get_messages_by_group_by_message($group_id, $value['id']);
                if (!empty($rows)) {
                    $count = count(self::calculate_children($rows, $value['id']));
                } else {
                    $count = 0;
                }
                $value['count'] = $count;
                $new_topics[$id] = $value;
            }

            $array_html = [];
            foreach ($new_topics as $index => $topic) {
                $html = '';
                // topics
                $user_sender_info = api_get_user_info($topic['user_sender_id']);
                $name = $user_sender_info['complete_name'];
                $html .= '<div class="groups-messages">';
                $html .= '<div class="row">';

                $items = $topic['count'];
                $reply_label = ($items == 1) ? get_lang('GroupReply') : get_lang('GroupReplies');
                $label = '<i class="fa fa-envelope"></i> '.$items.' '.$reply_label;
                $topic['title'] = trim($topic['title']);

                if (empty($topic['title'])) {
                    $topic['title'] = get_lang('Untitled');
                }

                $html .= '<div class="col-xs-8 col-md-10">';
                $html .= Display::tag(
                    'h4',
                    Display::url(
                        Security::remove_XSS($topic['title'], STUDENT, true),
                        api_get_path(WEB_CODE_PATH).'social/group_topics.php?id='.$group_id.'&topic_id='.$topic['id']
                    ),
                    ['class' => 'title']
                );
                $actions = '';
                if ($my_group_role == GROUP_USER_PERMISSION_ADMIN ||
                    $my_group_role == GROUP_USER_PERMISSION_MODERATOR
                ) {
                    $actions = '<br />'.Display::url(
                            get_lang('Delete'),
                            api_get_path(
                                WEB_CODE_PATH
                            ).'social/group_topics.php?action=delete&id='.$group_id.'&topic_id='.$topic['id'],
                            ['class' => 'btn btn-default']
                        );
                }

                $date = '';
                if ($topic['send_date'] != $topic['update_date']) {
                    if (!empty($topic['update_date'])) {
                        $date .= '<i class="fa fa-calendar"></i> '.get_lang(
                                'LastUpdate'
                            ).' '.Display::dateToStringAgoAndLongDate($topic['update_date']);
                    }
                } else {
                    $date .= '<i class="fa fa-calendar"></i> '.get_lang(
                            'Created'
                        ).' '.Display::dateToStringAgoAndLongDate($topic['send_date']);
                }
                $html .= '<div class="date">'.$label.' - '.$date.$actions.'</div>';
                $html .= '</div>';

                $image = $user_sender_info['avatar'];

                $user_info = '<div class="author"><img class="img-responsive img-circle" src="'.$image.'" alt="'.$name.'"  width="64" height="64" title="'.$name.'" /></div>';
                $user_info .= '<div class="name"><a href="'.api_get_path(
                        WEB_PATH
                    ).'main/social/profile.php?u='.$topic['user_sender_id'].'">'.$name.'&nbsp;</a></div>';

                $html .= '<div class="col-xs-4 col-md-2">';
                $html .= $user_info;
                $html .= '</div>';
                $html .= '</div>';
                $html .= '</div>';

                $array_html[] = [$html];
            }

            // grids for items and topics  with paginations
            $html_messages .= Display::return_sortable_grid(
                'topics',
                [],
                $array_html,
                [
                    'hide_navigation' => false,
                    'per_page' => $topics_per_page
                ],
                $query_vars,
                false,
                [true, true, true, false],
                false
            );
        }

        return $html_messages;
    }

    /**
     * Displays messages of a group with nested view
     * @param $group_id
     * @param $topic_id
     * @param $is_member
     * @param $messageId
     * @return string
     */
    public static function display_message_for_group($group_id, $topic_id, $is_member, $messageId)

The parameter $is_member is not used and could be removed.

The parameter $messageId is not used and could be removed.

    {
        global $my_group_role;
        $main_message = self::get_message_by_id($topic_id);
        if (empty($main_message)) {
            return false;

The expression return false returns the type false which is incompatible with the documented return type string.

        }
        $rows = self::get_messages_by_group_by_message($group_id, $topic_id);
        $rows = self::calculate_children($rows, $topic_id);
        $current_user_id = api_get_user_id();

        $items_per_page = 50;
        $query_vars = ['id' => $group_id, 'topic_id' => $topic_id, 'topics_page_nr' => 0];

        // Main message
        $links = '';
        $main_content = '';
        $html = '';
        $items_page_nr = null;

        $user_sender_info = api_get_user_info($main_message['user_sender_id']);
        $files_attachments = self::get_links_message_attachment_files($main_message['id']);
        $name = $user_sender_info['complete_name'];

        $topic_page_nr = isset($_GET['topics_page_nr']) ? intval($_GET['topics_page_nr']) : null;

        $links .= '<div class="pull-right">';
        $links .= '<div class="btn-group btn-group-sm">';

        if (($my_group_role == GROUP_USER_PERMISSION_ADMIN ||
                $my_group_role == GROUP_USER_PERMISSION_MODERATOR) ||
            $main_message['user_sender_id'] == $current_user_id
        ) {
            $urlEdit = api_get_path(WEB_CODE_PATH);
            $urlEdit .= 'social/message_for_group_form.inc.php?';
            $urlEdit .= http_build_query(
                [
                    'user_friend' => $current_user_id,
                    'group_id' => $group_id,
                    'message_id' => $main_message['id'],
                    'action' => 'edit_message_group',
                    'anchor_topic' => 'topic_'.$main_message['id'],
                    'topics_page_nr' => $topic_page_nr,
                    'items_page_nr' => $items_page_nr,
                    'topic_id' => $main_message['id']
                ]
            );

            $links .= Display::url(
                Display::returnFontAwesomeIcon('pencil'),
                $urlEdit,
                [
                    'class' => 'btn btn-default ajax',
                    'title' => get_lang('Edit'),
                    'data-title' => get_lang('Edit'),
                    'data-size' => 'lg'
                ]
            );
        }

        $urlReply = api_get_path(WEB_CODE_PATH);
        $urlReply .= 'social/message_for_group_form.inc.php?';
        $urlReply .= http_build_query(
            [
                'user_friend' => api_get_user_id(),
                'group_id' => $group_id,
                'message_id' => $main_message['id'],
                'action' => 'reply_message_group',
                'anchor_topic' => 'topic_'.$main_message['id'],
                'topics_page_nr' => $topic_page_nr,
                'topic_id' => $main_message['id']
            ]
        );

        $links .= Display::url(
            Display::returnFontAwesomeIcon('commenting'),
            $urlReply,
            [
                'class' => 'btn btn-default ajax',
                'title' => get_lang('Reply'),
                'data-title' => get_lang('Reply'),
                'data-size' => 'lg'
            ]
        );

        if (api_is_platform_admin()) {
            $links .= Display::url(
                Display::returnFontAwesomeIcon('trash'),
                'group_topics.php?action=delete&id='.$group_id.'&topic_id='.$topic_id,
                [
                    'class' => 'btn btn-default'
                ]
            );
        }

        $links .= '</div>';
        $links .= '</div>';

        $title = '<h4>'.Security::remove_XSS($main_message['title'], STUDENT, true).$links.'</h4>';

        $userPicture = $user_sender_info['avatar'];
        $main_content .= '<div class="row">';
        $main_content .= '<div class="col-md-2">';
        $main_content .= '<div class="avatar-author">';
        $main_content .= '<img width="60px" src="'.$userPicture.'" alt="'.$name.'" class="img-responsive img-circle" title="'.$name.'" />';
        $main_content .= '</div>';
        $main_content .= '</div>';

        $date = '';
        if ($main_message['send_date'] != $main_message['update_date']) {
            if (!empty($main_message['update_date'])) {
                $date = '<div class="date"> '.
                    Display::returnFontAwesomeIcon('calendar').' '.get_lang('LastUpdate').' '.
                    Display::dateToStringAgoAndLongDate($main_message['update_date']).
                    '</div>';
            }
        } else {
            $date = '<div class="date"> '.
                Display::returnFontAwesomeIcon('calendar').' '.get_lang('Created').' '.
                Display::dateToStringAgoAndLongDate($main_message['send_date']).
                '</div>';
        }
        $attachment = '<div class="message-attach">'.(!empty($files_attachments) ? implode(
                '<br />',
                $files_attachments
            ) : '').'</div>';
        $main_content .= '<div class="col-md-10">';
        $user_link = '<a href="'.api_get_path(
                WEB_PATH
            ).'main/social/profile.php?u='.$main_message['user_sender_id'].'">'.$name.'</a>';
        $main_content .= '<div class="message-content"> ';
        $main_content .= '<div class="username">'.$user_link.'</div>';
        $main_content .= $date;
        $main_content .= '<div class="message">'.$main_message['content'].$attachment.'</div></div>';
        $main_content .= '</div>';
        $main_content .= '</div>';

        $html .= Display::div(
            Display::div(
                $title.$main_content,
                ['class' => 'message-topic']
            ),
            ['class' => 'sm-groups-message']
        );

        $topic_id = $main_message['id'];

        if (is_array($rows) && count($rows) > 0) {
            $topics = $rows;
            $array_html_items = [];
            foreach ($topics as $index => $topic) {
                if (empty($topic['id'])) {
                    continue;
                }
                $items_page_nr = isset($_GET['items_'.$topic['id'].'_page_nr']) ? intval($_GET['items_'.$topic['id'].'_page_nr']) : null;
                $links = '';
                $links .= '<div class="pull-right">';
                $html_items = '';
                $user_sender_info = api_get_user_info($topic['user_sender_id']);
                $files_attachments = self::get_links_message_attachment_files($topic['id']);
                $name = $user_sender_info['complete_name'];

                $links .= '<div class="btn-group btn-group-sm">';
                if (($my_group_role == GROUP_USER_PERMISSION_ADMIN || $my_group_role == GROUP_USER_PERMISSION_MODERATOR) ||
                    $topic['user_sender_id'] == $current_user_id
                ) {
                    $links .= '<a href="'.api_get_path(WEB_CODE_PATH).'social/message_for_group_form.inc.php?height=400&width=800&&user_friend='.$current_user_id.'&group_id='.$group_id.'&message_id='.$topic['id'].'&action=edit_message_group&anchor_topic=topic_'.$topic_id.'&topics_page_nr='.$topic_page_nr.'&items_page_nr='.$items_page_nr.'&topic_id='.$topic_id.'" class="ajax btn btn-default" data-size="lg" data-title="'.get_lang('Edit').'" title="'.get_lang('Edit').'">'.
                        Display::returnFontAwesomeIcon('pencil').'</a>';
                }
                $links .= '<a href="'.api_get_path(WEB_CODE_PATH).'social/message_for_group_form.inc.php?height=400&width=800&&user_friend='.api_get_user_id().'&group_id='.$group_id.'&message_id='.$topic['id'].'&action=reply_message_group&anchor_topic=topic_'.$topic_id.'&topics_page_nr='.$topic_page_nr.'&items_page_nr='.$items_page_nr.'&topic_id='.$topic_id.'" class="ajax btn btn-default" data-size="lg" data-title="'.get_lang('Reply').'" title="'.get_lang('Reply').'">';
                $links .= Display::returnFontAwesomeIcon('commenting').'</a>';
                $links .= '</div>';
                $links .= '</div>';

                $userPicture = $user_sender_info['avatar'];
                $user_link = '<a href="'.api_get_path(WEB_PATH).'main/social/profile.php?u='.$topic['user_sender_id'].'">'.$name.'&nbsp</a>';
                $html_items .= '<div class="row">';
                $html_items .= '<div class="col-md-2">';
                $html_items .= '<div class="avatar-author">';
                $html_items .= '<img width="60px" src="'.$userPicture.'" alt="'.$name.'" class="img-responsive img-circle" title="'.$name.'" /></div>';
                $html_items .= '</div>';

                $date = '';
                if ($topic['send_date'] != $topic['update_date']) {
                    if (!empty($topic['update_date'])) {
                        $date = '<div class="date"> '.
                            Display::returnFontAwesomeIcon('calendar').' '.
                            get_lang('LastUpdate').' '.Display::dateToStringAgoAndLongDate($topic['update_date']).
                        '</div>';
                    }
                } else {
                    $date = '<div class="date"> '.
                        Display::returnFontAwesomeIcon('calendar').
                        get_lang('Created').' '.Display::dateToStringAgoAndLongDate($topic['send_date']).
                    '</div>';
                }
                $attachment = '<div class="message-attach">'.(!empty($files_attachments) ? implode('<br />', $files_attachments) : '').'</div>';
                $html_items .= '<div class="col-md-10">';
                $html_items .= '<div class="message-content">';
                $html_items .= $links;
                $html_items .= '<div class="username">'.$user_link.'</div>';
                $html_items .= $date;
                $html_items .= '<div class="message">'.
                    Security::remove_XSS($topic['content'], STUDENT, true).
                    '</div>'.$attachment.'</div>';
                $html_items .= '</div>';
                $html_items .= '</div>';

                $base_padding = 20;

                if ($topic['indent_cnt'] == 0) {
                    $indent = $base_padding;
                } else {
                    $indent = intval($topic['indent_cnt']) * $base_padding + $base_padding;
                }

                $html_items = Display::div($html_items, ['class' => 'message-post', 'id' => 'msg_'.$topic['id']]);
                $html_items = Display::div($html_items, ['class' => '', 'style' => 'margin-left:'.$indent.'px']);
                $array_html_items[] = [$html_items];
            }

            // grids for items with paginations
            $options = ['hide_navigation' => false, 'per_page' => $items_per_page];
            $visibility = [true, true, true, false];

            $style_class = [
                'item' => ['class' => 'user-post'],
                'main' => ['class' => 'user-list'],
            ];
            if (!empty($array_html_items)) {
                $html .= Display::return_sortable_grid(
                    'items_'.$topic['id'],

The variable $topic seems to be defined by a foreach iteration on line 1576. Are you sure the iterator is never empty, otherwise this variable is not defined?

                    [],
                    $array_html_items,
                    $options,
                    $query_vars,
                    null,
                    $visibility,
                    false,
                    $style_class
                );
            }
        }

        return $html;
    }

    /**
     * Add children to messages by id is used for nested view messages
     * @param array $rows rows of messages
     * @return array $first_seed new list adding the item children
     */
    public static function calculate_children($rows, $first_seed)
    {
        $rows_with_children = [];
        foreach ($rows as $row) {
            $rows_with_children[$row["id"]] = $row;
            $rows_with_children[$row["parent_id"]]["children"][] = $row["id"];
        }
        $rows = $rows_with_children;
        $sorted_rows = [0 => []];
        self::message_recursive_sort($rows, $sorted_rows, $first_seed);
        unset($sorted_rows[0]);

        return $sorted_rows;
    }

    /**
     * Sort recursively the messages, is used for for nested view messages
     * @param array  original rows of messages
     * @param array  list recursive of messages
     * @param int   seed for calculate the indent
     * @param int   indent for nested view
     * @return void
     */
    public static function message_recursive_sort(
        $rows,
        &$messages,
        $seed = 0,
        $indent = 0
    ) {
        if ($seed > 0 && isset($rows[$seed]["id"])) {
            $messages[$rows[$seed]["id"]] = $rows[$seed];
            $messages[$rows[$seed]["id"]]["indent_cnt"] = $indent;
            $indent++;
        }

        if (isset($rows[$seed]["children"])) {
            foreach ($rows[$seed]["children"] as $child) {
                self::message_recursive_sort($rows, $messages, $child, $indent);
            }
        }
    }

    /**
     * Sort date by desc from a multi-dimensional array
     * @param array $array1 first array to compare
     * @param array $array2 second array to compare
     * @return bool
     */
    public function order_desc_date($array1, $array2)
    {
        return strcmp($array2['send_date'], $array1['send_date']);

The expression return strcmp($array2['send_date'], $array1['send_date']) returns the type integer which is incompatible with the documented return type boolean.

    }

    /**
     * Get array of links (download) for message attachment files
     * @param int $messageId
     * @param string $type message list (inbox/outbox)
     * @return array
     */
    public static function get_links_message_attachment_files($messageId, $type = '')
    {
        $table = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);
        $messageId = intval($messageId);

        // get file attachments by message id
        $links_attach_file = [];
        if (!empty($messageId)) {
            $sql = "SELECT * FROM $table
                    WHERE message_id = '$messageId'";

            $rs_file = Database::query($sql);
            if (Database::num_rows($rs_file) > 0) {
                $attach_icon = Display::return_icon('attachment.gif', '');
                $archiveURL = api_get_path(WEB_CODE_PATH).'messages/download.php?type='.$type.'&file=';
                while ($row_file = Database::fetch_array($rs_file)) {
                    $archiveFile = $row_file['path'];
                    $filename = $row_file['filename'];
                    $filesize = format_file_size($row_file['size']);
                    $filecomment = Security::remove_XSS($row_file['comment']);
                    $filename = Security::remove_XSS($filename);
                    $links_attach_file[] = $attach_icon.'&nbsp;<a href="'.$archiveURL.$archiveFile.'">'.$filename.'</a>
                        &nbsp;('.$filesize.')'.(!empty($filecomment) ? '&nbsp;-&nbsp;<i>'.$filecomment.'</i>' : '');
                }
            }
        }
        return $links_attach_file;
    }

    /**
     * Get message list by id
     * @param int $messageId
     * @return array
     */
    public static function get_message_by_id($messageId)
    {
        $table = Database::get_main_table(TABLE_MESSAGE);
        $messageId = intval($messageId);
        $sql = "SELECT * FROM $table
                WHERE 
                    id = '$messageId' AND 
                    msg_status <> '".MESSAGE_STATUS_DELETED."' ";
        $res = Database::query($sql);
        $item = [];
        if (Database::num_rows($res) > 0) {
            $item = Database::fetch_array($res, 'ASSOC');
        }
        return $item;
    }

    /**
     *
     * @return string
     */
    public static function generate_message_form()
    {
        $form = new FormValidator('send_message');
        $form->addText(
            'subject',
            get_lang('Subject'),
            false,
            ['id' => 'subject_id']
        );
        $form->addTextarea(
            'content',
            get_lang('Message'),
            ['id' => 'content_id', 'rows' => '5']
        );

        return $form->returnForm();
    }

    /**
     * @param $id
     * @param array $params
     * @return string
     */
    public static function generate_invitation_form($id, $params = [])

The parameter $params is not used and could be removed.

The parameter $id is not used and could be removed.

    {
        $form = new FormValidator('send_invitation');
        $form->addTextarea(
            'content',
            get_lang('AddPersonalMessage'),
            ['id' => 'content_invitation_id', 'rows' => 5]
        );
        return $form->returnForm();
    }

    //@todo this functions should be in the message class

    /**
     * @param string $keyword
     * @return string
     */
    public static function inbox_display($keyword = '')
    {
        $success = get_lang('SelectedMessagesDeleted');
        $success_read = get_lang('SelectedMessagesRead');
        $success_unread = get_lang('SelectedMessagesUnRead');
        $html = '';

        Session::write('message_search_keyword', $keyword);

        if (isset($_REQUEST['action'])) {
            switch ($_REQUEST['action']) {
                case 'mark_as_unread':
                    if (is_array($_POST['id'])) {
                        foreach ($_POST['id'] as $index => $message_id) {
                            self::update_message_status(
                                api_get_user_id(),
                                $message_id,
                                MESSAGE_STATUS_UNREAD
                            );
                        }
                    }
                    $html .= Display::return_message(
                        api_xml_http_response_encode($success_unread),
                        'normal',
                        false
                    );
                    break;
                case 'mark_as_read':
                    if (is_array($_POST['id'])) {
                        foreach ($_POST['id'] as $index => $message_id) {
                            self::update_message_status(
                                api_get_user_id(),
                                $message_id,
                                MESSAGE_STATUS_NEW
                            );
                        }
                    }
                    $html .= Display::return_message(
                        api_xml_http_response_encode($success_read),
                        'normal',
                        false
                    );
                    break;
                case 'delete':
                    foreach ($_POST['id'] as $index => $message_id) {
                        self::delete_message_by_user_receiver(api_get_user_id(), $message_id);
                    }
                    $html .= Display::return_message(
                        api_xml_http_response_encode($success),
                        'normal',
                        false
                    );
                    break;
                case 'deleteone':
                    self::delete_message_by_user_receiver(api_get_user_id(), $_GET['id']);
                    $html .= Display::return_message(
                        api_xml_http_response_encode($success),
                        'confirmation',
                        false
                    );
                    break;
            }
        }

        // display sortable table with messages of the current user
        $table = new SortableTable(
            'message_inbox',
            ['MessageManager', 'getNumberOfMessages'],
            ['MessageManager', 'get_message_data'],
            2,
            20,
            'DESC'
        );
        $table->set_header(0, '', false, ['style' => 'width:15px;']);
        $table->set_header(1, get_lang('Messages'), false);
        $table->set_header(2, get_lang('Date'), true, ['style' => 'width:180px;']);
        $table->set_header(3, get_lang('Modify'), false, ['style' => 'width:120px;']);

        if (isset($_REQUEST['f']) && $_REQUEST['f'] == 'social') {
            $parameters['f'] = 'social';

$parameters was never initialized. Although not strictly required by PHP, it is generally a good practice to add $parameters = array(); before regardless.

            $table->set_additional_parameters($parameters);
        }
        $table->set_form_actions(
            [
                'delete' => get_lang('DeleteSelectedMessages'),
                'mark_as_unread' => get_lang('MailMarkSelectedAsUnread'),
                'mark_as_read' => get_lang('MailMarkSelectedAsRead'),
            ]
        );
        $html .= $table->return_table();

        Session::erase('message_search_keyword');

        return $html;
    }

    /**
     * @param string $keyword
     * @return string
     */
    public static function outbox_display($keyword = '')
    {
        Session::write('message_sent_search_keyword', $keyword);
        $success = get_lang('SelectedMessagesDeleted').'&nbsp</b><br />
                    <a href="outbox.php">'.get_lang('BackToOutbox').'</a>';

        $html = '';
        if (isset($_REQUEST['action'])) {
            switch ($_REQUEST['action']) {
                case 'delete':
                    $number_of_selected_messages = count($_POST['id']);
                    if ($number_of_selected_messages != 0) {
                        foreach ($_POST['id'] as $index => $message_id) {
                            self::delete_message_by_user_receiver(
                                api_get_user_id(),
                                $message_id
                            );
                        }
                    }
                    $html .= Display::return_message(api_xml_http_response_encode($success), 'normal', false);
                    break;
                case 'deleteone':
                    self::delete_message_by_user_receiver(api_get_user_id(), $_GET['id']);
                    $html .= Display::return_message(api_xml_http_response_encode($success), 'normal', false);
                    $html .= '<br/>';
                    break;
            }
        }

        // display sortable table with messages of the current user
        $table = new SortableTable(
            'message_outbox',
            ['MessageManager', 'getNumberOfMessagesSent'],
            ['MessageManager', 'get_message_data_sent'],
            2,
            20,
            'DESC'
        );

        $table->set_header(0, '', false, ['style' => 'width:15px;']);
        $table->set_header(1, get_lang('Messages'), false);
        $table->set_header(2, get_lang('Date'), true, ['style' => 'width:180px;']);
        $table->set_header(3, get_lang('Modify'), false, ['style' => 'width:70px;']);

        $table->set_form_actions(['delete' => get_lang('DeleteSelectedMessages')]);
        $html .= $table->return_table();

        Session::erase('message_sent_search_keyword');

        return $html;
    }

    /**
     * Get the count of the last received messages for a user
     * @param int $userId The user id
     * @param int $lastId The id of the last received message
     * @return int The count of new messages
     */
    public static function countMessagesFromLastReceivedMessage($userId, $lastId = 0)
    {
        $userId = intval($userId);
        $lastId = intval($lastId);

        if (empty($userId)) {
            return 0;
        }

        $messagesTable = Database::get_main_table(TABLE_MESSAGE);

        $conditions = [
            'where' => [
                'user_receiver_id = ?' => $userId,
                'AND msg_status = ?' => MESSAGE_STATUS_UNREAD,
                'AND id > ?' => $lastId
            ]
        ];

        $result = Database::select('COUNT(1) AS qty', $messagesTable, $conditions);

        if (!empty($result)) {
            $row = current($result);

            return $row['qty'];
        }

        return 0;
    }

    /**
     * Get the data of the last received messages for a user
     * @param int $userId The user id
     * @param int $lastId The id of the last received message
     * @return array
     */
    public static function getMessagesFromLastReceivedMessage($userId, $lastId = 0)
    {
        $userId = intval($userId);
        $lastId = intval($lastId);

        if (empty($userId)) {
            return [];
        }

        $messagesTable = Database::get_main_table(TABLE_MESSAGE);
        $userTable = Database::get_main_table(TABLE_MAIN_USER);

        $sql = "SELECT m.*, u.user_id, u.lastname, u.firstname
                FROM $messagesTable as m
                INNER JOIN $userTable as u
                ON m.user_sender_id = u.user_id
                WHERE
                    m.user_receiver_id = $userId AND
                    m.msg_status = ".MESSAGE_STATUS_UNREAD."
                    AND m.id > $lastId
                ORDER BY m.send_date DESC";

        $result = Database::query($sql);

        $messages = [];
        if ($result !== false) {
            while ($row = Database::fetch_assoc($result)) {
                $messages[] = $row;
            }
        }

        return $messages;
    }

    /**
     * Check whether a message has attachments
     * @param int $messageId The message id
     * @return boolean Whether the message has attachments return true. Otherwise return false
     */
    public static function hasAttachments($messageId)
    {
        $messageId = intval($messageId);

        if (empty($messageId)) {
            return false;
        }

        $messageAttachmentTable = Database::get_main_table(TABLE_MESSAGE_ATTACHMENT);

        $conditions = [
            'where' => [
                'message_id = ?' => $messageId
            ]
        ];

        $result = Database::select(
            'COUNT(1) AS qty',
            $messageAttachmentTable,
            $conditions,
            'first'
        );

        if (!empty($result)) {
            if ($result['qty'] > 0) {
                return true;
            }
        }

        return false;
    }

    /**
     * @param string $url
     *
     * @return FormValidator
     */
    public static function getSearchForm($url)
    {
        $form = new FormValidator(
            'search',
            'post',
            $url,
            null,
            [],
            FormValidator::LAYOUT_INLINE
        );

        $form->addElement(
            'text',
            'keyword',
            false,
            [
                'aria-label' => get_lang('Search'),
            ]
        );
        $form->addButtonSearch(get_lang('Search'));

        return $form;
    }

    /**
     * Send a notification to all admins when a new user is registered
     * @param User $user
     */
    public static function sendNotificationByRegisteredUser(User $user)
    {
        $tplMailBody = new Template(
            null,
            false,
            false,
            false,
            false,
            false,
            false
        );
        $tplMailBody->assign('user', $user);
        $tplMailBody->assign('is_western_name_order', api_is_western_name_order());
        $tplMailBody->assign(
            'manageUrl',
            api_get_path(WEB_CODE_PATH).'admin/user_edit.php?user_id='.$user->getId()
        );

        $layoutContent = $tplMailBody->get_template('mail/new_user_mail_to_admin.tpl');

        $emailsubject = '['.get_lang('UserRegistered').'] '.$user->getUsername();
        $emailbody = $tplMailBody->fetch($layoutContent);

        $admins = UserManager::get_all_administrators();

        foreach ($admins as $admin_info) {
            self::send_message(
                $admin_info['user_id'],
                $emailsubject,
                $emailbody,
                [],
                [],
                null,
                null,
                null,
                null,
                $user->getId()
            );
        }
    }

    /**
     * Get the error log from failed mailing
     * This assumes a complex setup where you have a cron script regularly copying the mail queue log
     * into app/cache/mail/mailq.
     * This can be done with a cron command like (check the location of your mail log file first):
     * @example 0,30 * * * * root cp /var/log/exim4/mainlog /var/www/chamilo/app/cache/mail/mailq
     * @return array|bool
     */
    public static function failedSentMailErrors()
    {
        $base = api_get_path(SYS_ARCHIVE_PATH).'mail/';
        $mailq = $base.'mailq';

        if (!file_exists($mailq) || !is_readable($mailq)) {
            return false;
        }

        $file = fopen($mailq, 'r');
        $i = 1;
        while (!feof($file)) {

It seems like $file can also be of type false; however, parameter $handle of feof() does only seem to accept resource, maybe add an additional type check?

            $line = fgets($file);

It seems like $file can also be of type false; however, parameter $handle of fgets() does only seem to accept resource, maybe add an additional type check?

            //$line = trim($line);

            if (trim($line) == '') {
                continue;
            }

            //Get the mail code, something like 1WBumL-0002xg-FF
            if (preg_match('/(.*)\s((.*)-(.*)-(.*))\s<(.*)$/', $line, $codeMatches)) {
                $mail_queue[$i]['code'] = $codeMatches[2];
            }

            $fullMail = $base.$mail_queue[$i]['code'];

The variable $mail_queue does not seem to be defined for all execution paths leading up to this point.

            $mailFile = fopen($fullMail, 'r');

            //Get the reason of mail fail
            $iX = 1;

            while (!feof($mailFile)) {
                $mailLine = fgets($mailFile);
                #if ($iX == 4 && preg_match('/(.*):\s(.*)$/', $mailLine, $matches)) {
                if (
                    $iX == 2 &&
                    preg_match('/(.*)(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})\s(.*)/', $mailLine, $detailsMatches)
                ) {
                    $mail_queue[$i]['reason'] = $detailsMatches[3];
                }

                $iX++;
            }

            fclose($mailFile);

It seems like $mailFile can also be of type false; however, parameter $handle of fclose() does only seem to accept resource, maybe add an additional type check?

            //Get the time of mail fail
            if (preg_match('/^\s?(\d+)(\D+)\s+(.*)$/', $line, $timeMatches)) {
                $mail_queue[$i]['time'] = $timeMatches[1].$timeMatches[2];
            } elseif (preg_match('/^(\s+)((.*)@(.*))\s+(.*)$/', $line, $emailMatches)) {
                $mail_queue[$i]['mail'] = $emailMatches[2];
                $i++;
            }
        }

        fclose($file);

        return array_reverse($mail_queue);
    }

    /**
     * @param int $userId
     * @return array
     * @throws \Doctrine\DBAL\DBALException
     */
    public static function getUsersThatHadConversationWithUser($userId)
    {
        $messagesTable = Database::get_main_table(TABLE_MESSAGE);
        $userId = (int) $userId;

        $sql = "SELECT DISTINCT
                    user_sender_id
                FROM $messagesTable
                WHERE
                    user_receiver_id = ".$userId;
        $result = Database::query($sql);
        $users = Database::store_result($result);
        $userList = [];
        foreach ($users as $userData) {
            $userId = $userData['user_sender_id'];
            if (empty($userId)) {
                continue;
            }
            $userInfo = api_get_user_info($userId);
            if ($userInfo) {

The expression $userInfo of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

                $userList[$userId] = $userInfo;
            }
        }

        return $userList;
    }

    /**
     * @param int $userId
     * @param int $otherUserId
     * @return array
     * @throws \Doctrine\DBAL\DBALException
     */
    public static function getAllMessagesBetweenStudents($userId, $otherUserId)
    {
        $messagesTable = Database::get_main_table(TABLE_MESSAGE);
        $userId = (int) $userId;
        $otherUserId = (int) $otherUserId;

        if (empty($otherUserId) || empty($userId)) {
            return [];
        }

        $sql = "SELECT DISTINCT * 
                FROM $messagesTable
                WHERE
                    (user_receiver_id = $userId AND user_sender_id = $otherUserId) OR
                    (user_receiver_id = $otherUserId AND user_sender_id = $userId)
                ORDER BY send_date DESC
            ";
        $result = Database::query($sql);
        $messages = Database::store_result($result);
        $list = [];
        foreach ($messages as $message) {
            $list[] = $message;
        }

        return $list;
    }
}