Issues in course_list.php - All Issues - Inspection of "WebServices: set visibility to student work" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 1.11.x ( bce6cd...c146d9 )

by Angel Fernando Quiroz

created 2021-08-24 22:43 UTC

main/admin/course_list.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

<?php

/* For licensing terms, see /license.txt */

/**
 * This script shows a list of courses and allows searching for courses codes
 * and names.
 */
$cidReset = true;
require_once __DIR__.'/../inc/global.inc.php';
$this_section = SECTION_PLATFORM_ADMIN;
api_protect_admin_script();
$sessionId = isset($_GET['session_id']) ? $_GET['session_id'] : null;
$addTeacherColumn = api_get_configuration_value('add_teachers_in_course_list');

/**
 * Get the number of courses which will be displayed.
 *
 * @throws Exception
 *
 * @return int The number of matching courses
 */
function get_number_of_courses()
{
    return get_course_data(0, 0, 0, 0, null, true);
}

/**
 * Get course data to display.
 *
 * @param int    $from
 * @param int    $number_of_items
 * @param int    $column
 * @param string $direction
 *
 * @throws Exception
 *
 * @return array
 */
function get_course_data($from, $number_of_items, $column, $direction, $dataFunctions = [], $getCount = false)
{
    $addTeacherColumn = api_get_configuration_value('add_teachers_in_course_list');
    $table = Database::get_main_table(TABLE_MAIN_COURSE);
    $from = (int) $from;
    $number_of_items = (int) $number_of_items;
    $column = (int) $column;

    if (!in_array(strtolower($direction), ['asc', 'desc'])) {
        $direction = 'desc';
    }

    $teachers = '';
    if ($addTeacherColumn) {
        $teachers = " GROUP_CONCAT(cu.user_id SEPARATOR ',') as col7, ";
    }
    $select = "SELECT
                code AS col0,
                title AS col1,
                code AS col2,
                course_language AS col3,
                category_code AS col4,
                subscribe AS col5,
                unsubscribe AS col6,
                $teachers
                visibility,
                directory,
                visual_code,
                course.code,
                course.id ";

    if ($getCount) {
        $select = 'SELECT COUNT(DISTINCT(course.id)) as count ';
    }

    $sql = "$select FROM $table course";

    if ((api_is_platform_admin() || api_is_session_admin()) &&
        api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1
    ) {
        $access_url_rel_course_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
        $sql .= " INNER JOIN $access_url_rel_course_table url_rel_course
                  ON (course.id = url_rel_course.c_id)";
    }

    if ($addTeacherColumn) {
        $tableCourseRelUser = Database::get_main_table(TABLE_MAIN_COURSE_USER);
        $sql .= "
                LEFT JOIN $tableCourseRelUser cu
                ON (course.id = cu.c_id AND cu.status = ".COURSEMANAGER.")
            ";
    }

    if (isset($_GET['keyword'])) {
        $keyword = Database::escape_string("%".trim($_GET['keyword'])."%");
        $sql .= " WHERE (
            title LIKE '".$keyword."' OR
            code LIKE '".$keyword."' OR
            visual_code LIKE '".$keyword."'
        )
        ";
    } elseif (isset($_GET['keyword_code'])) {
        $keyword_code = Database::escape_string("%".$_GET['keyword_code']."%");
        $keyword_title = Database::escape_string("%".$_GET['keyword_title']."%");
        $keyword_category = isset($_GET['keyword_category'])
            ? Database::escape_string("%".$_GET['keyword_category']."%")
            : null;
        $keyword_language = Database::escape_string("%".$_GET['keyword_language']."%");
        $keyword_visibility = Database::escape_string("%".$_GET['keyword_visibility']."%");
        $keyword_subscribe = Database::escape_string($_GET['keyword_subscribe']);
        $keyword_unsubscribe = Database::escape_string($_GET['keyword_unsubscribe']);

        $sql .= " WHERE
                (code LIKE '".$keyword_code."' OR visual_code LIKE '".$keyword_code."') AND
                title LIKE '".$keyword_title."' AND
                course_language LIKE '".$keyword_language."' AND
                visibility LIKE '".$keyword_visibility."' AND
                subscribe LIKE '".$keyword_subscribe."' AND
                unsubscribe LIKE '".$keyword_unsubscribe."'";

        if (!empty($keyword_category)) {
            $sql .= " AND category_code LIKE '".$keyword_category."' ";
        }
    }

    // Adding the filter to see the user's only of the current access_url.
    if ((api_is_platform_admin() || api_is_session_admin()) &&
        api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1
    ) {
        $sql .= " AND url_rel_course.access_url_id = ".api_get_current_access_url_id();
    }

    if ($addTeacherColumn) {
        $teachers = isset($_GET['course_teachers']) ? $_GET['course_teachers'] : [];
        if (!empty($teachers)) {
            $teachers = array_map('intval', $teachers);
            $addNull = '';
            foreach ($teachers as $key => $teacherId) {
                if (0 === $teacherId) {
                    $addNull = 'OR cu.user_id IS NULL ';
                    unset($key);
                }
            }
            $sql .= ' AND ( cu.user_id IN ("'.implode('", "', $teachers).'") '.$addNull.' ) ';
        }

        if (false === $getCount) {
            $sql .= " GROUP BY course.id ";
        }
    }

    if ($getCount) {
        $res = Database::query($sql);
        $row = Database::fetch_array($res);
        if ($row) {
            return (int) $row['count'];
        }

        return 0;
    }

    $sql .= " ORDER BY col$column $direction ";
    $sql .= " LIMIT $from, $number_of_items";

    $res = Database::query($sql);
    $courses = [];
    $languages = api_get_languages_to_array();
    $path = api_get_path(WEB_CODE_PATH);
    $coursePath = api_get_path(WEB_COURSE_PATH);

    while ($course = Database::fetch_array($res)) {
        $courseId = $course['id'];
        $courseCode = $course['code'];

        // Place colour icons in front of courses.
        $showVisualCode = $course['visual_code'] != $courseCode ? Display::label($course['visual_code'], 'info') : null;
        $course[1] = get_course_visibility_icon($course['visibility']).PHP_EOL
            .Display::url(Security::remove_XSS($course[1]), $coursePath.$course['directory'].'/index.php').PHP_EOL
            .$showVisualCode;
        $course[5] = $course[5] == SUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
        $course[6] = $course[6] == UNSUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
        $language = isset($languages[$course[3]]) ? $languages[$course[3]] : $course[3];

        $actions = [];
        $actions[] = Display::url(
            Display::return_icon('info2.png', get_lang('Info')),
            "course_information.php?code=$courseCode"
        );
        $actions[] = Display::url(
            Display::return_icon('course_home.png', get_lang('CourseHomepage')),
            $coursePath.$course['directory'].'/index.php'
        );
        $actions[] = Display::url(
            Display::return_icon('statistics.png', get_lang('Tracking')),
            $path.'tracking/courseLog.php?'.api_get_cidreq_params($courseCode)
        );
        $actions[] = Display::url(
            Display::return_icon('edit.png', get_lang('Edit')),
            $path.'admin/course_edit.php?id='.$courseId
        );
        $actions[] = Display::url(
            Display::return_icon('backup.png', get_lang('CreateBackup')),
            $path.'coursecopy/create_backup.php?'.api_get_cidreq_params($courseCode)
        );
        $actions[] = Display::url(
            Display::return_icon('delete.png', get_lang('Delete')),
            $path.'admin/course_list.php?delete_course='.$courseCode,
            [
                'onclick' => "javascript: if (!confirm('"
                    .addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."')) return false;",
            ]
        );
        $courseItem = [
            $course[0],
            $course[1],
            $course[2],
            $language,
            $course[4],
            $course[5],
            $course[6],
        ];

        if ($addTeacherColumn) {
            $teacherIdList = array_filter(explode(',', $course[7]));
            $teacherList = [];
            if (!empty($teacherIdList)) {
                foreach ($teacherIdList as $teacherId) {
                    $userInfo = api_get_user_info($teacherId);
                    if ($userInfo) {
                        $teacherList[] = $userInfo['complete_name'];
                    }
                }
            }
            $courseItem[] = implode(', ', $teacherList);
        }
        $courseItem[] = implode(PHP_EOL, $actions);
        $courses[] = $courseItem;
    }

    return $courses;
}

/**
 * Get course data to display filtered by session name.
 *
 * @param int    $from
 * @param int    $number_of_items
 * @param int    $column
 * @param string $direction
 *
 * @throws Exception
 *
 * @return array
 */
function get_course_data_by_session($from, $number_of_items, $column, $direction)
{
    $course_table = Database::get_main_table(TABLE_MAIN_COURSE);
    $session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
    $session = Database::get_main_table(TABLE_MAIN_SESSION);

    $from = (int) $from;
    $number_of_items = (int) $number_of_items;
    $column = (int) $column;

    if (!in_array(strtolower($direction), ['asc', 'desc'])) {
        $direction = 'desc';
    }

    $sql = "SELECT
                c.code AS col0,
                c.title AS col1,
                c.code AS col2,
                c.course_language AS col3,
                c.category_code AS col4,
                c.subscribe AS col5,
                c.unsubscribe AS col6,
                c.code AS col7,
                c.visibility AS col8,
                c.directory as col9,
                c.visual_code
            FROM $course_table c
            INNER JOIN $session_rel_course r
            ON c.id = r.c_id
            INNER JOIN $session s
            ON r.session_id = s.id
            ";

    if (isset($_GET['session_id']) && !empty($_GET['session_id'])) {
        $sessionId = (int) $_GET['session_id'];
        $sql .= " WHERE s.id = ".$sessionId;
    }

    $sql .= " ORDER BY col$column $direction ";
    $sql .= " LIMIT $from,$number_of_items";
    $res = Database::query($sql);

    $courseUrl = api_get_path(WEB_COURSE_PATH);
    $courses = [];
    while ($course = Database::fetch_array($res)) {
        // Place colour icons in front of courses.
        $showVisualCode = $course['visual_code'] != $course[2] ? Display::label($course['visual_code'], 'info') : null;
        $course[1] = get_course_visibility_icon($course[8]).
            '<a href="'.$courseUrl.$course[9].'/index.php">'.
            $course[1].
            '</a> '.
            $showVisualCode;
        $course[5] = $course[5] == SUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
        $course[6] = $course[6] == UNSUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
        $row = [
            $course[0],
            $course[1],
            $course[2],
            $course[3],
            $course[4],
            $course[5],
            $course[6],
            $course[7],
        ];
        $courses[] = $row;
    }

    return $courses;
}

/**
 * Return an icon representing the visibility of the course.
 *
 * @param string $visibility
 *
 * @return string
 */
function get_course_visibility_icon($visibility)
{
    $style = 'margin-bottom:0;margin-right:5px;';
    switch ($visibility) {
        case 0:
            return Display::return_icon(
                'bullet_red.png',
                get_lang('CourseVisibilityClosed'),
                ['style' => $style]
            );
            break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
        case 1:
            return Display::return_icon(
                'bullet_orange.png',
                get_lang('Private'),
                ['style' => $style]
            );
            break;
        case 2:
            return Display::return_icon(
                'bullet_green.png',
                get_lang('OpenToThePlatform'),
                ['style' => $style]
            );
            break;
        case 3:
            return Display::return_icon(
                'bullet_blue.png',
                get_lang('OpenToTheWorld'),
                ['style' => $style]
            );
            break;
        case 4:
            return Display::return_icon(
                'bullet_grey.png',
                get_lang('CourseVisibilityHidden'),
                ['style' => $style]
            );
            break;
        default:
            return '';
    }
}

if (isset($_POST['action'])) {
    switch ($_POST['action']) {
        // Delete selected courses
        case 'delete_courses':
            if (!empty($_POST['course'])) {
                $course_codes = $_POST['course'];
                if (count($course_codes) > 0) {
                    foreach ($course_codes as $course_code) {
                        CourseManager::delete_course($course_code);
                    }
                }

                Display::addFlash(Display::return_message(get_lang('Deleted')));
            }
            break;
    }
}
$content = '';
$message = '';
$actions = '';

if (isset($_GET['search']) && $_GET['search'] === 'advanced') {
    // Get all course categories
    $interbreadcrumb[] = [
        'url' => 'index.php',
        'name' => get_lang('PlatformAdmin'),
    ];
    $interbreadcrumb[] = [
        'url' => 'course_list.php',
        'name' => get_lang('CourseList'),
    ];
    $tool_name = get_lang('SearchACourse');
    $form = new FormValidator('advanced_course_search', 'get');
    $form->addElement('header', $tool_name);
    $form->addText('keyword_code', get_lang('CourseCode'), false);
    $form->addText('keyword_title', get_lang('Title'), false);

    // Category code
    $url = api_get_path(WEB_AJAX_PATH).'course.ajax.php?a=search_category';

    $form->addElement(
        'select_ajax',
        'keyword_category',
        get_lang('CourseFaculty'),
        null,
        [
            'url' => $url,
        ]
    );

    $el = $form->addSelectLanguage('keyword_language', get_lang('CourseLanguage'));
    $el->addOption(get_lang('All'), '%');

    if ($addTeacherColumn) {
        $form->addSelectAjax(
            'course_teachers',
            get_lang('CourseTeachers'),
            [0 => get_lang('None')],
            [
                'url' => api_get_path(WEB_AJAX_PATH).'user_manager.ajax.php?a=teacher_to_basis_course',
                'id' => 'course_teachers',
                'multiple' => 'multiple',
            ]
        );
        $form->addLabel('', '<button id="set_none_teacher" class="btn ">'.get_lang('None').'</button>');
    }

    $form->addElement('radio', 'keyword_visibility', get_lang('CourseAccess'), get_lang('OpenToTheWorld'), COURSE_VISIBILITY_OPEN_WORLD);
    $form->addElement('radio', 'keyword_visibility', null, get_lang('OpenToThePlatform'), COURSE_VISIBILITY_OPEN_PLATFORM);
    $form->addElement('radio', 'keyword_visibility', null, get_lang('Private'), COURSE_VISIBILITY_REGISTERED);
    $form->addElement('radio', 'keyword_visibility', null, get_lang('CourseVisibilityClosed'), COURSE_VISIBILITY_CLOSED);
    $form->addElement('radio', 'keyword_visibility', null, get_lang('CourseVisibilityHidden'), COURSE_VISIBILITY_HIDDEN);
    $form->addElement('radio', 'keyword_visibility', null, get_lang('All'), '%');
    $form->addElement('radio', 'keyword_subscribe', get_lang('Subscription'), get_lang('Allowed'), 1);
    $form->addElement('radio', 'keyword_subscribe', null, get_lang('Denied'), 0);
    $form->addElement('radio', 'keyword_subscribe', null, get_lang('All'), '%');
    $form->addElement('radio', 'keyword_unsubscribe', get_lang('Unsubscription'), get_lang('AllowedToUnsubscribe'), 1);
    $form->addElement('radio', 'keyword_unsubscribe', null, get_lang('NotAllowedToUnsubscribe'), 0);
    $form->addElement('radio', 'keyword_unsubscribe', null, get_lang('All'), '%');
    $form->addButtonSearch(get_lang('SearchCourse'));
    $defaults['keyword_language'] = '%';
    $defaults['keyword_visibility'] = '%';
    $defaults['keyword_subscribe'] = '%';
    $defaults['keyword_unsubscribe'] = '%';
    $form->setDefaults($defaults);
    $content .= $form->returnForm();
} else {
    $interbreadcrumb[] = [
        'url' => 'index.php',
        'name' => get_lang('PlatformAdmin'),
    ];
    $tool_name = get_lang('CourseList');
    if (isset($_GET['delete_course'])) {
        $result = CourseManager::delete_course($_GET['delete_course']);
        if ($result) {
            Display::addFlash(Display::return_message(get_lang('Deleted')));
        }
    }
    // Create a search-box
    $form = new FormValidator(
        'search_simple',
        'get',
        '',
        '',
        [],
        FormValidator::LAYOUT_INLINE
    );
    $form->addElement(
        'text',
        'keyword',
        null,
        ['id' => 'course-search-keyword', 'aria-label' => get_lang('SearchCourse')]
    );
    $form->addButtonSearch(get_lang('SearchCourse'));
    $advanced = '<a class="btn btn-default" href="'.api_get_path(WEB_CODE_PATH).'admin/course_list.php?search=advanced">
        <em class="fa fa-search"></em> '.
        get_lang('AdvancedSearch').'</a>';

    // Create a filter by session
    $sessionFilter = new FormValidator(
        'course_filter',
        'get',
        '',
        '',
        [],
        FormValidator::LAYOUT_INLINE
    );
    $url = api_get_path(WEB_AJAX_PATH).'session.ajax.php?a=search_session';
    $sessionSelect = $sessionFilter->addElement(
        'select_ajax',
        'session_name',
        get_lang('SearchCourseBySession'),
        null,
        ['id' => 'session_name', 'url' => $url]
    );

    if (!empty($sessionId)) {
        $sessionInfo = SessionManager::fetch($sessionId);
        $sessionSelect->addOption(
            $sessionInfo['name'],
            $sessionInfo['id'],
            ['selected' => 'selected']
        );
    }

    $courseListUrl = api_get_self();
    $actions1 = Display::url(
        Display::return_icon(
            'new_course.png',
            get_lang('AddCourse'),
            [],
            ICON_SIZE_MEDIUM
        ),
        api_get_path(WEB_CODE_PATH).'admin/course_add.php'
    );

    if (api_get_setting('course_validation') === 'true') {
        $actions1 .= Display::url(
            Display::return_icon(
                'course_request_pending.png',
                get_lang('ReviewCourseRequests'),
                [],
                ICON_SIZE_MEDIUM
            ),
            api_get_path(WEB_CODE_PATH).'admin/course_request_review.php'
        );
    }

    $actions2 = $form->returnForm();
    $actions3 = $sessionFilter->returnForm();
    $actions4 = $advanced;
    $actions4 .= '
    <script>
        $(function() {
            $("#session_name").on("change", function() {
                var sessionId = $(this).val();
                if (!sessionId) {
                    return;
                }

                window.location = "'.$courseListUrl.'?session_id="+sessionId;
            });
        });
    </script>';

    $actions = Display::toolbarAction(
        'toolbar',
        [$actions1, $actions2, $actions3, $actions4],
        [2, 4, 3, 3]
    );

    if (!empty($sessionId)) {
        // Create a sortable table with the course data filtered by session
        $table = new SortableTable(
            'courses',
            'get_number_of_courses',
            'get_course_data_by_session',
            2
        );
    } else {
        // Create a sortable table with the course data
        $table = new SortableTable(
            'courses',
            'get_number_of_courses',
            'get_course_data',
            2,
            20,
            'ASC',
            'course-list'
        );
    }

    $parameters = [];
    if (isset($_GET['keyword'])) {
        $parameters = ['keyword' => Security::remove_XSS($_GET['keyword'])];
    } elseif (isset($_GET['keyword_code'])) {
        $parameters['keyword_code'] = Security::remove_XSS($_GET['keyword_code']);
        $parameters['keyword_title'] = Security::remove_XSS($_GET['keyword_title']);
        if (isset($_GET['keyword_category'])) {
            $parameters['keyword_category'] = Security::remove_XSS($_GET['keyword_category']);
        }
        $parameters['keyword_language'] = Security::remove_XSS($_GET['keyword_language']);
        $parameters['keyword_visibility'] = Security::remove_XSS($_GET['keyword_visibility']);
        $parameters['keyword_subscribe'] = Security::remove_XSS($_GET['keyword_subscribe']);
        $parameters['keyword_unsubscribe'] = Security::remove_XSS($_GET['keyword_unsubscribe']);
    }

    if (isset($_GET['course_teachers'])) {
        $parsed = array_map('intval', $_GET['course_teachers']);
        $parameters["course_teachers"] = '';
        foreach ($parsed as $key => $teacherId) {
            $parameters["course_teachers[$key]"] = $teacherId;
        }
    }

    $table->set_additional_parameters($parameters);
    $column = 0;
    $table->set_header($column++, '', false, 'width="8px"');
    $table->set_header($column++, get_lang('Title'), true, null, ['class' => 'title']);
    $table->set_header($column++, get_lang('Code'));
    $table->set_header($column++, get_lang('Language'), false, 'width="70px"');
    $table->set_header($column++, get_lang('Category'));
    $table->set_header($column++, get_lang('SubscriptionAllowed'), true, 'width="60px"');
    $table->set_header($column++, get_lang('UnsubscriptionAllowed'), false, 'width="50px"');
    if ($addTeacherColumn) {
        $table->set_header($column++, get_lang('Teachers'), true);
    }
    $table->set_header(
        $column++,
        get_lang('Action'),
        false,
        null,
        ['class' => 'td_actions']
    );
    $table->set_form_actions(
        ['delete_courses' => get_lang('DeleteCourse')],
        'course'
    );

    $tab = CourseManager::getCourseListTabs('simple');

    $content .= $tab.$table->return_table();
}

$htmlHeadXtra[] = '
<script>
$(function() {
    $("#set_none_teacher").on("click", function () {
        $("#course_teachers").val("0").trigger("change");

        return false;
    });
});
</script>';

$tpl = new Template($tool_name);
$tpl->assign('actions', $actions);
$tpl->assign('message', $message);
$tpl->assign('content', $content);
$tpl->display_one_col_template();


1			<?php
2
3			/* For licensing terms, see /license.txt */
4
5			/**
6			* This script shows a list of courses and allows searching for courses codes
7			* and names.
8			*/
9			$cidReset = true;
10			require_once __DIR__.'/../inc/global.inc.php';
11			$this_section = SECTION_PLATFORM_ADMIN;
12			api_protect_admin_script();
13			$sessionId = isset($_GET['session_id']) ? $_GET['session_id'] : null;
14			$addTeacherColumn = api_get_configuration_value('add_teachers_in_course_list');
15
16			/**
17			* Get the number of courses which will be displayed.
18			*
19			* @throws Exception
20			*
21			* @return int The number of matching courses
22			*/
23			function get_number_of_courses()
24			{
25			return get_course_data(0, 0, 0, 0, null, true);
26			}
27
28			/**
29			* Get course data to display.
30			*
31			* @param int $from
32			* @param int $number_of_items
33			* @param int $column
34			* @param string $direction
35			*
36			* @throws Exception
37			*
38			* @return array
39			*/
40			function get_course_data($from, $number_of_items, $column, $direction, $dataFunctions = [], $getCount = false)
41			{
42			$addTeacherColumn = api_get_configuration_value('add_teachers_in_course_list');
43			$table = Database::get_main_table(TABLE_MAIN_COURSE);
44			$from = (int) $from;
45			$number_of_items = (int) $number_of_items;
46			$column = (int) $column;
47
48			if (!in_array(strtolower($direction), ['asc', 'desc'])) {
49			$direction = 'desc';
50			}
51
52			$teachers = '';
53			if ($addTeacherColumn) {
54			$teachers = " GROUP_CONCAT(cu.user_id SEPARATOR ',') as col7, ";
55			}
56			$select = "SELECT
57			code AS col0,
58			title AS col1,
59			code AS col2,
60			course_language AS col3,
61			category_code AS col4,
62			subscribe AS col5,
63			unsubscribe AS col6,
64			$teachers
65			visibility,
66			directory,
67			visual_code,
68			course.code,
69			course.id ";
70
71			if ($getCount) {
72			$select = 'SELECT COUNT(DISTINCT(course.id)) as count ';
73			}
74
75			$sql = "$select FROM $table course";
76
77			if ((api_is_platform_admin() \|\| api_is_session_admin()) &&
78			api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1
79			) {
80			$access_url_rel_course_table = Database::get_main_table(TABLE_MAIN_ACCESS_URL_REL_COURSE);
81			$sql .= " INNER JOIN $access_url_rel_course_table url_rel_course
82			ON (course.id = url_rel_course.c_id)";
83			}
84
85			if ($addTeacherColumn) {
86			$tableCourseRelUser = Database::get_main_table(TABLE_MAIN_COURSE_USER);
87			$sql .= "
88			LEFT JOIN $tableCourseRelUser cu
89			ON (course.id = cu.c_id AND cu.status = ".COURSEMANAGER.")
90			";
91			}
92
93			if (isset($_GET['keyword'])) {
94			$keyword = Database::escape_string("%".trim($_GET['keyword'])."%");
95			$sql .= " WHERE (
96			title LIKE '".$keyword."' OR
97			code LIKE '".$keyword."' OR
98			visual_code LIKE '".$keyword."'
99			)
100			";
101			} elseif (isset($_GET['keyword_code'])) {
102			$keyword_code = Database::escape_string("%".$_GET['keyword_code']."%");
103			$keyword_title = Database::escape_string("%".$_GET['keyword_title']."%");
104			$keyword_category = isset($_GET['keyword_category'])
105			? Database::escape_string("%".$_GET['keyword_category']."%")
106			: null;
107			$keyword_language = Database::escape_string("%".$_GET['keyword_language']."%");
108			$keyword_visibility = Database::escape_string("%".$_GET['keyword_visibility']."%");
109			$keyword_subscribe = Database::escape_string($_GET['keyword_subscribe']);
110			$keyword_unsubscribe = Database::escape_string($_GET['keyword_unsubscribe']);
111
112			$sql .= " WHERE
113			(code LIKE '".$keyword_code."' OR visual_code LIKE '".$keyword_code."') AND
114			title LIKE '".$keyword_title."' AND
115			course_language LIKE '".$keyword_language."' AND
116			visibility LIKE '".$keyword_visibility."' AND
117			subscribe LIKE '".$keyword_subscribe."' AND
118			unsubscribe LIKE '".$keyword_unsubscribe."'";
119
120			if (!empty($keyword_category)) {
121			$sql .= " AND category_code LIKE '".$keyword_category."' ";
122			}
123			}
124
125			// Adding the filter to see the user's only of the current access_url.
126			if ((api_is_platform_admin() \|\| api_is_session_admin()) &&
127			api_is_multiple_url_enabled() && api_get_current_access_url_id() != -1
128			) {
129			$sql .= " AND url_rel_course.access_url_id = ".api_get_current_access_url_id();
130			}
131
132			if ($addTeacherColumn) {
133			$teachers = isset($_GET['course_teachers']) ? $_GET['course_teachers'] : [];
134			if (!empty($teachers)) {
135			$teachers = array_map('intval', $teachers);
136			$addNull = '';
137			foreach ($teachers as $key => $teacherId) {
138			if (0 === $teacherId) {
139			$addNull = 'OR cu.user_id IS NULL ';
140			unset($key);
141			}
142			}
143			$sql .= ' AND ( cu.user_id IN ("'.implode('", "', $teachers).'") '.$addNull.' ) ';
144			}
145
146			if (false === $getCount) {
147			$sql .= " GROUP BY course.id ";
148			}
149			}
150
151			if ($getCount) {
152			$res = Database::query($sql);
153			$row = Database::fetch_array($res);
154			if ($row) {
155			return (int) $row['count'];
156			}
157
158			return 0;
159			}
160
161			$sql .= " ORDER BY col$column $direction ";
162			$sql .= " LIMIT $from, $number_of_items";
163
164			$res = Database::query($sql);
165			$courses = [];
166			$languages = api_get_languages_to_array();
167			$path = api_get_path(WEB_CODE_PATH);
168			$coursePath = api_get_path(WEB_COURSE_PATH);
169
170			while ($course = Database::fetch_array($res)) {
171			$courseId = $course['id'];
172			$courseCode = $course['code'];
173
174			// Place colour icons in front of courses.
175			$showVisualCode = $course['visual_code'] != $courseCode ? Display::label($course['visual_code'], 'info') : null;
176			$course[1] = get_course_visibility_icon($course['visibility']).PHP_EOL
177			.Display::url(Security::remove_XSS($course[1]), $coursePath.$course['directory'].'/index.php').PHP_EOL
178			.$showVisualCode;
179			$course[5] = $course[5] == SUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
180			$course[6] = $course[6] == UNSUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
181			$language = isset($languages[$course[3]]) ? $languages[$course[3]] : $course[3];
182
183			$actions = [];
184			$actions[] = Display::url(
185			Display::return_icon('info2.png', get_lang('Info')),
186			"course_information.php?code=$courseCode"
187			);
188			$actions[] = Display::url(
189			Display::return_icon('course_home.png', get_lang('CourseHomepage')),
190			$coursePath.$course['directory'].'/index.php'
191			);
192			$actions[] = Display::url(
193			Display::return_icon('statistics.png', get_lang('Tracking')),
194			$path.'tracking/courseLog.php?'.api_get_cidreq_params($courseCode)
195			);
196			$actions[] = Display::url(
197			Display::return_icon('edit.png', get_lang('Edit')),
198			$path.'admin/course_edit.php?id='.$courseId
199			);
200			$actions[] = Display::url(
201			Display::return_icon('backup.png', get_lang('CreateBackup')),
202			$path.'coursecopy/create_backup.php?'.api_get_cidreq_params($courseCode)
203			);
204			$actions[] = Display::url(
205			Display::return_icon('delete.png', get_lang('Delete')),
206			$path.'admin/course_list.php?delete_course='.$courseCode,
207			[
208			'onclick' => "javascript: if (!confirm('"
209			.addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."')) return false;",
210			]
211			);
212			$courseItem = [
213			$course[0],
214			$course[1],
215			$course[2],
216			$language,
217			$course[4],
218			$course[5],
219			$course[6],
220			];
221
222			if ($addTeacherColumn) {
223			$teacherIdList = array_filter(explode(',', $course[7]));
224			$teacherList = [];
225			if (!empty($teacherIdList)) {
226			foreach ($teacherIdList as $teacherId) {
227			$userInfo = api_get_user_info($teacherId);
228			if ($userInfo) {
229			$teacherList[] = $userInfo['complete_name'];
230			}
231			}
232			}
233			$courseItem[] = implode(', ', $teacherList);
234			}
235			$courseItem[] = implode(PHP_EOL, $actions);
236			$courses[] = $courseItem;
237			}
238
239			return $courses;
240			}
241
242			/**
243			* Get course data to display filtered by session name.
244			*
245			* @param int $from
246			* @param int $number_of_items
247			* @param int $column
248			* @param string $direction
249			*
250			* @throws Exception
251			*
252			* @return array
253			*/
254			function get_course_data_by_session($from, $number_of_items, $column, $direction)
255			{
256			$course_table = Database::get_main_table(TABLE_MAIN_COURSE);
257			$session_rel_course = Database::get_main_table(TABLE_MAIN_SESSION_COURSE);
258			$session = Database::get_main_table(TABLE_MAIN_SESSION);
259
260			$from = (int) $from;
261			$number_of_items = (int) $number_of_items;
262			$column = (int) $column;
263
264			if (!in_array(strtolower($direction), ['asc', 'desc'])) {
265			$direction = 'desc';
266			}
267
268			$sql = "SELECT
269			c.code AS col0,
270			c.title AS col1,
271			c.code AS col2,
272			c.course_language AS col3,
273			c.category_code AS col4,
274			c.subscribe AS col5,
275			c.unsubscribe AS col6,
276			c.code AS col7,
277			c.visibility AS col8,
278			c.directory as col9,
279			c.visual_code
280			FROM $course_table c
281			INNER JOIN $session_rel_course r
282			ON c.id = r.c_id
283			INNER JOIN $session s
284			ON r.session_id = s.id
285			";
286
287			if (isset($_GET['session_id']) && !empty($_GET['session_id'])) {
288			$sessionId = (int) $_GET['session_id'];
289			$sql .= " WHERE s.id = ".$sessionId;
290			}
291
292			$sql .= " ORDER BY col$column $direction ";
293			$sql .= " LIMIT $from,$number_of_items";
294			$res = Database::query($sql);
295
296			$courseUrl = api_get_path(WEB_COURSE_PATH);
297			$courses = [];
298			while ($course = Database::fetch_array($res)) {
299			// Place colour icons in front of courses.
300			$showVisualCode = $course['visual_code'] != $course[2] ? Display::label($course['visual_code'], 'info') : null;
301			$course[1] = get_course_visibility_icon($course[8]).
302			'<a href="'.$courseUrl.$course[9].'/index.php">'.
303			$course[1].
304			'</a> '.
305			$showVisualCode;
306			$course[5] = $course[5] == SUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
307			$course[6] = $course[6] == UNSUBSCRIBE_ALLOWED ? get_lang('Yes') : get_lang('No');
308			$row = [
309			$course[0],
310			$course[1],
311			$course[2],
312			$course[3],
313			$course[4],
314			$course[5],
315			$course[6],
316			$course[7],
317			];
318			$courses[] = $row;
319			}
320
321			return $courses;
322			}
323
324			/**
325			* Return an icon representing the visibility of the course.
326			*
327			* @param string $visibility
328			*
329			* @return string
330			*/
331			function get_course_visibility_icon($visibility)
332			{
333			$style = 'margin-bottom:0;margin-right:5px;';
334			switch ($visibility) {
335			case 0:
336			return Display::return_icon(
337			'bullet_red.png',
338			get_lang('CourseVisibilityClosed'),
339			['style' => $style]
340			);
341			break;
			0 ignored issues – show Unused Code introduced 2018-01-05 13:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
342			case 1:
343			return Display::return_icon(
344			'bullet_orange.png',
345			get_lang('Private'),
346			['style' => $style]
347			);
348			break;
349			case 2:
350			return Display::return_icon(
351			'bullet_green.png',
352			get_lang('OpenToThePlatform'),
353			['style' => $style]
354			);
355			break;
356			case 3:
357			return Display::return_icon(
358			'bullet_blue.png',
359			get_lang('OpenToTheWorld'),
360			['style' => $style]
361			);
362			break;
363			case 4:
364			return Display::return_icon(
365			'bullet_grey.png',
366			get_lang('CourseVisibilityHidden'),
367			['style' => $style]
368			);
369			break;
370			default:
371			return '';
372			}
373			}
374
375			if (isset($_POST['action'])) {
376			switch ($_POST['action']) {
377			// Delete selected courses
378			case 'delete_courses':
379			if (!empty($_POST['course'])) {
380			$course_codes = $_POST['course'];
381			if (count($course_codes) > 0) {
382			foreach ($course_codes as $course_code) {
383			CourseManager::delete_course($course_code);
384			}
385			}
386
387			Display::addFlash(Display::return_message(get_lang('Deleted')));
388			}
389			break;
390			}
391			}
392			$content = '';
393			$message = '';
394			$actions = '';
395
396			if (isset($_GET['search']) && $_GET['search'] === 'advanced') {
397			// Get all course categories
398			$interbreadcrumb[] = [
399			'url' => 'index.php',
400			'name' => get_lang('PlatformAdmin'),
401			];
402			$interbreadcrumb[] = [
403			'url' => 'course_list.php',
404			'name' => get_lang('CourseList'),
405			];
406			$tool_name = get_lang('SearchACourse');
407			$form = new FormValidator('advanced_course_search', 'get');
408			$form->addElement('header', $tool_name);
409			$form->addText('keyword_code', get_lang('CourseCode'), false);
410			$form->addText('keyword_title', get_lang('Title'), false);
411
412			// Category code
413			$url = api_get_path(WEB_AJAX_PATH).'course.ajax.php?a=search_category';
414
415			$form->addElement(
416			'select_ajax',
417			'keyword_category',
418			get_lang('CourseFaculty'),
419			null,
420			[
421			'url' => $url,
422			]
423			);
424
425			$el = $form->addSelectLanguage('keyword_language', get_lang('CourseLanguage'));
426			$el->addOption(get_lang('All'), '%');
427
428			if ($addTeacherColumn) {
429			$form->addSelectAjax(
430			'course_teachers',
431			get_lang('CourseTeachers'),
432			[0 => get_lang('None')],
433			[
434			'url' => api_get_path(WEB_AJAX_PATH).'user_manager.ajax.php?a=teacher_to_basis_course',
435			'id' => 'course_teachers',
436			'multiple' => 'multiple',
437			]
438			);
439			$form->addLabel('', '<button id="set_none_teacher" class="btn ">'.get_lang('None').'</button>');
440			}
441
442			$form->addElement('radio', 'keyword_visibility', get_lang('CourseAccess'), get_lang('OpenToTheWorld'), COURSE_VISIBILITY_OPEN_WORLD);
443			$form->addElement('radio', 'keyword_visibility', null, get_lang('OpenToThePlatform'), COURSE_VISIBILITY_OPEN_PLATFORM);
444			$form->addElement('radio', 'keyword_visibility', null, get_lang('Private'), COURSE_VISIBILITY_REGISTERED);
445			$form->addElement('radio', 'keyword_visibility', null, get_lang('CourseVisibilityClosed'), COURSE_VISIBILITY_CLOSED);
446			$form->addElement('radio', 'keyword_visibility', null, get_lang('CourseVisibilityHidden'), COURSE_VISIBILITY_HIDDEN);
447			$form->addElement('radio', 'keyword_visibility', null, get_lang('All'), '%');
448			$form->addElement('radio', 'keyword_subscribe', get_lang('Subscription'), get_lang('Allowed'), 1);
449			$form->addElement('radio', 'keyword_subscribe', null, get_lang('Denied'), 0);
450			$form->addElement('radio', 'keyword_subscribe', null, get_lang('All'), '%');
451			$form->addElement('radio', 'keyword_unsubscribe', get_lang('Unsubscription'), get_lang('AllowedToUnsubscribe'), 1);
452			$form->addElement('radio', 'keyword_unsubscribe', null, get_lang('NotAllowedToUnsubscribe'), 0);
453			$form->addElement('radio', 'keyword_unsubscribe', null, get_lang('All'), '%');
454			$form->addButtonSearch(get_lang('SearchCourse'));
455			$defaults['keyword_language'] = '%';
456			$defaults['keyword_visibility'] = '%';
457			$defaults['keyword_subscribe'] = '%';
458			$defaults['keyword_unsubscribe'] = '%';
459			$form->setDefaults($defaults);
460			$content .= $form->returnForm();
461			} else {
462			$interbreadcrumb[] = [
463			'url' => 'index.php',
464			'name' => get_lang('PlatformAdmin'),
465			];
466			$tool_name = get_lang('CourseList');
467			if (isset($_GET['delete_course'])) {
468			$result = CourseManager::delete_course($_GET['delete_course']);
469			if ($result) {
470			Display::addFlash(Display::return_message(get_lang('Deleted')));
471			}
472			}
473			// Create a search-box
474			$form = new FormValidator(
475			'search_simple',
476			'get',
477			'',
478			'',
479			[],
480			FormValidator::LAYOUT_INLINE
481			);
482			$form->addElement(
483			'text',
484			'keyword',
485			null,
486			['id' => 'course-search-keyword', 'aria-label' => get_lang('SearchCourse')]
487			);
488			$form->addButtonSearch(get_lang('SearchCourse'));
489			$advanced = '<a class="btn btn-default" href="'.api_get_path(WEB_CODE_PATH).'admin/course_list.php?search=advanced">
490			<em class="fa fa-search"></em> '.
491			get_lang('AdvancedSearch').'</a>';
492
493			// Create a filter by session
494			$sessionFilter = new FormValidator(
495			'course_filter',
496			'get',
497			'',
498			'',
499			[],
500			FormValidator::LAYOUT_INLINE
501			);
502			$url = api_get_path(WEB_AJAX_PATH).'session.ajax.php?a=search_session';
503			$sessionSelect = $sessionFilter->addElement(
504			'select_ajax',
505			'session_name',
506			get_lang('SearchCourseBySession'),
507			null,
508			['id' => 'session_name', 'url' => $url]
509			);
510
511			if (!empty($sessionId)) {
512			$sessionInfo = SessionManager::fetch($sessionId);
513			$sessionSelect->addOption(
514			$sessionInfo['name'],
515			$sessionInfo['id'],
516			['selected' => 'selected']
517			);
518			}
519
520			$courseListUrl = api_get_self();
521			$actions1 = Display::url(
522			Display::return_icon(
523			'new_course.png',
524			get_lang('AddCourse'),
525			[],
526			ICON_SIZE_MEDIUM
527			),
528			api_get_path(WEB_CODE_PATH).'admin/course_add.php'
529			);
530
531			if (api_get_setting('course_validation') === 'true') {
532			$actions1 .= Display::url(
533			Display::return_icon(
534			'course_request_pending.png',
535			get_lang('ReviewCourseRequests'),
536			[],
537			ICON_SIZE_MEDIUM
538			),
539			api_get_path(WEB_CODE_PATH).'admin/course_request_review.php'
540			);
541			}
542
543			$actions2 = $form->returnForm();
544			$actions3 = $sessionFilter->returnForm();
545			$actions4 = $advanced;
546			$actions4 .= '
547			<script>
548			$(function() {
549			$("#session_name").on("change", function() {
550			var sessionId = $(this).val();
551			if (!sessionId) {
552			return;
553			}
554
555			window.location = "'.$courseListUrl.'?session_id="+sessionId;
556			});
557			});
558			</script>';
559
560			$actions = Display::toolbarAction(
561			'toolbar',
562			[$actions1, $actions2, $actions3, $actions4],
563			[2, 4, 3, 3]
564			);
565
566			if (!empty($sessionId)) {
567			// Create a sortable table with the course data filtered by session
568			$table = new SortableTable(
569			'courses',
570			'get_number_of_courses',
571			'get_course_data_by_session',
572			2
573			);
574			} else {
575			// Create a sortable table with the course data
576			$table = new SortableTable(
577			'courses',
578			'get_number_of_courses',
579			'get_course_data',
580			2,
581			20,
582			'ASC',
583			'course-list'
584			);
585			}
586
587			$parameters = [];
588			if (isset($_GET['keyword'])) {
589			$parameters = ['keyword' => Security::remove_XSS($_GET['keyword'])];
590			} elseif (isset($_GET['keyword_code'])) {
591			$parameters['keyword_code'] = Security::remove_XSS($_GET['keyword_code']);
592			$parameters['keyword_title'] = Security::remove_XSS($_GET['keyword_title']);
593			if (isset($_GET['keyword_category'])) {
594			$parameters['keyword_category'] = Security::remove_XSS($_GET['keyword_category']);
595			}
596			$parameters['keyword_language'] = Security::remove_XSS($_GET['keyword_language']);
597			$parameters['keyword_visibility'] = Security::remove_XSS($_GET['keyword_visibility']);
598			$parameters['keyword_subscribe'] = Security::remove_XSS($_GET['keyword_subscribe']);
599			$parameters['keyword_unsubscribe'] = Security::remove_XSS($_GET['keyword_unsubscribe']);
600			}
601
602			if (isset($_GET['course_teachers'])) {
603			$parsed = array_map('intval', $_GET['course_teachers']);
604			$parameters["course_teachers"] = '';
605			foreach ($parsed as $key => $teacherId) {
606			$parameters["course_teachers[$key]"] = $teacherId;
607			}
608			}
609
610			$table->set_additional_parameters($parameters);
611			$column = 0;
612			$table->set_header($column++, '', false, 'width="8px"');
613			$table->set_header($column++, get_lang('Title'), true, null, ['class' => 'title']);
614			$table->set_header($column++, get_lang('Code'));
615			$table->set_header($column++, get_lang('Language'), false, 'width="70px"');
616			$table->set_header($column++, get_lang('Category'));
617			$table->set_header($column++, get_lang('SubscriptionAllowed'), true, 'width="60px"');
618			$table->set_header($column++, get_lang('UnsubscriptionAllowed'), false, 'width="50px"');
619			if ($addTeacherColumn) {
620			$table->set_header($column++, get_lang('Teachers'), true);
621			}
622			$table->set_header(
623			$column++,
624			get_lang('Action'),
625			false,
626			null,
627			['class' => 'td_actions']
628			);
629			$table->set_form_actions(
630			['delete_courses' => get_lang('DeleteCourse')],
631			'course'
632			);
633
634			$tab = CourseManager::getCourseListTabs('simple');
635
636			$content .= $tab.$table->return_table();
637			}
638
639			$htmlHeadXtra[] = '
640			<script>
641			$(function() {
642			$("#set_none_teacher").on("click", function () {
643			$("#course_teachers").val("0").trigger("change");
644
645			return false;
646			});
647			});
648			</script>';
649
650			$tpl = new Template($tool_name);
651			$tpl->assign('actions', $actions);
652			$tpl->assign('message', $message);
653			$tpl->assign('content', $content);
654			$tpl->display_one_col_template();
655

chamilo / chamilo-lms

Push — 1.11.x ( bce6cd...c146d9 )

main/admin/course_list.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like