Issues in userInfoLib.php - All Issues - Inspection of "WebServices: set visibility to student work" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 1.11.x ( bce6cd...c146d9 )

by Angel Fernando Quiroz

created 2021-08-24 22:43 UTC

main/extra/userInfoLib.php (1 issue)

Labels

Bug 1

Severity

Major 1

Julio Montoya 1

<?php
/* For licensing terms, see /license.txt*/

/**
 * create a new category definition for the user information.
 *
 * @author - Hugues peeters <[email protected]>
 * @author - Christophe Gesch� <[email protected]>
 *
 * @param string $title   - category title
 * @param string $comment - title comment
 * @param int    $nbline  - lines number for the field the user will fill
 *
 * @return bool true if succeed, else bolean false
 */
function create_cat_def($title = "", $comment = "", $nbline = "5")
{
    global $TBL_USERINFO_DEF; //taken from userInfo.php

    $title = Database::escape_string(trim($title));
    $comment = Database::escape_string(trim($comment));
    $nbline = strval(intval($nbline));

    if (0 == (int) $nbline || empty($title)) {
        return false;
    }

    $sql = "SELECT MAX(rank) as maxRank FROM ".$TBL_USERINFO_DEF;
    $result = Database::query($sql);
    if ($result) {
        $maxRank = Database::fetch_array($result);
    }

    $maxRank = $maxRank['maxRank'];
    $thisRank = $maxRank + 1;

    $sql = "INSERT INTO $TBL_USERINFO_DEF SET
            title       = '$title',
            comment     = '$comment',
            line_count  = '$nbline',
            rank        = '$thisRank'";

    Database::query($sql);

    return true;
}

/**
 * modify the definition of a user information category.
 *
 * @author - Hugues peeters <[email protected]>
 * @author - Christophe Gesch� <[email protected]>
 *
 * @param int    $id      - id of the category
 * @param string $title   - category title
 * @param string $comment - title comment
 * @param int    $nbline  - lines number for the field the user will fill
 *
 * @return - boolean true if succeed, else otherwise
 */
function edit_cat_def($id, $title, $comment, $nbline)
{
    global $TBL_USERINFO_DEF;

    if (0 == $nbline || 0 == $id) {
        return false;
    }
    $id = strval(intval($id)); //make sure id is integer
    $title = Database::escape_string(trim($title));
    $comment = Database::escape_string(trim($comment));
    $nbline = strval(intval($nbline));

    $sql = "UPDATE $TBL_USERINFO_DEF SET
            title       = '$title',
            comment     = '$comment',
            line_count  = '$nbline'
            WHERE id    = '$id'";
    Database::query($sql);

    return true;
}

/**
 * remove a category from the category list.
 *
 * @author - Hugues peeters <[email protected]>
 * @author - Christophe Gesche <[email protected]>
 *
 * @param int  $id    - id of the category
 *                    or "ALL" for all category
 * @param bool $force - FALSE (default) : prevents removal if users have
 *                    already fill this category
 *                    TRUE : bypass user content existence check
 *
 * @return bool - TRUE if succeed, ELSE otherwise
 */
function remove_cat_def($id, $force = false)
{
    $TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
    $TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);

    $id = strval(intval($id));

    if ((0 == (int) $id || $id == "ALL") || !is_bool($force)) {
        return false;
    }
    $sqlCondition = " WHERE id = $id";
    if (!$force) {
        $sql = "SELECT * FROM $TBL_USERINFO_CONTENT $sqlCondition";
        $result = Database::query($sql);

        if (Database::num_rows($result) > 0) {
            return false;
        }
    }
    $sql = "DELETE FROM $TBL_USERINFO_DEF $sqlCondition";
    Database::query($sql);
}

/**
 * move a category in the category list.
 *
 * @author - Hugues peeters <[email protected]>
 * @author - Christophe Gesch� <[email protected]>
 *
 * @param int    $id        - id of the category
 * @param string $direction "up" or "down" :
 *                          "up"    decrease the rank of gived $id by switching rank with the just lower
 *                          "down"  increase the rank of gived $id by switching rank with the just upper
 *
 * @return bool true if succeed, else boolean false
 */
function move_cat_rank($id, $direction) // up & down.
{
    $TBL_USERINFO_DEF = Database:: get_course_table(userinfo_def);
    $id = strval(intval($id));

    if (0 == (int) $id || !($direction == "up" || $direction == "down")) {
        return false;
    }

    $sql = "SELECT rank FROM $TBL_USERINFO_DEF WHERE id = $id";
    $result = Database::query($sql);

    if (Database::num_rows($result) < 1) {
        return false;
    }

    $cat = Database::fetch_array($result);
    $rank = (int) $cat['rank'];

    return move_cat_rank_by_rank($rank, $direction);
}

/**
 * move a category in the category list.
 *
 * @author - Hugues peeters <[email protected]>
 * @author - Christophe Gesche <[email protected]>
 *
 * @param int    $rank      - actual rank of the category
 * @param string $direction "up" or "down" :
 *                          "up"    decrease the rank of gived $rank by switching rank with the just lower
 *                          "down"  increase the rank of gived $rank by switching rank with the just upper
 *
 * @return bool true if succeed, else boolean false
 */
function move_cat_rank_by_rank($rank, $direction) // up & down.
{
    $TBL_USERINFO_DEF = Database:: get_course_table(userinfo_def);

    if (0 == (int) $rank || !($direction == "up" || $direction == "down")) {
        return false;
    }

    if ($direction === "down") {
        // thus increase rank ...
        $sort = "ASC";
        $compOp = ">=";
    } else {
        // thus decrease rank ...
        $sort = "DESC";
        $compOp = "<=";
    }

    // this request find the 2 line to be switched (on rank value)
    $sql = "SELECT id, rank FROM $TBL_USERINFO_DEF
            WHERE rank $compOp $rank
            ORDER BY rank $sort LIMIT 2";

    $result = Database::query($sql);

    if (Database::num_rows($result) < 2) {
        return false;
    }

    $thisCat = Database::fetch_array($result);
    $nextCat = Database::fetch_array($result);

    $sql1 = "UPDATE $TBL_USERINFO_DEF SET rank ='".$nextCat['rank'].
        "' WHERE id = '".$thisCat['id']."'";
    $sql2 = "UPDATE $TBL_USERINFO_DEF SET rank ='".$thisCat['rank'].
        "' WHERE id = '".$nextCat['id']."'";

    Database::query($sql1);
    Database::query($sql2);

    return true;
}

/**
 * @author Hugues Peeters - [email protected]
 *
 * @param int    $user_id
 * @param string $course_code
 * @param array  $properties  - should contain 'role', 'status', 'tutor_id'
 *
 * @return bool true if succeed false otherwise
 */
function update_user_course_properties($user_id, $course_code, $properties, $horaire_name, $course_id)
{
    global $tbl_coursUser, $_user;
    $sqlChangeStatus = "";
    $user_id = (int) $user_id; //filter integer
    $course_code = Database::escape_string($course_code);
    $course_id = (int) $course_id;
    $horaire_name = Database::escape_string($horaire_name);
    $status = Database::escape_string($properties['status']);
    $tutor = Database::escape_string($properties['tutor']);
    if ($user_id != $_user['user_id']) {
        $sqlChangeStatus = "status = '$status',";
    }

    $sql = "UPDATE $tbl_coursUser
            SET $sqlChangeStatus
                is_tutor = '$tutor'
            WHERE user_id = $user_id AND c_id = $course_id";
    Database::query($sql);
    //update official-code: Horaire
    $table_user = Database::get_main_table(TABLE_MAIN_USER);
    $sql2 = "UPDATE $table_user
             SET official_code = '$horaire_name'
             WHERE user_id = $user_id";
    Database::query($sql2);
    //on récupère l'horaire
    $tbl_personal_agenda = Database:: get_main_table(TABLE_PERSONAL_AGENDA);
    $TABLECALDATES = Database:: get_course_table(cal_dates);

    $jour = 0;
    $sql3 = "SELECT date FROM $TABLECALDATES
             WHERE
                horaire_name = '$horaire_name' AND
                status = 'C' AND
                c_id = $course_id
             ORDER BY date ";
    $result3 = Database::query($sql3);

    if (Database::num_rows($result3) == '0') {
        return false;
    }

    //on efface ce qui est déjà inscrit
    $sql4 = "DELETE FROM $tbl_personal_agenda
         WHERE user = $user_id
         AND text = 'Pour le calendrier, ne pas effacer'";
    Database::query($sql4);

    $sql = "DELETE FROM $tbl_personal_agenda
         WHERE user = $user_id AND title = 'Examen*'";
    Database::query($sql);
    //à chaque date dans l'horaire
    while ($res3 = Database::fetch_array($result3)) {
        $date = $res3['date'];
        //on incrémente les jours de cours
        $date = api_get_utc_datetime($date);
        $jour = $jour + 1;
        //on réinsère le nouvel horaire
        $sql = "INSERT ".$tbl_personal_agenda." (user,title,text,date)
                VALUES ($user_id, $jour, 'Pour le calendrier, ne pas effacer', '$date')";
        Database::query($sql);
        // pour les inscrire examens dans agenda
        $sql5 = "SELECT date FROM $TABLECALDATES
                  WHERE horaire_name = '$horaire_name' AND status = 'E'
                  AND    c_id = '$course_id'
                  ORDER BY date
                  ";
        $result5 = Database::query($sql5);
    }

    //à chaque date dans l'horaire
    while ($res5 = Database::fetch_array($result5)) {
        $date = $res5['date'];
        $date = api_get_utc_datetime($date);
        //on réinsère le nouvel horaire
        $sql7 = "INSERT $tbl_personal_agenda (user, title, date) VALUES  ($user_id, 'Examen*', '$date')";
        Database::query($sql7);
    }
}

/**
 * fill a bloc for information category.
 *
 * @author - Hugues peeters <[email protected]>
 * @author - Christophe Gesche <[email protected]>
 *
 * @param $definition_id
 * @param $user_id
 * @param $user_ip
 * @param $content
 *
 * @return bool true if succeed, else boolean false
 */
function fill_new_cat_content($definition_id, $user_id, $content = "", $user_ip = "")
{
    global $TBL_USERINFO_CONTENT;

    if (empty($user_ip)) {
        $user_ip = $_SERVER['REMOTE_ADDR'];
    }
    $definition_id = (int) $definition_id;
    $user_id = (int) $user_id;
    $content = Database::escape_string(trim($content));
    $user_ip = Database::escape_string(trim($user_ip));

    if (0 == $definition_id || 0 == $user_id || $content == "") {
        // Here we should introduce an error handling system...

        return false;
    }

    // Do not create if already exist
    $sql = "SELECT id FROM $TBL_USERINFO_CONTENT
            WHERE   definition_id   = '$definition_id'
            AND     user_id         = $user_id";

    $result = Database::query($sql);

    if (Database::num_rows($result) > 0) {
        return false;
    }

    $sql = "INSERT INTO $TBL_USERINFO_CONTENT SET
            content         = '$content',
            definition_id   = $definition_id,
            user_id         = $user_id,
            editor_ip       = '$user_ip',
            edition_time    = now()";

    Database::query($sql);

    return true;
}

/**
 * Edit a bloc for information category.
 *
 * @author - Hugues peeters <[email protected]>
 * @author - Christophe Gesche <[email protected]>
 *
 * @param $definition_id
 * @param $user_id
 * @param $user_ip       DEFAULT $REMOTE_ADDR
 * @param $content       if empty call delete the bloc
 *
 * @return bool true if succeed, else boolean false
 */
function edit_cat_content($definition_id, $user_id, $content = "", $user_ip = "")
{
    global $TBL_USERINFO_CONTENT;
    $definition_id = (int) $definition_id;
    $user_id = (int) $user_id;
    $content = Database::escape_string(trim($content));
    if (empty($user_ip)) {
        $user_ip = $_SERVER['REMOTE_ADDR'];
    }
    $user_ip = Database::escape_string($user_ip);

    if (0 == $user_id || 0 == $definition_id) {
        return false;
    }

    if ($content == "") {
        return cleanout_cat_content($user_id, $definition_id);
    }

    $sql = "UPDATE $TBL_USERINFO_CONTENT SET
            content         = '$content',
            editor_ip       = '$user_ip',
            edition_time    = now()
            WHERE definition_id = $definition_id AND user_id = $user_id";

    Database::query($sql);

    return true;
}

/**
 * clean the content of a bloc for information category.
 *
 * @author Hugues peeters <[email protected]>
 * @author Christophe Gesche <[email protected]>
 *
 * @param $definition_id
 * @param $user_id
 *
 * @return bool true if succeed, else boolean false
 */
function cleanout_cat_content($user_id, $definition_id)
{
    global $TBL_USERINFO_CONTENT;
    $user_id = (int) $user_id;
    $definition_id = (int) $definition_id;

    if (0 == $user_id || 0 == $definition_id) {
        return false;
    }

    $sql = "DELETE FROM $TBL_USERINFO_CONTENT
            WHERE user_id = $user_id AND definition_id = $definition_id";

    Database::query($sql);

    return true;
}

/**
 * get the user info from the user id.
 *
 * @author - Hugues Peeters <[email protected]>
 * @author - Christophe Gesche <[email protected]>
 *
 * @param int $user_id user id as stored in the Dokeos main db
 *
 * @return array containg user info sort by categories rank
 *               each rank contains 'title', 'comment', 'content', 'cat_id'
 */
function get_course_user_info($user_id)
{
    $TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
    $TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);

    $user_id = (int) $user_id;
    $sql = "SELECT  cat.id catId,   cat.title,
                    cat.comment ,   content.content
            FROM    $TBL_USERINFO_DEF cat LEFT JOIN $TBL_USERINFO_CONTENT content
            ON cat.id = content.definition_id AND content.user_id = $user_id
            ORDER BY cat.rank, content.id";

    $result = Database::query($sql);

    if (Database::num_rows($result) > 0) {
        while ($userInfo = Database::fetch_array($result, 'ASSOC')) {
            $userInfos[] = $userInfo;
        }

        return $userInfos;
    }

    return false;
}

/**
 * get the user content of a categories plus the categories definition.
 *
 * @author - Hugues Peeters <[email protected]>
 * @author - Christophe Gesche <[email protected]>
 *
 * @param int $userId id of the user
 * @param int $catId  id of the categories
 *
 * @return array containing 'catId', 'title', 'comment', 'nbline', 'contentId' and 'content'
 */
function get_cat_content($userId, $catId)
{
    $TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
    $TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);

    $userId = (int) $userId;
    $catId = (int) $catId;
    $sql = "SELECT  cat.id catId,   cat.title,
                    cat.comment ,   cat.line_count,
                    content.id contentId,   content.content
            FROM    $TBL_USERINFO_DEF cat LEFT JOIN $TBL_USERINFO_CONTENT content
            ON cat.id = content.definition_id
            AND content.user_id = $userId
            WHERE cat.id = $catId ";
    $result = Database::query($sql);

    if (Database::num_rows($result) > 0) {
        $catContent = Database::fetch_array($result, 'ASSOC');
        $catContent['nbline'] = $catContent['line_count'];

        return $catContent;
    }

    return false;
}

/**
 * get the definition of a category.
 *
 * @author Christophe Gesche <[email protected]>
 * @author Hugues Peeters <[email protected]>
 *
 * @param int $catId - id of the categories
 *
 * @return array containing 'id', 'title', 'comment', and 'nbline',
 */
function get_cat_def($catId)
{
    $TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);

    $catId = (int) $catId;
    $sql = "SELECT id, title, comment, line_count, rank FROM $TBL_USERINFO_DEF WHERE id = $catId";

    $result = Database::query($sql);

    if (Database::num_rows($result) > 0) {
        $catDef = Database::fetch_array($result, 'ASSOC');
        $catDef['nbline'] = $catDef['line_count'];

        return $catDef;
    }

    return false;
}

/**
 * get list of all this course categories.
 *
 * @author Christophe Gesche <[email protected]>
 * @author Hugues Peeters <[email protected]>
 *
 * @return array containing a list of arrays.
 *               And each of these arrays contains
 *               'catId', 'title', 'comment', and 'nbline',
 */
function get_cat_def_list()
{
    $TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);

    $sql = "SELECT  id catId,   title,  comment , line_count
            FROM  $TBL_USERINFO_DEF
            ORDER BY rank";

    $result = Database::query($sql);

    if (Database::num_rows($result) > 0) {
        while ($cat_def = Database::fetch_array($result, 'ASSOC')) {
            $cat_def_list[] = $cat_def;
        }

        return $cat_def_list;
    }

    return false;
}

/**
 * transform content in a html display.
 *
 * @author Hugues Peeters <[email protected]>
 *
 * @param string $string string to htmlize
 *
 * @return string htmlized
 */
function htmlize($string)
{
    global $charset;

    return nl2br(htmlspecialchars($string, ENT_QUOTES, $charset));
}


1			<?php
2			/* For licensing terms, see /license.txt*/
3
4			/**
5			* create a new category definition for the user information.
6			*
7			* @author - Hugues peeters <[email protected]>
8			* @author - Christophe Gesch� <[email protected]>
9			*
10			* @param string $title - category title
11			* @param string $comment - title comment
12			* @param int $nbline - lines number for the field the user will fill
13			*
14			* @return bool true if succeed, else bolean false
15			*/
16			function create_cat_def($title = "", $comment = "", $nbline = "5")
17			{
18			global $TBL_USERINFO_DEF; //taken from userInfo.php
19
20			$title = Database::escape_string(trim($title));
21			$comment = Database::escape_string(trim($comment));
22			$nbline = strval(intval($nbline));
23
24			if (0 == (int) $nbline \|\| empty($title)) {
25			return false;
26			}
27
28			$sql = "SELECT MAX(rank) as maxRank FROM ".$TBL_USERINFO_DEF;
29			$result = Database::query($sql);
30			if ($result) {
31			$maxRank = Database::fetch_array($result);
32			}
33
34			$maxRank = $maxRank['maxRank'];
35			$thisRank = $maxRank + 1;
36
37			$sql = "INSERT INTO $TBL_USERINFO_DEF SET
38			title = '$title',
39			comment = '$comment',
40			line_count = '$nbline',
41			rank = '$thisRank'";
42
43			Database::query($sql);
44
45			return true;
46			}
47
48			/**
49			* modify the definition of a user information category.
50			*
51			* @author - Hugues peeters <[email protected]>
52			* @author - Christophe Gesch� <[email protected]>
53			*
54			* @param int $id - id of the category
55			* @param string $title - category title
56			* @param string $comment - title comment
57			* @param int $nbline - lines number for the field the user will fill
58			*
59			* @return - boolean true if succeed, else otherwise
60			*/
61			function edit_cat_def($id, $title, $comment, $nbline)
62			{
63			global $TBL_USERINFO_DEF;
64
65			if (0 == $nbline \|\| 0 == $id) {
66			return false;
67			}
68			$id = strval(intval($id)); //make sure id is integer
69			$title = Database::escape_string(trim($title));
70			$comment = Database::escape_string(trim($comment));
71			$nbline = strval(intval($nbline));
72
73			$sql = "UPDATE $TBL_USERINFO_DEF SET
74			title = '$title',
75			comment = '$comment',
76			line_count = '$nbline'
77			WHERE id = '$id'";
78			Database::query($sql);
79
80			return true;
81			}
82
83			/**
84			* remove a category from the category list.
85			*
86			* @author - Hugues peeters <[email protected]>
87			* @author - Christophe Gesche <[email protected]>
88			*
89			* @param int $id - id of the category
90			* or "ALL" for all category
91			* @param bool $force - FALSE (default) : prevents removal if users have
92			* already fill this category
93			* TRUE : bypass user content existence check
94			*
95			* @return bool - TRUE if succeed, ELSE otherwise
96			*/
97			function remove_cat_def($id, $force = false)
98			{
99			$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
100			$TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);
101
102			$id = strval(intval($id));
103
104			if ((0 == (int) $id \|\| $id == "ALL") \|\| !is_bool($force)) {
105			return false;
106			}
107			$sqlCondition = " WHERE id = $id";
108			if (!$force) {
109			$sql = "SELECT * FROM $TBL_USERINFO_CONTENT $sqlCondition";
110			$result = Database::query($sql);
111
112			if (Database::num_rows($result) > 0) {
113			return false;
114			}
115			}
116			$sql = "DELETE FROM $TBL_USERINFO_DEF $sqlCondition";
117			Database::query($sql);
118			}
119
120			/**
121			* move a category in the category list.
122			*
123			* @author - Hugues peeters <[email protected]>
124			* @author - Christophe Gesch� <[email protected]>
125			*
126			* @param int $id - id of the category
127			* @param string $direction "up" or "down" :
128			* "up" decrease the rank of gived $id by switching rank with the just lower
129			* "down" increase the rank of gived $id by switching rank with the just upper
130			*
131			* @return bool true if succeed, else boolean false
132			*/
133			function move_cat_rank($id, $direction) // up & down.
134			{
135			$TBL_USERINFO_DEF = Database:: get_course_table(userinfo_def);
136			$id = strval(intval($id));
137
138			if (0 == (int) $id \|\| !($direction == "up" \|\| $direction == "down")) {
139			return false;
140			}
141
142			$sql = "SELECT rank FROM $TBL_USERINFO_DEF WHERE id = $id";
143			$result = Database::query($sql);
144
145			if (Database::num_rows($result) < 1) {
146			return false;
147			}
148
149			$cat = Database::fetch_array($result);
150			$rank = (int) $cat['rank'];
151
152			return move_cat_rank_by_rank($rank, $direction);
153			}
154
155			/**
156			* move a category in the category list.
157			*
158			* @author - Hugues peeters <[email protected]>
159			* @author - Christophe Gesche <[email protected]>
160			*
161			* @param int $rank - actual rank of the category
162			* @param string $direction "up" or "down" :
163			* "up" decrease the rank of gived $rank by switching rank with the just lower
164			* "down" increase the rank of gived $rank by switching rank with the just upper
165			*
166			* @return bool true if succeed, else boolean false
167			*/
168			function move_cat_rank_by_rank($rank, $direction) // up & down.
169			{
170			$TBL_USERINFO_DEF = Database:: get_course_table(userinfo_def);
171
172			if (0 == (int) $rank \|\| !($direction == "up" \|\| $direction == "down")) {
173			return false;
174			}
175
176			if ($direction === "down") {
177			// thus increase rank ...
178			$sort = "ASC";
179			$compOp = ">=";
180			} else {
181			// thus decrease rank ...
182			$sort = "DESC";
183			$compOp = "<=";
184			}
185
186			// this request find the 2 line to be switched (on rank value)
187			$sql = "SELECT id, rank FROM $TBL_USERINFO_DEF
188			WHERE rank $compOp $rank
189			ORDER BY rank $sort LIMIT 2";
190
191			$result = Database::query($sql);
192
193			if (Database::num_rows($result) < 2) {
194			return false;
195			}
196
197			$thisCat = Database::fetch_array($result);
198			$nextCat = Database::fetch_array($result);
199
200			$sql1 = "UPDATE $TBL_USERINFO_DEF SET rank ='".$nextCat['rank'].
201			"' WHERE id = '".$thisCat['id']."'";
202			$sql2 = "UPDATE $TBL_USERINFO_DEF SET rank ='".$thisCat['rank'].
203			"' WHERE id = '".$nextCat['id']."'";
204
205			Database::query($sql1);
206			Database::query($sql2);
207
208			return true;
209			}
210
211			/**
212			* @author Hugues Peeters - [email protected]
213			*
214			* @param int $user_id
215			* @param string $course_code
216			* @param array $properties - should contain 'role', 'status', 'tutor_id'
217			*
218			* @return bool true if succeed false otherwise
219			*/
220			function update_user_course_properties($user_id, $course_code, $properties, $horaire_name, $course_id)
221			{
222			global $tbl_coursUser, $_user;
223			$sqlChangeStatus = "";
224			$user_id = (int) $user_id; //filter integer
225			$course_code = Database::escape_string($course_code);
226			$course_id = (int) $course_id;
227			$horaire_name = Database::escape_string($horaire_name);
228			$status = Database::escape_string($properties['status']);
229			$tutor = Database::escape_string($properties['tutor']);
230			if ($user_id != $_user['user_id']) {
231			$sqlChangeStatus = "status = '$status',";
232			}
233
234			$sql = "UPDATE $tbl_coursUser
235			SET $sqlChangeStatus
236			is_tutor = '$tutor'
237			WHERE user_id = $user_id AND c_id = $course_id";
238			Database::query($sql);
239			//update official-code: Horaire
240			$table_user = Database::get_main_table(TABLE_MAIN_USER);
241			$sql2 = "UPDATE $table_user
242			SET official_code = '$horaire_name'
243			WHERE user_id = $user_id";
244			Database::query($sql2);
245			//on récupère l'horaire
246			$tbl_personal_agenda = Database:: get_main_table(TABLE_PERSONAL_AGENDA);
247			$TABLECALDATES = Database:: get_course_table(cal_dates);
			0 ignored issues – show Bug introduced 2018-03-16 15:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `cal_dates` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
248			$jour = 0;
249			$sql3 = "SELECT date FROM $TABLECALDATES
250			WHERE
251			horaire_name = '$horaire_name' AND
252			status = 'C' AND
253			c_id = $course_id
254			ORDER BY date ";
255			$result3 = Database::query($sql3);
256
257			if (Database::num_rows($result3) == '0') {
258			return false;
259			}
260
261			//on efface ce qui est déjà inscrit
262			$sql4 = "DELETE FROM $tbl_personal_agenda
263			WHERE user = $user_id
264			AND text = 'Pour le calendrier, ne pas effacer'";
265			Database::query($sql4);
266
267			$sql = "DELETE FROM $tbl_personal_agenda
268			WHERE user = $user_id AND title = 'Examen*'";
269			Database::query($sql);
270			//à chaque date dans l'horaire
271			while ($res3 = Database::fetch_array($result3)) {
272			$date = $res3['date'];
273			//on incrémente les jours de cours
274			$date = api_get_utc_datetime($date);
275			$jour = $jour + 1;
276			//on réinsère le nouvel horaire
277			$sql = "INSERT ".$tbl_personal_agenda." (user,title,text,date)
278			VALUES ($user_id, $jour, 'Pour le calendrier, ne pas effacer', '$date')";
279			Database::query($sql);
280			// pour les inscrire examens dans agenda
281			$sql5 = "SELECT date FROM $TABLECALDATES
282			WHERE horaire_name = '$horaire_name' AND status = 'E'
283			AND c_id = '$course_id'
284			ORDER BY date
285			";
286			$result5 = Database::query($sql5);
287			}
288
289			//à chaque date dans l'horaire
290			while ($res5 = Database::fetch_array($result5)) {
291			$date = $res5['date'];
292			$date = api_get_utc_datetime($date);
293			//on réinsère le nouvel horaire
294			$sql7 = "INSERT $tbl_personal_agenda (user, title, date) VALUES ($user_id, 'Examen*', '$date')";
295			Database::query($sql7);
296			}
297			}
298
299			/**
300			* fill a bloc for information category.
301			*
302			* @author - Hugues peeters <[email protected]>
303			* @author - Christophe Gesche <[email protected]>
304			*
305			* @param $definition_id
306			* @param $user_id
307			* @param $user_ip
308			* @param $content
309			*
310			* @return bool true if succeed, else boolean false
311			*/
312			function fill_new_cat_content($definition_id, $user_id, $content = "", $user_ip = "")
313			{
314			global $TBL_USERINFO_CONTENT;
315
316			if (empty($user_ip)) {
317			$user_ip = $_SERVER['REMOTE_ADDR'];
318			}
319			$definition_id = (int) $definition_id;
320			$user_id = (int) $user_id;
321			$content = Database::escape_string(trim($content));
322			$user_ip = Database::escape_string(trim($user_ip));
323
324			if (0 == $definition_id \|\| 0 == $user_id \|\| $content == "") {
325			// Here we should introduce an error handling system...
326
327			return false;
328			}
329
330			// Do not create if already exist
331			$sql = "SELECT id FROM $TBL_USERINFO_CONTENT
332			WHERE definition_id = '$definition_id'
333			AND user_id = $user_id";
334
335			$result = Database::query($sql);
336
337			if (Database::num_rows($result) > 0) {
338			return false;
339			}
340
341			$sql = "INSERT INTO $TBL_USERINFO_CONTENT SET
342			content = '$content',
343			definition_id = $definition_id,
344			user_id = $user_id,
345			editor_ip = '$user_ip',
346			edition_time = now()";
347
348			Database::query($sql);
349
350			return true;
351			}
352
353			/**
354			* Edit a bloc for information category.
355			*
356			* @author - Hugues peeters <[email protected]>
357			* @author - Christophe Gesche <[email protected]>
358			*
359			* @param $definition_id
360			* @param $user_id
361			* @param $user_ip DEFAULT $REMOTE_ADDR
362			* @param $content if empty call delete the bloc
363			*
364			* @return bool true if succeed, else boolean false
365			*/
366			function edit_cat_content($definition_id, $user_id, $content = "", $user_ip = "")
367			{
368			global $TBL_USERINFO_CONTENT;
369			$definition_id = (int) $definition_id;
370			$user_id = (int) $user_id;
371			$content = Database::escape_string(trim($content));
372			if (empty($user_ip)) {
373			$user_ip = $_SERVER['REMOTE_ADDR'];
374			}
375			$user_ip = Database::escape_string($user_ip);
376
377			if (0 == $user_id \|\| 0 == $definition_id) {
378			return false;
379			}
380
381			if ($content == "") {
382			return cleanout_cat_content($user_id, $definition_id);
383			}
384
385			$sql = "UPDATE $TBL_USERINFO_CONTENT SET
386			content = '$content',
387			editor_ip = '$user_ip',
388			edition_time = now()
389			WHERE definition_id = $definition_id AND user_id = $user_id";
390
391			Database::query($sql);
392
393			return true;
394			}
395
396			/**
397			* clean the content of a bloc for information category.
398			*
399			* @author Hugues peeters <[email protected]>
400			* @author Christophe Gesche <[email protected]>
401			*
402			* @param $definition_id
403			* @param $user_id
404			*
405			* @return bool true if succeed, else boolean false
406			*/
407			function cleanout_cat_content($user_id, $definition_id)
408			{
409			global $TBL_USERINFO_CONTENT;
410			$user_id = (int) $user_id;
411			$definition_id = (int) $definition_id;
412
413			if (0 == $user_id \|\| 0 == $definition_id) {
414			return false;
415			}
416
417			$sql = "DELETE FROM $TBL_USERINFO_CONTENT
418			WHERE user_id = $user_id AND definition_id = $definition_id";
419
420			Database::query($sql);
421
422			return true;
423			}
424
425			/**
426			* get the user info from the user id.
427			*
428			* @author - Hugues Peeters <[email protected]>
429			* @author - Christophe Gesche <[email protected]>
430			*
431			* @param int $user_id user id as stored in the Dokeos main db
432			*
433			* @return array containg user info sort by categories rank
434			* each rank contains 'title', 'comment', 'content', 'cat_id'
435			*/
436			function get_course_user_info($user_id)
437			{
438			$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
439			$TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);
440
441			$user_id = (int) $user_id;
442			$sql = "SELECT cat.id catId, cat.title,
443			cat.comment , content.content
444			FROM $TBL_USERINFO_DEF cat LEFT JOIN $TBL_USERINFO_CONTENT content
445			ON cat.id = content.definition_id AND content.user_id = $user_id
446			ORDER BY cat.rank, content.id";
447
448			$result = Database::query($sql);
449
450			if (Database::num_rows($result) > 0) {
451			while ($userInfo = Database::fetch_array($result, 'ASSOC')) {
452			$userInfos[] = $userInfo;
453			}
454
455			return $userInfos;
456			}
457
458			return false;
459			}
460
461			/**
462			* get the user content of a categories plus the categories definition.
463			*
464			* @author - Hugues Peeters <[email protected]>
465			* @author - Christophe Gesche <[email protected]>
466			*
467			* @param int $userId id of the user
468			* @param int $catId id of the categories
469			*
470			* @return array containing 'catId', 'title', 'comment', 'nbline', 'contentId' and 'content'
471			*/
472			function get_cat_content($userId, $catId)
473			{
474			$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
475			$TBL_USERINFO_CONTENT = Database:: get_course_table(TABLE_USER_INFO_CONTENT);
476
477			$userId = (int) $userId;
478			$catId = (int) $catId;
479			$sql = "SELECT cat.id catId, cat.title,
480			cat.comment , cat.line_count,
481			content.id contentId, content.content
482			FROM $TBL_USERINFO_DEF cat LEFT JOIN $TBL_USERINFO_CONTENT content
483			ON cat.id = content.definition_id
484			AND content.user_id = $userId
485			WHERE cat.id = $catId ";
486			$result = Database::query($sql);
487
488			if (Database::num_rows($result) > 0) {
489			$catContent = Database::fetch_array($result, 'ASSOC');
490			$catContent['nbline'] = $catContent['line_count'];
491
492			return $catContent;
493			}
494
495			return false;
496			}
497
498			/**
499			* get the definition of a category.
500			*
501			* @author Christophe Gesche <[email protected]>
502			* @author Hugues Peeters <[email protected]>
503			*
504			* @param int $catId - id of the categories
505			*
506			* @return array containing 'id', 'title', 'comment', and 'nbline',
507			*/
508			function get_cat_def($catId)
509			{
510			$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
511
512			$catId = (int) $catId;
513			$sql = "SELECT id, title, comment, line_count, rank FROM $TBL_USERINFO_DEF WHERE id = $catId";
514
515			$result = Database::query($sql);
516
517			if (Database::num_rows($result) > 0) {
518			$catDef = Database::fetch_array($result, 'ASSOC');
519			$catDef['nbline'] = $catDef['line_count'];
520
521			return $catDef;
522			}
523
524			return false;
525			}
526
527			/**
528			* get list of all this course categories.
529			*
530			* @author Christophe Gesche <[email protected]>
531			* @author Hugues Peeters <[email protected]>
532			*
533			* @return array containing a list of arrays.
534			* And each of these arrays contains
535			* 'catId', 'title', 'comment', and 'nbline',
536			*/
537			function get_cat_def_list()
538			{
539			$TBL_USERINFO_DEF = Database:: get_course_table(TABLE_USER_INFO_DEF);
540
541			$sql = "SELECT id catId, title, comment , line_count
542			FROM $TBL_USERINFO_DEF
543			ORDER BY rank";
544
545			$result = Database::query($sql);
546
547			if (Database::num_rows($result) > 0) {
548			while ($cat_def = Database::fetch_array($result, 'ASSOC')) {
549			$cat_def_list[] = $cat_def;
550			}
551
552			return $cat_def_list;
553			}
554
555			return false;
556			}
557
558			/**
559			* transform content in a html display.
560			*
561			* @author Hugues Peeters <[email protected]>
562			*
563			* @param string $string string to htmlize
564			*
565			* @return string htmlized
566			*/
567			function htmlize($string)
568			{
569			global $charset;
570
571			return nl2br(htmlspecialchars($string, ENT_QUOTES, $charset));
572			}
573

chamilo / chamilo-lms

Push — 1.11.x ( bce6cd...c146d9 )

main/extra/userInfoLib.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like