1 | <?php |
||
2 | /* For licensing terms, see /license.txt */ |
||
3 | |||
4 | use Chamilo\CoreBundle\Entity\Message; |
||
5 | use Chamilo\CoreBundle\Entity\MessageFeedback; |
||
6 | use ChamiloSession as Session; |
||
7 | |||
8 | /** |
||
9 | * Responses to AJAX calls. |
||
10 | */ |
||
11 | require_once __DIR__.'/../global.inc.php'; |
||
12 | |||
13 | $action = isset($_GET['a']) ? $_GET['a'] : null; |
||
14 | |||
15 | $current_user_id = api_get_user_id(); |
||
16 | switch ($action) { |
||
17 | case 'add_friend': |
||
18 | if (api_is_anonymous()) { |
||
19 | echo ''; |
||
20 | break; |
||
21 | } |
||
22 | $relation_type = USER_RELATION_TYPE_UNKNOWN; //Unknown contact |
||
23 | if (isset($_GET['is_my_friend'])) { |
||
24 | $relation_type = USER_RELATION_TYPE_FRIEND; //My friend |
||
25 | } |
||
26 | |||
27 | if (isset($_GET['friend_id'])) { |
||
28 | $my_current_friend = $_GET['friend_id']; |
||
29 | UserManager::relate_users($current_user_id, $my_current_friend, $relation_type); |
||
30 | UserManager::relate_users($my_current_friend, $current_user_id, $relation_type); |
||
31 | SocialManager::invitation_accepted($my_current_friend, $current_user_id); |
||
32 | Display::addFlash( |
||
33 | Display::return_message(get_lang('AddedContactToList'), 'success') |
||
34 | ); |
||
35 | |||
36 | header('Location: '.api_get_path(WEB_CODE_PATH).'social/invitations.php'); |
||
37 | exit; |
||
38 | } |
||
39 | break; |
||
40 | case 'deny_friend': |
||
41 | if (api_is_anonymous()) { |
||
42 | echo ''; |
||
43 | break; |
||
44 | } |
||
45 | $relation_type = USER_RELATION_TYPE_UNKNOWN; //Contact unknown |
||
46 | if (isset($_GET['is_my_friend'])) { |
||
47 | $relation_type = USER_RELATION_TYPE_FRIEND; //my friend |
||
48 | } |
||
49 | if (isset($_GET['denied_friend_id'])) { |
||
50 | SocialManager::invitation_denied($_GET['denied_friend_id'], $current_user_id); |
||
51 | Display::addFlash( |
||
52 | Display::return_message(get_lang('InvitationDenied'), 'success') |
||
53 | ); |
||
54 | |||
55 | header('Location: '.api_get_path(WEB_CODE_PATH).'social/invitations.php'); |
||
56 | exit; |
||
57 | } |
||
58 | break; |
||
59 | case 'delete_friend': |
||
60 | if (api_is_anonymous()) { |
||
61 | echo ''; |
||
62 | break; |
||
63 | } |
||
64 | $my_delete_friend = (int) $_POST['delete_friend_id']; |
||
65 | if (isset($_POST['delete_friend_id'])) { |
||
66 | SocialManager::remove_user_rel_user($my_delete_friend); |
||
67 | } |
||
68 | break; |
||
69 | case 'show_my_friends': |
||
70 | if (api_is_anonymous()) { |
||
71 | echo ''; |
||
72 | break; |
||
73 | } |
||
74 | $user_id = api_get_user_id(); |
||
75 | $name_search = Security::remove_XSS($_POST['search_name_q']); |
||
76 | |||
77 | if (isset($name_search) && $name_search != 'undefined') { |
||
78 | $friends = SocialManager::get_friends($user_id, null, $name_search); |
||
79 | } else { |
||
80 | $friends = SocialManager::get_friends($user_id); |
||
81 | } |
||
82 | |||
83 | $friend_html = ''; |
||
84 | $number_of_images = 8; |
||
85 | $number_friends = count($friends); |
||
86 | if ($number_friends != 0) { |
||
87 | $number_loop = $number_friends / $number_of_images; |
||
88 | $loop_friends = ceil($number_loop); |
||
89 | $j = 0; |
||
90 | for ($k = 0; $k < $loop_friends; $k++) { |
||
91 | if ($j == $number_of_images) { |
||
92 | $number_of_images = $number_of_images * 2; |
||
93 | } |
||
94 | while ($j < $number_of_images) { |
||
95 | if (isset($friends[$j])) { |
||
96 | $friend = $friends[$j]; |
||
97 | $user_name = api_xml_http_response_encode($friend['firstName'].' '.$friend['lastName']); |
||
98 | $userPicture = UserManager::getUserPicture($friend['friend_user_id']); |
||
99 | |||
100 | $friend_html .= ' |
||
101 | <div class="col-md-3"> |
||
102 | <div class="thumbnail text-center" id="div_'.$friends[$j]['friend_user_id'].'"> |
||
103 | <img src="'.$userPicture.'" class="img-responsive" id="imgfriend_'.$friend['friend_user_id'].'" title="$user_name"> |
||
104 | <div class="caption"> |
||
105 | <h3> |
||
106 | <a href="profile.php?u='.$friend['friend_user_id'].'">'.$user_name.'</a> |
||
107 | </h3> |
||
108 | <p> |
||
109 | <button class="btn btn-danger" onclick="delete_friend(this)" id=img_'.$friend['friend_user_id'].'> |
||
110 | '.get_lang('Delete').' |
||
111 | </button> |
||
112 | </p> |
||
113 | </div> |
||
114 | </div> |
||
115 | </div> |
||
116 | '; |
||
117 | } |
||
118 | $j++; |
||
119 | } |
||
120 | } |
||
121 | } |
||
122 | echo $friend_html; |
||
123 | break; |
||
124 | case 'toogle_course': |
||
125 | if (api_is_anonymous()) { |
||
126 | echo ''; |
||
127 | break; |
||
128 | } |
||
129 | require_once api_get_path(SYS_CODE_PATH).'forum/forumfunction.inc.php'; |
||
130 | |||
131 | $user_id = Session::read('social_user_id'); |
||
132 | |||
133 | if ($_POST['action']) { |
||
134 | $action = $_POST['action']; |
||
135 | } |
||
136 | |||
137 | switch ($action) { |
||
138 | case 'load_course': |
||
139 | $course_id = intval($_POST['course_code']); // the int course id |
||
140 | $course_info = api_get_course_info_by_id($course_id); |
||
141 | $course_code = $course_info['code']; |
||
142 | |||
143 | if (api_is_user_of_course($course_id, api_get_user_id())) { |
||
144 | //------Forum messages |
||
145 | $forum_result = get_all_post_from_user($user_id, $course_code); |
||
146 | $all_result_data = 0; |
||
147 | if ($forum_result != '') { |
||
148 | echo '<div id="social-forum-main-title">'; |
||
149 | echo api_xml_http_response_encode(get_lang('Forum')); |
||
150 | echo '</div>'; |
||
151 | |||
152 | echo '<div style="background:#FAF9F6; padding:0px;" >'; |
||
153 | echo api_xml_http_response_encode($forum_result); |
||
154 | echo '</div>'; |
||
155 | echo '<br />'; |
||
156 | $all_result_data++; |
||
157 | } |
||
158 | |||
159 | //------Blog posts |
||
160 | $result = Blog::getBlogPostFromUser($course_id, $user_id, $course_code); |
||
161 | |||
162 | if (!empty($result)) { |
||
163 | api_display_tool_title(api_xml_http_response_encode(get_lang('Blog'))); |
||
164 | echo '<div style="background:#FAF9F6; padding:0px;">'; |
||
165 | echo api_xml_http_response_encode($result); |
||
166 | echo '</div>'; |
||
167 | echo '<br />'; |
||
168 | $all_result_data++; |
||
169 | } |
||
170 | |||
171 | //------Blog comments |
||
172 | $result = Blog::getBlogCommentsFromUser($course_id, $user_id, $course_code); |
||
173 | if (!empty($result)) { |
||
174 | echo '<div style="background:#FAF9F6; padding-left:10px;">'; |
||
175 | api_display_tool_title(api_xml_http_response_encode(get_lang('BlogComments'))); |
||
176 | echo api_xml_http_response_encode($result); |
||
177 | echo '</div>'; |
||
178 | echo '<br />'; |
||
179 | $all_result_data++; |
||
180 | } |
||
181 | if ($all_result_data == 0) { |
||
182 | echo api_xml_http_response_encode(get_lang('NoDataAvailable')); |
||
183 | } |
||
184 | } else { |
||
185 | echo '<div class="clear"></div><br />'; |
||
186 | api_display_tool_title(api_xml_http_response_encode(get_lang('Details'))); |
||
187 | echo '<div style="background:#FAF9F6; padding:0px;">'; |
||
188 | echo api_xml_http_response_encode(get_lang('UserNonRegisteredAtTheCourse')); |
||
189 | echo '<div class="clear"></div><br />'; |
||
190 | echo '</div>'; |
||
191 | echo '<div class="clear"></div><br />'; |
||
192 | } |
||
193 | break; |
||
194 | case 'unload_course': |
||
195 | default: |
||
196 | break; |
||
197 | } |
||
198 | break; |
||
199 | case 'send_comment': |
||
200 | if (api_is_anonymous()) { |
||
201 | exit; |
||
202 | } |
||
203 | |||
204 | if (api_get_setting('allow_social_tool') !== 'true') { |
||
205 | exit; |
||
206 | } |
||
207 | |||
208 | $messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0; |
||
209 | |||
210 | if (empty($messageId)) { |
||
211 | exit; |
||
212 | } |
||
213 | |||
214 | $userId = api_get_user_id(); |
||
215 | $messageInfo = MessageManager::get_message_by_id($messageId); |
||
216 | if (!empty($messageInfo)) { |
||
217 | $comment = isset($_REQUEST['comment']) ? $_REQUEST['comment'] : ''; |
||
218 | if (!empty($comment)) { |
||
219 | $messageId = SocialManager::sendWallMessage( |
||
220 | $userId, |
||
221 | $messageInfo['user_receiver_id'], |
||
222 | $comment, |
||
223 | $messageId, |
||
224 | MESSAGE_STATUS_WALL |
||
225 | ); |
||
226 | if ($messageId) { |
||
227 | $messageInfo = MessageManager::get_message_by_id($messageId); |
||
228 | echo SocialManager::processPostComment($messageInfo); |
||
229 | } |
||
230 | } |
||
231 | } |
||
232 | break; |
||
233 | case 'delete_message': |
||
234 | if (api_is_anonymous()) { |
||
235 | exit; |
||
236 | } |
||
237 | |||
238 | if (api_get_setting('allow_social_tool') !== 'true') { |
||
239 | exit; |
||
240 | } |
||
241 | |||
242 | $messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0; |
||
243 | |||
244 | if (empty($messageId)) { |
||
245 | exit; |
||
246 | } |
||
247 | |||
248 | $userId = api_get_user_id(); |
||
249 | $messageInfo = MessageManager::get_message_by_id($messageId); |
||
250 | if (!empty($messageInfo)) { |
||
251 | $canDelete = ($messageInfo['user_receiver_id'] == $userId || $messageInfo['user_sender_id'] == $userId) && |
||
252 | empty($messageInfo['group_id']); |
||
253 | if ($canDelete || api_is_platform_admin()) { |
||
254 | SocialManager::deleteMessage($messageId); |
||
255 | echo Display::return_message(get_lang('MessageDeleted')); |
||
256 | break; |
||
257 | } |
||
258 | } |
||
259 | break; |
||
260 | case 'list_wall_message': |
||
261 | if (api_is_anonymous()) { |
||
262 | break; |
||
263 | } |
||
264 | $start = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0; |
||
265 | $userId = isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : api_get_user_id(); |
||
266 | |||
267 | $html = ''; |
||
268 | if ($userId == api_get_user_id()) { |
||
269 | $threadList = SocialManager::getThreadList($userId); |
||
270 | $threadIdList = []; |
||
271 | if (!empty($threadList)) { |
||
272 | $threadIdList = array_column($threadList, 'id'); |
||
273 | } |
||
274 | |||
275 | $html = SocialManager::getMyWallMessages( |
||
276 | $userId, |
||
277 | $start, |
||
278 | SocialManager::DEFAULT_SCROLL_NEW_POST, |
||
279 | $threadIdList |
||
280 | ); |
||
281 | $html = $html['posts']; |
||
282 | } else { |
||
283 | $messages = SocialManager::getWallMessages( |
||
284 | $userId, |
||
285 | null, |
||
286 | 0, |
||
287 | 0, |
||
288 | '', |
||
289 | $start, |
||
290 | SocialManager::DEFAULT_SCROLL_NEW_POST |
||
291 | ); |
||
292 | $messages = SocialManager::formatWallMessages($messages); |
||
293 | |||
294 | if (!empty($messages)) { |
||
295 | ksort($messages); |
||
296 | foreach ($messages as $message) { |
||
297 | $post = $message['html']; |
||
298 | $comments = SocialManager::getWallPostComments($userId, $message); |
||
299 | $html .= SocialManager::wrapPost($message, $post.$comments); |
||
300 | } |
||
301 | } |
||
302 | } |
||
303 | |||
304 | if (!empty($html)) { |
||
305 | $html .= Display::div( |
||
306 | Display::url( |
||
307 | get_lang('SeeMore'), |
||
308 | api_get_self().'?u='.$userId.'&a=list_wall_message&start='. |
||
309 | ($start + SocialManager::DEFAULT_SCROLL_NEW_POST).'&length='.SocialManager::DEFAULT_SCROLL_NEW_POST, |
||
310 | [ |
||
311 | 'class' => 'nextPage', |
||
312 | ] |
||
313 | ), |
||
314 | [ |
||
315 | 'class' => 'next', |
||
316 | ] |
||
317 | ); |
||
318 | } |
||
319 | echo $html; |
||
320 | break; |
||
321 | // Read the Url using OpenGraph and returns the hyperlinks content |
||
322 | case 'read_url_with_open_graph': |
||
323 | $url = isset($_POST['social_wall_new_msg_main']) ? $_POST['social_wall_new_msg_main'] : ''; |
||
324 | $url = trim($url); |
||
325 | $html = ''; |
||
326 | if (SocialManager::verifyUrl($url) == true) { |
||
0 ignored issues
–
show
|
|||
327 | $html = Security::remove_XSS( |
||
328 | SocialManager::readContentWithOpenGraph($url) |
||
329 | ); |
||
330 | } |
||
331 | echo $html; |
||
332 | break; |
||
333 | case 'like_message': |
||
334 | header('Content-Type: application/json'); |
||
335 | |||
336 | if ( |
||
337 | api_is_anonymous() || |
||
338 | !api_get_configuration_value('social_enable_messages_feedback') |
||
339 | ) { |
||
340 | echo json_encode(false); |
||
341 | exit; |
||
342 | } |
||
343 | |||
344 | $messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0; |
||
345 | $status = isset($_GET['status']) ? $_GET['status'] : ''; |
||
346 | $groupId = isset($_GET['group']) ? (int) $_GET['group'] : 0; |
||
347 | |||
348 | if (empty($messageId) || !in_array($status, ['like', 'dislike'])) { |
||
349 | echo json_encode(false); |
||
350 | exit; |
||
351 | } |
||
352 | |||
353 | $em = Database::getManager(); |
||
354 | $messageRepo = $em->getRepository('ChamiloCoreBundle:Message'); |
||
355 | $messageLikesRepo = $em->getRepository('ChamiloCoreBundle:MessageFeedback'); |
||
356 | |||
357 | /** @var Message $message */ |
||
358 | $message = $messageRepo->find($messageId); |
||
359 | |||
360 | if (empty($message)) { |
||
361 | echo json_encode(false); |
||
362 | exit; |
||
363 | } |
||
364 | |||
365 | if ((int) $message->getGroupId() !== $groupId) { |
||
366 | echo json_encode(false); |
||
367 | exit; |
||
368 | } |
||
369 | |||
370 | if (!empty($message->getGroupId())) { |
||
371 | $usergroup = new UserGroup(); |
||
372 | $groupInfo = $usergroup->get($groupId); |
||
373 | |||
374 | if (empty($groupInfo)) { |
||
375 | echo json_encode(false); |
||
376 | exit; |
||
377 | } |
||
378 | |||
379 | $isMember = $usergroup->is_group_member($groupId, $current_user_id); |
||
380 | |||
381 | if (GROUP_PERMISSION_CLOSED == $groupInfo['visibility'] && !$isMember) { |
||
382 | echo json_encode(false); |
||
383 | exit; |
||
384 | } |
||
385 | } |
||
386 | |||
387 | $user = api_get_user_entity($current_user_id); |
||
388 | |||
389 | $userLike = $messageLikesRepo->findOneBy(['message' => $message, 'user' => $user]); |
||
390 | |||
391 | if (empty($userLike)) { |
||
392 | $userLike = new MessageFeedback(); |
||
393 | $userLike |
||
394 | ->setMessage($message) |
||
395 | ->setUser($user); |
||
396 | } |
||
397 | |||
398 | if ('like' === $status) { |
||
399 | if ($userLike->isLiked()) { |
||
400 | echo json_encode(false); |
||
401 | exit; |
||
402 | } |
||
403 | |||
404 | $userLike |
||
405 | ->setLiked(true) |
||
406 | ->setDisliked(false); |
||
407 | } elseif ('dislike' === $status) { |
||
408 | if ($userLike->isDisliked()) { |
||
409 | echo json_encode(false); |
||
410 | exit; |
||
411 | } |
||
412 | |||
413 | $userLike |
||
414 | ->setLiked(false) |
||
415 | ->setDisliked(true); |
||
416 | } |
||
417 | |||
418 | $userLike |
||
419 | ->setUpdatedAt( |
||
420 | api_get_utc_datetime(null, false, true) |
||
421 | ); |
||
422 | |||
423 | $em->persist($userLike); |
||
424 | $em->flush(); |
||
425 | |||
426 | echo json_encode(true); |
||
427 | break; |
||
428 | default: |
||
429 | echo ''; |
||
430 | } |
||
431 | exit; |
||
432 |
When comparing two booleans, it is generally considered safer to use the strict comparison operator.