Issues in social.ajax.php - All Issues - Inspection of "WebServices: set visibility to student work" - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — 1.11.x ( bce6cd...c146d9 )

by Angel Fernando Quiroz

created 2021-08-24 22:43 UTC

main/inc/ajax/social.ajax.php (1 issue)

Labels

Severity

Informational 1

José Loguercio 1

<?php
/* For licensing terms, see /license.txt */

use Chamilo\CoreBundle\Entity\Message;
use Chamilo\CoreBundle\Entity\MessageFeedback;
use ChamiloSession as Session;

/**
 * Responses to AJAX calls.
 */
require_once __DIR__.'/../global.inc.php';

$action = isset($_GET['a']) ? $_GET['a'] : null;

$current_user_id = api_get_user_id();
switch ($action) {
    case 'add_friend':
        if (api_is_anonymous()) {
            echo '';
            break;
        }
        $relation_type = USER_RELATION_TYPE_UNKNOWN; //Unknown contact
        if (isset($_GET['is_my_friend'])) {
            $relation_type = USER_RELATION_TYPE_FRIEND; //My friend
        }

        if (isset($_GET['friend_id'])) {
            $my_current_friend = $_GET['friend_id'];
            UserManager::relate_users($current_user_id, $my_current_friend, $relation_type);
            UserManager::relate_users($my_current_friend, $current_user_id, $relation_type);
            SocialManager::invitation_accepted($my_current_friend, $current_user_id);
            Display::addFlash(
                Display::return_message(get_lang('AddedContactToList'), 'success')
            );

            header('Location: '.api_get_path(WEB_CODE_PATH).'social/invitations.php');
            exit;
        }
        break;
    case 'deny_friend':
        if (api_is_anonymous()) {
            echo '';
            break;
        }
        $relation_type = USER_RELATION_TYPE_UNKNOWN; //Contact unknown
        if (isset($_GET['is_my_friend'])) {
            $relation_type = USER_RELATION_TYPE_FRIEND; //my friend
        }
        if (isset($_GET['denied_friend_id'])) {
            SocialManager::invitation_denied($_GET['denied_friend_id'], $current_user_id);
            Display::addFlash(
                Display::return_message(get_lang('InvitationDenied'), 'success')
            );

            header('Location: '.api_get_path(WEB_CODE_PATH).'social/invitations.php');
            exit;
        }
        break;
    case 'delete_friend':
        if (api_is_anonymous()) {
            echo '';
            break;
        }
        $my_delete_friend = (int) $_POST['delete_friend_id'];
        if (isset($_POST['delete_friend_id'])) {
            SocialManager::remove_user_rel_user($my_delete_friend);
        }
        break;
    case 'show_my_friends':
        if (api_is_anonymous()) {
            echo '';
            break;
        }
        $user_id = api_get_user_id();
        $name_search = Security::remove_XSS($_POST['search_name_q']);

        if (isset($name_search) && $name_search != 'undefined') {
            $friends = SocialManager::get_friends($user_id, null, $name_search);
        } else {
            $friends = SocialManager::get_friends($user_id);
        }

        $friend_html = '';
        $number_of_images = 8;
        $number_friends = count($friends);
        if ($number_friends != 0) {
            $number_loop = $number_friends / $number_of_images;
            $loop_friends = ceil($number_loop);
            $j = 0;
            for ($k = 0; $k < $loop_friends; $k++) {
                if ($j == $number_of_images) {
                    $number_of_images = $number_of_images * 2;
                }
                while ($j < $number_of_images) {
                    if (isset($friends[$j])) {
                        $friend = $friends[$j];
                        $user_name = api_xml_http_response_encode($friend['firstName'].' '.$friend['lastName']);
                        $userPicture = UserManager::getUserPicture($friend['friend_user_id']);

                        $friend_html .= '
                            <div class="col-md-3">
                                <div class="thumbnail text-center" id="div_'.$friends[$j]['friend_user_id'].'">
                                    <img src="'.$userPicture.'" class="img-responsive" id="imgfriend_'.$friend['friend_user_id'].'" title="$user_name">
                                    <div class="caption">
                                        <h3>
                                            <a href="profile.php?u='.$friend['friend_user_id'].'">'.$user_name.'</a>
                                        </h3>
                                        <p>
                                            <button class="btn btn-danger" onclick="delete_friend(this)" id=img_'.$friend['friend_user_id'].'>
                                                '.get_lang('Delete').'
                                            </button>
                                        </p>
                                    </div>
                                </div>
                            </div>
                        ';
                    }
                    $j++;
                }
            }
        }
        echo $friend_html;
        break;
    case 'toogle_course':
        if (api_is_anonymous()) {
            echo '';
            break;
        }
        require_once api_get_path(SYS_CODE_PATH).'forum/forumfunction.inc.php';

        $user_id = Session::read('social_user_id');

        if ($_POST['action']) {
            $action = $_POST['action'];
        }

        switch ($action) {
            case 'load_course':
                $course_id = intval($_POST['course_code']); // the int course id
                $course_info = api_get_course_info_by_id($course_id);
                $course_code = $course_info['code'];

                if (api_is_user_of_course($course_id, api_get_user_id())) {
                    //------Forum messages
                    $forum_result = get_all_post_from_user($user_id, $course_code);
                    $all_result_data = 0;
                    if ($forum_result != '') {
                        echo '<div id="social-forum-main-title">';
                        echo api_xml_http_response_encode(get_lang('Forum'));
                        echo '</div>';

                        echo '<div style="background:#FAF9F6; padding:0px;" >';
                        echo api_xml_http_response_encode($forum_result);
                        echo '</div>';
                        echo '<br />';
                        $all_result_data++;
                    }

                    //------Blog posts
                    $result = Blog::getBlogPostFromUser($course_id, $user_id, $course_code);

                    if (!empty($result)) {
                        api_display_tool_title(api_xml_http_response_encode(get_lang('Blog')));
                        echo '<div style="background:#FAF9F6; padding:0px;">';
                        echo api_xml_http_response_encode($result);
                        echo '</div>';
                        echo '<br />';
                        $all_result_data++;
                    }

                    //------Blog comments
                    $result = Blog::getBlogCommentsFromUser($course_id, $user_id, $course_code);
                    if (!empty($result)) {
                        echo '<div  style="background:#FAF9F6; padding-left:10px;">';
                        api_display_tool_title(api_xml_http_response_encode(get_lang('BlogComments')));
                        echo api_xml_http_response_encode($result);
                        echo '</div>';
                        echo '<br />';
                        $all_result_data++;
                    }
                    if ($all_result_data == 0) {
                        echo api_xml_http_response_encode(get_lang('NoDataAvailable'));
                    }
                } else {
                    echo '<div class="clear"></div><br />';
                    api_display_tool_title(api_xml_http_response_encode(get_lang('Details')));
                    echo '<div style="background:#FAF9F6; padding:0px;">';
                    echo api_xml_http_response_encode(get_lang('UserNonRegisteredAtTheCourse'));
                    echo '<div class="clear"></div><br />';
                    echo '</div>';
                    echo '<div class="clear"></div><br />';
                }
                break;
            case 'unload_course':
            default:
                break;
        }
        break;
    case 'send_comment':
        if (api_is_anonymous()) {
            exit;
        }

        if (api_get_setting('allow_social_tool') !== 'true') {
            exit;
        }

        $messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0;

        if (empty($messageId)) {
            exit;
        }

        $userId = api_get_user_id();
        $messageInfo = MessageManager::get_message_by_id($messageId);
        if (!empty($messageInfo)) {
            $comment = isset($_REQUEST['comment']) ? $_REQUEST['comment'] : '';
            if (!empty($comment)) {
                $messageId = SocialManager::sendWallMessage(
                    $userId,
                    $messageInfo['user_receiver_id'],
                    $comment,
                    $messageId,
                    MESSAGE_STATUS_WALL
                );
                if ($messageId) {
                    $messageInfo = MessageManager::get_message_by_id($messageId);
                    echo SocialManager::processPostComment($messageInfo);
                }
            }
        }
        break;
    case 'delete_message':
        if (api_is_anonymous()) {
            exit;
        }

        if (api_get_setting('allow_social_tool') !== 'true') {
            exit;
        }

        $messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0;

        if (empty($messageId)) {
            exit;
        }

        $userId = api_get_user_id();
        $messageInfo = MessageManager::get_message_by_id($messageId);
        if (!empty($messageInfo)) {
            $canDelete = ($messageInfo['user_receiver_id'] == $userId || $messageInfo['user_sender_id'] == $userId) &&
                empty($messageInfo['group_id']);
            if ($canDelete || api_is_platform_admin()) {
                SocialManager::deleteMessage($messageId);
                echo Display::return_message(get_lang('MessageDeleted'));
                break;
            }
        }
        break;
    case 'list_wall_message':
        if (api_is_anonymous()) {
            break;
        }
        $start = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
        $userId = isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : api_get_user_id();

        $html = '';
        if ($userId == api_get_user_id()) {
            $threadList = SocialManager::getThreadList($userId);
            $threadIdList = [];
            if (!empty($threadList)) {
                $threadIdList = array_column($threadList, 'id');
            }

            $html = SocialManager::getMyWallMessages(
                $userId,
                $start,
                SocialManager::DEFAULT_SCROLL_NEW_POST,
                $threadIdList
            );
            $html = $html['posts'];
        } else {
            $messages = SocialManager::getWallMessages(
                $userId,
                null,
                0,
                0,
                '',
                $start,
                SocialManager::DEFAULT_SCROLL_NEW_POST
            );
            $messages = SocialManager::formatWallMessages($messages);

            if (!empty($messages)) {
                ksort($messages);
                foreach ($messages as $message) {
                    $post = $message['html'];
                    $comments = SocialManager::getWallPostComments($userId, $message);
                    $html .= SocialManager::wrapPost($message, $post.$comments);
                }
            }
        }

        if (!empty($html)) {
            $html .= Display::div(
                Display::url(
                    get_lang('SeeMore'),
                    api_get_self().'?u='.$userId.'&a=list_wall_message&start='.
                    ($start + SocialManager::DEFAULT_SCROLL_NEW_POST).'&length='.SocialManager::DEFAULT_SCROLL_NEW_POST,
                    [
                        'class' => 'nextPage',
                    ]
                ),
                [
                    'class' => 'next',
                ]
            );
        }
        echo $html;
        break;
        // Read the Url using OpenGraph and returns the hyperlinks content
    case 'read_url_with_open_graph':
        $url = isset($_POST['social_wall_new_msg_main']) ? $_POST['social_wall_new_msg_main'] : '';
        $url = trim($url);
        $html = '';
        if (SocialManager::verifyUrl($url) == true) {

            $html = Security::remove_XSS(
                SocialManager::readContentWithOpenGraph($url)
            );
        }
        echo $html;
        break;
    case 'like_message':
        header('Content-Type: application/json');

        if (
            api_is_anonymous() ||
            !api_get_configuration_value('social_enable_messages_feedback')
        ) {
            echo json_encode(false);
            exit;
        }

        $messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0;
        $status = isset($_GET['status']) ? $_GET['status'] : '';
        $groupId = isset($_GET['group']) ? (int) $_GET['group'] : 0;

        if (empty($messageId) || !in_array($status, ['like', 'dislike'])) {
            echo json_encode(false);
            exit;
        }

        $em = Database::getManager();
        $messageRepo = $em->getRepository('ChamiloCoreBundle:Message');
        $messageLikesRepo = $em->getRepository('ChamiloCoreBundle:MessageFeedback');

        /** @var Message $message */
        $message = $messageRepo->find($messageId);

        if (empty($message)) {
            echo json_encode(false);
            exit;
        }

        if ((int) $message->getGroupId() !== $groupId) {
            echo json_encode(false);
            exit;
        }

        if (!empty($message->getGroupId())) {
            $usergroup = new UserGroup();
            $groupInfo = $usergroup->get($groupId);

            if (empty($groupInfo)) {
                echo json_encode(false);
                exit;
            }

            $isMember = $usergroup->is_group_member($groupId, $current_user_id);

            if (GROUP_PERMISSION_CLOSED == $groupInfo['visibility'] && !$isMember) {
                echo json_encode(false);
                exit;
            }
        }

        $user = api_get_user_entity($current_user_id);

        $userLike = $messageLikesRepo->findOneBy(['message' => $message, 'user' => $user]);

        if (empty($userLike)) {
            $userLike = new MessageFeedback();
            $userLike
                ->setMessage($message)
                ->setUser($user);
        }

        if ('like' === $status) {
            if ($userLike->isLiked()) {
                echo json_encode(false);
                exit;
            }

            $userLike
                ->setLiked(true)
                ->setDisliked(false);
        } elseif ('dislike' === $status) {
            if ($userLike->isDisliked()) {
                echo json_encode(false);
                exit;
            }

            $userLike
                ->setLiked(false)
                ->setDisliked(true);
        }

        $userLike
            ->setUpdatedAt(
                api_get_utc_datetime(null, false, true)
            );

        $em->persist($userLike);
        $em->flush();

        echo json_encode(true);
        break;
    default:
        echo '';
}
exit;


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			use Chamilo\CoreBundle\Entity\Message;
5			use Chamilo\CoreBundle\Entity\MessageFeedback;
6			use ChamiloSession as Session;
7
8			/**
9			* Responses to AJAX calls.
10			*/
11			require_once __DIR__.'/../global.inc.php';
12
13			$action = isset($_GET['a']) ? $_GET['a'] : null;
14
15			$current_user_id = api_get_user_id();
16			switch ($action) {
17			case 'add_friend':
18			if (api_is_anonymous()) {
19			echo '';
20			break;
21			}
22			$relation_type = USER_RELATION_TYPE_UNKNOWN; //Unknown contact
23			if (isset($_GET['is_my_friend'])) {
24			$relation_type = USER_RELATION_TYPE_FRIEND; //My friend
25			}
26
27			if (isset($_GET['friend_id'])) {
28			$my_current_friend = $_GET['friend_id'];
29			UserManager::relate_users($current_user_id, $my_current_friend, $relation_type);
30			UserManager::relate_users($my_current_friend, $current_user_id, $relation_type);
31			SocialManager::invitation_accepted($my_current_friend, $current_user_id);
32			Display::addFlash(
33			Display::return_message(get_lang('AddedContactToList'), 'success')
34			);
35
36			header('Location: '.api_get_path(WEB_CODE_PATH).'social/invitations.php');
37			exit;
38			}
39			break;
40			case 'deny_friend':
41			if (api_is_anonymous()) {
42			echo '';
43			break;
44			}
45			$relation_type = USER_RELATION_TYPE_UNKNOWN; //Contact unknown
46			if (isset($_GET['is_my_friend'])) {
47			$relation_type = USER_RELATION_TYPE_FRIEND; //my friend
48			}
49			if (isset($_GET['denied_friend_id'])) {
50			SocialManager::invitation_denied($_GET['denied_friend_id'], $current_user_id);
51			Display::addFlash(
52			Display::return_message(get_lang('InvitationDenied'), 'success')
53			);
54
55			header('Location: '.api_get_path(WEB_CODE_PATH).'social/invitations.php');
56			exit;
57			}
58			break;
59			case 'delete_friend':
60			if (api_is_anonymous()) {
61			echo '';
62			break;
63			}
64			$my_delete_friend = (int) $_POST['delete_friend_id'];
65			if (isset($_POST['delete_friend_id'])) {
66			SocialManager::remove_user_rel_user($my_delete_friend);
67			}
68			break;
69			case 'show_my_friends':
70			if (api_is_anonymous()) {
71			echo '';
72			break;
73			}
74			$user_id = api_get_user_id();
75			$name_search = Security::remove_XSS($_POST['search_name_q']);
76
77			if (isset($name_search) && $name_search != 'undefined') {
78			$friends = SocialManager::get_friends($user_id, null, $name_search);
79			} else {
80			$friends = SocialManager::get_friends($user_id);
81			}
82
83			$friend_html = '';
84			$number_of_images = 8;
85			$number_friends = count($friends);
86			if ($number_friends != 0) {
87			$number_loop = $number_friends / $number_of_images;
88			$loop_friends = ceil($number_loop);
89			$j = 0;
90			for ($k = 0; $k < $loop_friends; $k++) {
91			if ($j == $number_of_images) {
92			$number_of_images = $number_of_images * 2;
93			}
94			while ($j < $number_of_images) {
95			if (isset($friends[$j])) {
96			$friend = $friends[$j];
97			$user_name = api_xml_http_response_encode($friend['firstName'].' '.$friend['lastName']);
98			$userPicture = UserManager::getUserPicture($friend['friend_user_id']);
99
100			$friend_html .= '
101			<div class="col-md-3">
102			<div class="thumbnail text-center" id="div_'.$friends[$j]['friend_user_id'].'">
103			<img src="'.$userPicture.'" class="img-responsive" id="imgfriend_'.$friend['friend_user_id'].'" title="$user_name">
104			<div class="caption">
105			<h3>
106			<a href="profile.php?u='.$friend['friend_user_id'].'">'.$user_name.'</a>
107			</h3>
108			<p>
109			<button class="btn btn-danger" onclick="delete_friend(this)" id=img_'.$friend['friend_user_id'].'>
110			'.get_lang('Delete').'
111			</button>
112			</p>
113			</div>
114			</div>
115			</div>
116			';
117			}
118			$j++;
119			}
120			}
121			}
122			echo $friend_html;
123			break;
124			case 'toogle_course':
125			if (api_is_anonymous()) {
126			echo '';
127			break;
128			}
129			require_once api_get_path(SYS_CODE_PATH).'forum/forumfunction.inc.php';
130
131			$user_id = Session::read('social_user_id');
132
133			if ($_POST['action']) {
134			$action = $_POST['action'];
135			}
136
137			switch ($action) {
138			case 'load_course':
139			$course_id = intval($_POST['course_code']); // the int course id
140			$course_info = api_get_course_info_by_id($course_id);
141			$course_code = $course_info['code'];
142
143			if (api_is_user_of_course($course_id, api_get_user_id())) {
144			//------Forum messages
145			$forum_result = get_all_post_from_user($user_id, $course_code);
146			$all_result_data = 0;
147			if ($forum_result != '') {
148			echo '<div id="social-forum-main-title">';
149			echo api_xml_http_response_encode(get_lang('Forum'));
150			echo '</div>';
151
152			echo '<div style="background:#FAF9F6; padding:0px;" >';
153			echo api_xml_http_response_encode($forum_result);
154			echo '</div>';
155			echo '<br />';
156			$all_result_data++;
157			}
158
159			//------Blog posts
160			$result = Blog::getBlogPostFromUser($course_id, $user_id, $course_code);
161
162			if (!empty($result)) {
163			api_display_tool_title(api_xml_http_response_encode(get_lang('Blog')));
164			echo '<div style="background:#FAF9F6; padding:0px;">';
165			echo api_xml_http_response_encode($result);
166			echo '</div>';
167			echo '<br />';
168			$all_result_data++;
169			}
170
171			//------Blog comments
172			$result = Blog::getBlogCommentsFromUser($course_id, $user_id, $course_code);
173			if (!empty($result)) {
174			echo '<div style="background:#FAF9F6; padding-left:10px;">';
175			api_display_tool_title(api_xml_http_response_encode(get_lang('BlogComments')));
176			echo api_xml_http_response_encode($result);
177			echo '</div>';
178			echo '<br />';
179			$all_result_data++;
180			}
181			if ($all_result_data == 0) {
182			echo api_xml_http_response_encode(get_lang('NoDataAvailable'));
183			}
184			} else {
185			echo '<div class="clear"></div><br />';
186			api_display_tool_title(api_xml_http_response_encode(get_lang('Details')));
187			echo '<div style="background:#FAF9F6; padding:0px;">';
188			echo api_xml_http_response_encode(get_lang('UserNonRegisteredAtTheCourse'));
189			echo '<div class="clear"></div><br />';
190			echo '</div>';
191			echo '<div class="clear"></div><br />';
192			}
193			break;
194			case 'unload_course':
195			default:
196			break;
197			}
198			break;
199			case 'send_comment':
200			if (api_is_anonymous()) {
201			exit;
202			}
203
204			if (api_get_setting('allow_social_tool') !== 'true') {
205			exit;
206			}
207
208			$messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0;
209
210			if (empty($messageId)) {
211			exit;
212			}
213
214			$userId = api_get_user_id();
215			$messageInfo = MessageManager::get_message_by_id($messageId);
216			if (!empty($messageInfo)) {
217			$comment = isset($_REQUEST['comment']) ? $_REQUEST['comment'] : '';
218			if (!empty($comment)) {
219			$messageId = SocialManager::sendWallMessage(
220			$userId,
221			$messageInfo['user_receiver_id'],
222			$comment,
223			$messageId,
224			MESSAGE_STATUS_WALL
225			);
226			if ($messageId) {
227			$messageInfo = MessageManager::get_message_by_id($messageId);
228			echo SocialManager::processPostComment($messageInfo);
229			}
230			}
231			}
232			break;
233			case 'delete_message':
234			if (api_is_anonymous()) {
235			exit;
236			}
237
238			if (api_get_setting('allow_social_tool') !== 'true') {
239			exit;
240			}
241
242			$messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0;
243
244			if (empty($messageId)) {
245			exit;
246			}
247
248			$userId = api_get_user_id();
249			$messageInfo = MessageManager::get_message_by_id($messageId);
250			if (!empty($messageInfo)) {
251			$canDelete = ($messageInfo['user_receiver_id'] == $userId \|\| $messageInfo['user_sender_id'] == $userId) &&
252			empty($messageInfo['group_id']);
253			if ($canDelete \|\| api_is_platform_admin()) {
254			SocialManager::deleteMessage($messageId);
255			echo Display::return_message(get_lang('MessageDeleted'));
256			break;
257			}
258			}
259			break;
260			case 'list_wall_message':
261			if (api_is_anonymous()) {
262			break;
263			}
264			$start = isset($_REQUEST['start']) ? (int) $_REQUEST['start'] : 0;
265			$userId = isset($_REQUEST['u']) ? (int) $_REQUEST['u'] : api_get_user_id();
266
267			$html = '';
268			if ($userId == api_get_user_id()) {
269			$threadList = SocialManager::getThreadList($userId);
270			$threadIdList = [];
271			if (!empty($threadList)) {
272			$threadIdList = array_column($threadList, 'id');
273			}
274
275			$html = SocialManager::getMyWallMessages(
276			$userId,
277			$start,
278			SocialManager::DEFAULT_SCROLL_NEW_POST,
279			$threadIdList
280			);
281			$html = $html['posts'];
282			} else {
283			$messages = SocialManager::getWallMessages(
284			$userId,
285			null,
286			0,
287			0,
288			'',
289			$start,
290			SocialManager::DEFAULT_SCROLL_NEW_POST
291			);
292			$messages = SocialManager::formatWallMessages($messages);
293
294			if (!empty($messages)) {
295			ksort($messages);
296			foreach ($messages as $message) {
297			$post = $message['html'];
298			$comments = SocialManager::getWallPostComments($userId, $message);
299			$html .= SocialManager::wrapPost($message, $post.$comments);
300			}
301			}
302			}
303
304			if (!empty($html)) {
305			$html .= Display::div(
306			Display::url(
307			get_lang('SeeMore'),
308			api_get_self().'?u='.$userId.'&a=list_wall_message&start='.
309			($start + SocialManager::DEFAULT_SCROLL_NEW_POST).'&length='.SocialManager::DEFAULT_SCROLL_NEW_POST,
310			[
311			'class' => 'nextPage',
312			]
313			),
314			[
315			'class' => 'next',
316			]
317			);
318			}
319			echo $html;
320			break;
321			// Read the Url using OpenGraph and returns the hyperlinks content
322			case 'read_url_with_open_graph':
323			$url = isset($_POST['social_wall_new_msg_main']) ? $_POST['social_wall_new_msg_main'] : '';
324			$url = trim($url);
325			$html = '';
326			if (SocialManager::verifyUrl($url) == true) {
			0 ignored issues – show Coding Style Best Practice introduced 2018-01-05 13:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
327			$html = Security::remove_XSS(
328			SocialManager::readContentWithOpenGraph($url)
329			);
330			}
331			echo $html;
332			break;
333			case 'like_message':
334			header('Content-Type: application/json');
335
336			if (
337			api_is_anonymous() \|\|
338			!api_get_configuration_value('social_enable_messages_feedback')
339			) {
340			echo json_encode(false);
341			exit;
342			}
343
344			$messageId = isset($_GET['id']) ? (int) $_GET['id'] : 0;
345			$status = isset($_GET['status']) ? $_GET['status'] : '';
346			$groupId = isset($_GET['group']) ? (int) $_GET['group'] : 0;
347
348			if (empty($messageId) \|\| !in_array($status, ['like', 'dislike'])) {
349			echo json_encode(false);
350			exit;
351			}
352
353			$em = Database::getManager();
354			$messageRepo = $em->getRepository('ChamiloCoreBundle:Message');
355			$messageLikesRepo = $em->getRepository('ChamiloCoreBundle:MessageFeedback');
356
357			/** @var Message $message */
358			$message = $messageRepo->find($messageId);
359
360			if (empty($message)) {
361			echo json_encode(false);
362			exit;
363			}
364
365			if ((int) $message->getGroupId() !== $groupId) {
366			echo json_encode(false);
367			exit;
368			}
369
370			if (!empty($message->getGroupId())) {
371			$usergroup = new UserGroup();
372			$groupInfo = $usergroup->get($groupId);
373
374			if (empty($groupInfo)) {
375			echo json_encode(false);
376			exit;
377			}
378
379			$isMember = $usergroup->is_group_member($groupId, $current_user_id);
380
381			if (GROUP_PERMISSION_CLOSED == $groupInfo['visibility'] && !$isMember) {
382			echo json_encode(false);
383			exit;
384			}
385			}
386
387			$user = api_get_user_entity($current_user_id);
388
389			$userLike = $messageLikesRepo->findOneBy(['message' => $message, 'user' => $user]);
390
391			if (empty($userLike)) {
392			$userLike = new MessageFeedback();
393			$userLike
394			->setMessage($message)
395			->setUser($user);
396			}
397
398			if ('like' === $status) {
399			if ($userLike->isLiked()) {
400			echo json_encode(false);
401			exit;
402			}
403
404			$userLike
405			->setLiked(true)
406			->setDisliked(false);
407			} elseif ('dislike' === $status) {
408			if ($userLike->isDisliked()) {
409			echo json_encode(false);
410			exit;
411			}
412
413			$userLike
414			->setLiked(false)
415			->setDisliked(true);
416			}
417
418			$userLike
419			->setUpdatedAt(
420			api_get_utc_datetime(null, false, true)
421			);
422
423			$em->persist($userLike);
424			$em->flush();
425
426			echo json_encode(true);
427			break;
428			default:
429			echo '';
430			}
431			exit;
432

chamilo / chamilo-lms

Push — 1.11.x ( bce6cd...c146d9 )

main/inc/ajax/social.ajax.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like