Issues in participant-action-edit.php (1.11.x) - Issues in 1.11.x - chamilo/chamilo-lms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2160)

plugin/sepe/src/participant-action-edit.php (3 issues)

Severity

Unknown 3

<?php
/* For licensing terms, see /license.txt */

/**
 *    This script displays a participant edit form.
 */
require_once '../config.php';

$course_plugin = 'sepe';
$plugin = SepePlugin::create();
$_cid = 0;

if (!empty($_POST)) {
    $check = Security::check_token('post');
    if ($check) {
        $companyTutorId = (!empty($_POST['company_tutor_id']) ? intval($_POST['company_tutor_id']) : null);
        $trainingTutorId = (!empty($_POST['training_tutor_id']) ? intval($_POST['training_tutor_id']) : null);
        $tutorCompanyDocumentType = Database::escape_string(trim($_POST['tutor_company_document_type']));
        $tutorCompanyDocumentNumber = Database::escape_string(trim($_POST['tutor_company_document_number']));
        $tutorCompanyDocumentLetter = Database::escape_string(trim($_POST['tutor_company_document_letter']));
        $tutorCompanyAlias = Database::escape_string(trim($_POST['tutor_company_alias']));
        $tutorTrainingDocumentType = Database::escape_string(trim($_POST['tutor_training_document_type']));
        $tutorTrainingDocumentNumber = Database::escape_string(trim($_POST['tutor_training_document_number']));
        $tutorTrainingDocumentLetter = Database::escape_string(trim($_POST['tutor_training_document_letter']));
        $tutorTrainingAlias = Database::escape_string(trim($_POST['tutor_training_alias']));
        $newParticipant = intval($_POST['new_participant']);
        $platformUserId = intval($_POST['platform_user_id']);
        $documentType = Database::escape_string(trim($_POST['document_type']));
        $documentNumber = Database::escape_string(trim($_POST['document_number']));
        $documentLetter = Database::escape_string(trim($_POST['document_letter']));
        $keyCompetence = Database::escape_string(trim($_POST['key_competence']));
        $contractId = Database::escape_string(trim($_POST['contract_id']));
        $companyFiscalNumber = Database::escape_string(trim($_POST['company_fiscal_number']));
        $participantId = intval($_POST['participant_id']);
        $actionId = intval($_POST['action_id']);

        if (isset($companyTutorId) && $companyTutorId == 0) {
            $sql = "SELECT * FROM $tableTutorCompany 
                    WHERE document_type = '".$tutorCompanyDocumentType."' 
                    AND document_number = '".$tutorCompanyDocumentNumber."' 
                    AND document_letter = '".$tutorCompanyDocumentLetter."';";
            $rs = Database::query($sql);
            if (Database::num_rows($rs) > 0) {
                $row = Database::fetch_assoc($rs);
                $companyTutorId = $row['id'];
                $sql = "UPDATE $tableTutorCompany SET company = 1 WHERE id = $companyTutorId";
                Database::query($sql);
            } else {
                $sql = "INSERT INTO $tableTutorCompany (alias,document_type,document_number,document_letter,company) 
                        VALUES ('".$tutorCompanyAlias."','".$tutorCompanyDocumentType."','".$tutorCompanyDocumentNumber."','".$tutorCompanyDocumentLetter."','1');";
                $rs = Database::query($sql);
                if (!$rs) {

                } else {
                    $companyTutorId = Database::insert_id();
                }
            }
        }

        if (isset($trainingTutorId) && $trainingTutorId == 0) {
            $sql = "SELECT * FROM $tableTutorCompany 
                    WHERE 
                        document_type = '".$tutorTrainingDocumentType."' AND 
                        document_number = '".$tutorTrainingDocumentNumber."' AND 
                        document_letter = '".$tutorTrainingDocumentLetter."';";
            $rs = Database::query($sql);

            if (Database::num_rows($rs) > 0) {
                $row = Database::fetch_assoc($rs);
                $trainingTutorId = $row['id'];
                $sql = "UPDATE $tableTutorCompany SET training = 1 WHERE id = $trainingTutorId";
                Database::query($sql);
            } else {
                $sql = "INSERT INTO $tableTutorCompany (alias,document_type,document_number,document_letter,training) 
                        VALUES ('".$tutorTrainingAlias."','".$tutorTrainingDocumentType."','".$tutorTrainingDocumentNumber."','".$tutorTrainingDocumentLetter."','1');";
                $rs = Database::query($sql);
                if (!$rs) {

                } else {
                    $trainingTutorId = Database::insert_id();
                }
            }
        }

        if (isset($newParticipant) && $newParticipant != 1) {
            $sql = "UPDATE $tableSepeParticipants SET 
                        platform_user_id = '".$platformUserId."', 
                        document_type = '".$documentType."', 
                        document_number = '".$documentNumber."', 
                        document_letter = '".$documentLetter."', 
                        key_competence = '".$keyCompetence."', 
                        contract_id = '".$contractId."', 
                        company_fiscal_number = '".$companyFiscalNumber."'
                    WHERE id = $participantId";
        } else {
            $sql = "INSERT INTO $tableSepeParticipants(
                        action_id,
                        platform_user_id,
                        document_type,
                        document_number,
                        document_letter,
                        key_competence,
                        contract_id,
                        company_fiscal_number
                    ) VALUES (
                        '".$actionId."',
                        '".$platformUserId."',
                        '".$documentType."',
                        '".$documentNumber."',
                        '".$documentLetter."',
                        '".$keyCompetence."',
                        '".$contractId."',
                        '".$companyFiscalNumber."'
                    );";
        }
        $res = Database::query($sql);
        if (!$res) {

            $_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange');
        } else {
            if ($newParticipant == 1) {
                $participantId = Database::insert_id();
            }
            // Update tutors
            if (is_null($companyTutorId)) {
                $sql = "UPDATE $tableSepeParticipants SET company_tutor_id = NULL WHERE id = $participantId";
            } else {
                $sql = "UPDATE $tableSepeParticipants SET company_tutor_id = $companyTutorId WHERE id = $participantId";
            }
            Database::query($sql);
            if (is_null($trainingTutorId)) {
                $sql = "UPDATE $tableSepeParticipants SET training_tutor_id = NULL WHERE id = $participantId";
            } else {
                $sql = "UPDATE $tableSepeParticipants SET training_tutor_id = $trainingTutorId WHERE id = $participantId";
            }
            Database::query($sql);

            $insertLog = checkInsertNewLog($platformUserId, $actionId);
            if ($insertLog) {
                $sql = "INSERT INTO $tableSepeLogParticipant (
                            platform_user_id, 
                            action_id, 
                            registration_date
                        ) VALUES (
                            '".$platformUserId."',
                            '".$actionId."',
                            '".date("Y-m-d H:i:s")."'
                        );";
            } else {
                $sql = "INSERT INTO $tableSepeLogChangeParticipant (
                            platform_user_id, 
                            action_id, 
                            change_date
                        ) VALUES (
                            '".$platformUserId."',
                            '".$actionId."',
                            '".date("Y-m-d H:i:s")."'
                        );";
            }
            $res = Database::query($sql);
            $_SESSION['sepe_message_info'] = $plugin->get_lang('SaveChange');
        }
        session_write_close();
        header("Location: participant-action-edit.php?new_participant=0&participant_id=".$participantId."&action_id=".$actionId);
        exit;
    } else {
        $participantId = intval($_POST['participant_id']);
        $actionId = intval($_POST['action_id']);
        $newParticipant = intval($_POST['new_participant']);
        Security::clear_token();
        $token = Security::get_token();
        $_SESSION['sepe_message_error'] = $plugin->get_lang('ProblemToken');
        session_write_close();
        header("Location: participant-action-edit.php?new_participant=".$newParticipant."&participant_id=".$participantId."&action_id=".$actionId);
        exit;
    }
} else {
    $token = Security::get_token();
}

if (api_is_platform_admin()) {
    $actionId = intval($_GET['action_id']);
    $courseId = getCourse($actionId);
    $interbreadcrumb[] = [
        "url" => "/plugin/sepe/src/sepe-administration-menu.php",
        "name" => $plugin->get_lang('MenuSepe'),
    ];
    $interbreadcrumb[] = [
        "url" => "formative-actions-list.php",
        "name" => $plugin->get_lang('FormativesActionsList'),
    ];
    $interbreadcrumb[] = [
        "url" => "formative-action.php?cid=".$courseId,
        "name" => $plugin->get_lang('FormativeAction'),
    ];
    if (isset($_GET['new_participant']) && intval($_GET['new_participant']) == 1) {
        $templateName = $plugin->get_lang('NewParticipantAction');
        $tpl = new Template($templateName);
        $tpl->assign('action_id', $actionId);
        $info = [];
        $tpl->assign('info', $info);
        $tpl->assign('new_participant', '1');
    } else {
        $templateName = $plugin->get_lang('EditParticipantAction');
        $tpl = new Template($templateName);
        $tpl->assign('action_id', $actionId);
        $info = getInfoParticipantAction($_GET['participant_id']);
        $tpl->assign('info', $info);
        $tpl->assign('new_participant', '0');
        $tpl->assign('participant_id', (int) $_GET['participant_id']);

        if ($info['platform_user_id'] != 0) {
            $infoUserPlatform = api_get_user_info($info['platform_user_id']);
            $tpl->assign('info_user_platform', $infoUserPlatform);
        }
        $listParticipantSpecialty = listParticipantSpecialty(intval($_GET['participant_id']));
        $tpl->assign('listParticipantSpecialty', $listParticipantSpecialty);
    }
    $courseCode = getCourseCode($actionId);
    $listStudentInfo = [];
    $listStudent = CourseManager::get_student_list_from_course_code($courseCode);

    foreach ($listStudent as $value) {
        $sql = "SELECT 1 FROM $tableSepeParticipants WHERE platform_user_id = '".$value['user_id']."';";
        $res = Database::query($sql);
        if (Database::num_rows($res) == 0) {
            $listStudentInfo[] = api_get_user_info($value['user_id']);
        }
    }
    $tpl->assign('listStudent', $listStudentInfo);
    $listTutorCompany = listTutorType("company = '1'");
    $tpl->assign('list_tutor_company', $listTutorCompany);
    $listTutorTraining = listTutorType("training = '1'");
    $tpl->assign('list_tutor_training', $listTutorTraining);
    if (isset($_SESSION['sepe_message_info'])) {
        $tpl->assign('message_info', $_SESSION['sepe_message_info']);
        unset($_SESSION['sepe_message_info']);
    }
    if (isset($_SESSION['sepe_message_error'])) {
        $tpl->assign('message_error', $_SESSION['sepe_message_error']);
        unset($_SESSION['sepe_message_error']);
    }
    $tpl->assign('sec_token', $token);
    $listing_tpl = 'sepe/view/participant-action-edit.tpl';
    $content = $tpl->fetch($listing_tpl);
    $tpl->assign('content', $content);
    $tpl->display_one_col_template();
} else {
    header('Location:'.api_get_path(WEB_PATH));
    exit;
}


1			<?php
2			/* For licensing terms, see /license.txt */
3
4			/**
5			* This script displays a participant edit form.
6			*/
7			require_once '../config.php';
8
9			$course_plugin = 'sepe';
10			$plugin = SepePlugin::create();
11			$_cid = 0;
12
13			if (!empty($_POST)) {
14			$check = Security::check_token('post');
15			if ($check) {
16			$companyTutorId = (!empty($_POST['company_tutor_id']) ? intval($_POST['company_tutor_id']) : null);
17			$trainingTutorId = (!empty($_POST['training_tutor_id']) ? intval($_POST['training_tutor_id']) : null);
18			$tutorCompanyDocumentType = Database::escape_string(trim($_POST['tutor_company_document_type']));
19			$tutorCompanyDocumentNumber = Database::escape_string(trim($_POST['tutor_company_document_number']));
20			$tutorCompanyDocumentLetter = Database::escape_string(trim($_POST['tutor_company_document_letter']));
21			$tutorCompanyAlias = Database::escape_string(trim($_POST['tutor_company_alias']));
22			$tutorTrainingDocumentType = Database::escape_string(trim($_POST['tutor_training_document_type']));
23			$tutorTrainingDocumentNumber = Database::escape_string(trim($_POST['tutor_training_document_number']));
24			$tutorTrainingDocumentLetter = Database::escape_string(trim($_POST['tutor_training_document_letter']));
25			$tutorTrainingAlias = Database::escape_string(trim($_POST['tutor_training_alias']));
26			$newParticipant = intval($_POST['new_participant']);
27			$platformUserId = intval($_POST['platform_user_id']);
28			$documentType = Database::escape_string(trim($_POST['document_type']));
29			$documentNumber = Database::escape_string(trim($_POST['document_number']));
30			$documentLetter = Database::escape_string(trim($_POST['document_letter']));
31			$keyCompetence = Database::escape_string(trim($_POST['key_competence']));
32			$contractId = Database::escape_string(trim($_POST['contract_id']));
33			$companyFiscalNumber = Database::escape_string(trim($_POST['company_fiscal_number']));
34			$participantId = intval($_POST['participant_id']);
35			$actionId = intval($_POST['action_id']);
36
37			if (isset($companyTutorId) && $companyTutorId == 0) {
38			$sql = "SELECT * FROM $tableTutorCompany
39			WHERE document_type = '".$tutorCompanyDocumentType."'
40			AND document_number = '".$tutorCompanyDocumentNumber."'
41			AND document_letter = '".$tutorCompanyDocumentLetter."';";
42			$rs = Database::query($sql);
43			if (Database::num_rows($rs) > 0) {
44			$row = Database::fetch_assoc($rs);
45			$companyTutorId = $row['id'];
46			$sql = "UPDATE $tableTutorCompany SET company = 1 WHERE id = $companyTutorId";
47			Database::query($sql);
48			} else {
49			$sql = "INSERT INTO $tableTutorCompany (alias,document_type,document_number,document_letter,company)
50			VALUES ('".$tutorCompanyAlias."','".$tutorCompanyDocumentType."','".$tutorCompanyDocumentNumber."','".$tutorCompanyDocumentLetter."','1');";
51			$rs = Database::query($sql);
52			if (!$rs) {
			0 ignored issues – show introduced 2018-10-19 10:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$rs` is of type `Doctrine\DBAL\Driver\Statement`, thus it always evaluated to `true`. Loading history...
53			} else {
54			$companyTutorId = Database::insert_id();
55			}
56			}
57			}
58
59			if (isset($trainingTutorId) && $trainingTutorId == 0) {
60			$sql = "SELECT * FROM $tableTutorCompany
61			WHERE
62			document_type = '".$tutorTrainingDocumentType."' AND
63			document_number = '".$tutorTrainingDocumentNumber."' AND
64			document_letter = '".$tutorTrainingDocumentLetter."';";
65			$rs = Database::query($sql);
66
67			if (Database::num_rows($rs) > 0) {
68			$row = Database::fetch_assoc($rs);
69			$trainingTutorId = $row['id'];
70			$sql = "UPDATE $tableTutorCompany SET training = 1 WHERE id = $trainingTutorId";
71			Database::query($sql);
72			} else {
73			$sql = "INSERT INTO $tableTutorCompany (alias,document_type,document_number,document_letter,training)
74			VALUES ('".$tutorTrainingAlias."','".$tutorTrainingDocumentType."','".$tutorTrainingDocumentNumber."','".$tutorTrainingDocumentLetter."','1');";
75			$rs = Database::query($sql);
76			if (!$rs) {
			0 ignored issues – show introduced 2018-10-19 10:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$rs` is of type `Doctrine\DBAL\Driver\Statement`, thus it always evaluated to `true`. Loading history...
77			} else {
78			$trainingTutorId = Database::insert_id();
79			}
80			}
81			}
82
83			if (isset($newParticipant) && $newParticipant != 1) {
84			$sql = "UPDATE $tableSepeParticipants SET
85			platform_user_id = '".$platformUserId."',
86			document_type = '".$documentType."',
87			document_number = '".$documentNumber."',
88			document_letter = '".$documentLetter."',
89			key_competence = '".$keyCompetence."',
90			contract_id = '".$contractId."',
91			company_fiscal_number = '".$companyFiscalNumber."'
92			WHERE id = $participantId";
93			} else {
94			$sql = "INSERT INTO $tableSepeParticipants(
95			action_id,
96			platform_user_id,
97			document_type,
98			document_number,
99			document_letter,
100			key_competence,
101			contract_id,
102			company_fiscal_number
103			) VALUES (
104			'".$actionId."',
105			'".$platformUserId."',
106			'".$documentType."',
107			'".$documentNumber."',
108			'".$documentLetter."',
109			'".$keyCompetence."',
110			'".$contractId."',
111			'".$companyFiscalNumber."'
112			);";
113			}
114			$res = Database::query($sql);
115			if (!$res) {
			0 ignored issues – show introduced 2018-10-19 10:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$res` is of type `Doctrine\DBAL\Driver\Statement`, thus it always evaluated to `true`. Loading history...
116			$_SESSION['sepe_message_error'] = $plugin->get_lang('NoSaveChange');
117			} else {
118			if ($newParticipant == 1) {
119			$participantId = Database::insert_id();
120			}
121			// Update tutors
122			if (is_null($companyTutorId)) {
123			$sql = "UPDATE $tableSepeParticipants SET company_tutor_id = NULL WHERE id = $participantId";
124			} else {
125			$sql = "UPDATE $tableSepeParticipants SET company_tutor_id = $companyTutorId WHERE id = $participantId";
126			}
127			Database::query($sql);
128			if (is_null($trainingTutorId)) {
129			$sql = "UPDATE $tableSepeParticipants SET training_tutor_id = NULL WHERE id = $participantId";
130			} else {
131			$sql = "UPDATE $tableSepeParticipants SET training_tutor_id = $trainingTutorId WHERE id = $participantId";
132			}
133			Database::query($sql);
134
135			$insertLog = checkInsertNewLog($platformUserId, $actionId);
136			if ($insertLog) {
137			$sql = "INSERT INTO $tableSepeLogParticipant (
138			platform_user_id,
139			action_id,
140			registration_date
141			) VALUES (
142			'".$platformUserId."',
143			'".$actionId."',
144			'".date("Y-m-d H:i:s")."'
145			);";
146			} else {
147			$sql = "INSERT INTO $tableSepeLogChangeParticipant (
148			platform_user_id,
149			action_id,
150			change_date
151			) VALUES (
152			'".$platformUserId."',
153			'".$actionId."',
154			'".date("Y-m-d H:i:s")."'
155			);";
156			}
157			$res = Database::query($sql);
158			$_SESSION['sepe_message_info'] = $plugin->get_lang('SaveChange');
159			}
160			session_write_close();
161			header("Location: participant-action-edit.php?new_participant=0&participant_id=".$participantId."&action_id=".$actionId);
162			exit;
163			} else {
164			$participantId = intval($_POST['participant_id']);
165			$actionId = intval($_POST['action_id']);
166			$newParticipant = intval($_POST['new_participant']);
167			Security::clear_token();
168			$token = Security::get_token();
169			$_SESSION['sepe_message_error'] = $plugin->get_lang('ProblemToken');
170			session_write_close();
171			header("Location: participant-action-edit.php?new_participant=".$newParticipant."&participant_id=".$participantId."&action_id=".$actionId);
172			exit;
173			}
174			} else {
175			$token = Security::get_token();
176			}
177
178			if (api_is_platform_admin()) {
179			$actionId = intval($_GET['action_id']);
180			$courseId = getCourse($actionId);
181			$interbreadcrumb[] = [
182			"url" => "/plugin/sepe/src/sepe-administration-menu.php",
183			"name" => $plugin->get_lang('MenuSepe'),
184			];
185			$interbreadcrumb[] = [
186			"url" => "formative-actions-list.php",
187			"name" => $plugin->get_lang('FormativesActionsList'),
188			];
189			$interbreadcrumb[] = [
190			"url" => "formative-action.php?cid=".$courseId,
191			"name" => $plugin->get_lang('FormativeAction'),
192			];
193			if (isset($_GET['new_participant']) && intval($_GET['new_participant']) == 1) {
194			$templateName = $plugin->get_lang('NewParticipantAction');
195			$tpl = new Template($templateName);
196			$tpl->assign('action_id', $actionId);
197			$info = [];
198			$tpl->assign('info', $info);
199			$tpl->assign('new_participant', '1');
200			} else {
201			$templateName = $plugin->get_lang('EditParticipantAction');
202			$tpl = new Template($templateName);
203			$tpl->assign('action_id', $actionId);
204			$info = getInfoParticipantAction($_GET['participant_id']);
205			$tpl->assign('info', $info);
206			$tpl->assign('new_participant', '0');
207			$tpl->assign('participant_id', (int) $_GET['participant_id']);
208
209			if ($info['platform_user_id'] != 0) {
210			$infoUserPlatform = api_get_user_info($info['platform_user_id']);
211			$tpl->assign('info_user_platform', $infoUserPlatform);
212			}
213			$listParticipantSpecialty = listParticipantSpecialty(intval($_GET['participant_id']));
214			$tpl->assign('listParticipantSpecialty', $listParticipantSpecialty);
215			}
216			$courseCode = getCourseCode($actionId);
217			$listStudentInfo = [];
218			$listStudent = CourseManager::get_student_list_from_course_code($courseCode);
219
220			foreach ($listStudent as $value) {
221			$sql = "SELECT 1 FROM $tableSepeParticipants WHERE platform_user_id = '".$value['user_id']."';";
222			$res = Database::query($sql);
223			if (Database::num_rows($res) == 0) {
224			$listStudentInfo[] = api_get_user_info($value['user_id']);
225			}
226			}
227			$tpl->assign('listStudent', $listStudentInfo);
228			$listTutorCompany = listTutorType("company = '1'");
229			$tpl->assign('list_tutor_company', $listTutorCompany);
230			$listTutorTraining = listTutorType("training = '1'");
231			$tpl->assign('list_tutor_training', $listTutorTraining);
232			if (isset($_SESSION['sepe_message_info'])) {
233			$tpl->assign('message_info', $_SESSION['sepe_message_info']);
234			unset($_SESSION['sepe_message_info']);
235			}
236			if (isset($_SESSION['sepe_message_error'])) {
237			$tpl->assign('message_error', $_SESSION['sepe_message_error']);
238			unset($_SESSION['sepe_message_error']);
239			}
240			$tpl->assign('sec_token', $token);
241			$listing_tpl = 'sepe/view/participant-action-edit.tpl';
242			$content = $tpl->fetch($listing_tpl);
243			$tpl->assign('content', $content);
244			$tpl->display_one_col_template();
245			} else {
246			header('Location:'.api_get_path(WEB_PATH));
247			exit;
248			}
249

chamilo / chamilo-lms

Issues (2160)

plugin/sepe/src/participant-action-edit.php (3 issues)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like