From 4830b67f8b59b9f8e27610513e50a7d748fb36ff Mon Sep 17 00:00:00 2001 From: drlippman Date: Tue, 3 Jul 2018 18:56:23 -0700 Subject: [PATCH] Strip old database code --- DEembedq.php | 7 - OEAembedq.php | 9 - actions.php | 96 --- admin/actions.php | 2 - admin/admin.php | 27 - admin/approvepending.php | 23 - admin/bbexport-generate.php | 11 - admin/ccexport-generate.php | 30 - admin/diagonetime.php | 15 - admin/diagsetup.php | 27 - admin/exportitems.php | 45 - admin/exportitems2.php | 3 - admin/exportlib.php | 25 - admin/externaltools.php | 29 - admin/forms.php | 50 -- admin/hidefromcourselist.php | 3 - admin/importitems.php | 72 -- admin/importlib.php | 40 - admin/importstu.php | 31 - admin/jsonexport.php | 14 - admin/ltioutcomeservice.php | 21 - admin/pushoutchg.php | 29 - admin/unhidefromcourselist.php | 10 - admin/userlti.php | 4 - assessment/catscores.php | 13 - assessment/displayq2.php | 25 - assessment/interpret5.php | 9 - assessment/printtest.php | 17 - assessment/showtest.php | 160 ---- assessment/testutil.php | 26 - bltilaunch.php | 356 -------- calcqtimes.php | 36 - course/addassessment.php | 109 +-- course/addblock.php | 21 - course/addcalendar.php | 23 - course/adddrillassess.php | 66 -- course/addforum.php | 59 -- course/addgrades.php | 90 -- course/addinlinetext.php | 59 -- course/addlinkedtext.php | 52 -- course/addoutcomes.php | 23 - course/addquestions.php | 105 --- course/addquestionssave.php | 11 - course/addrubric.php | 14 - course/addvideotimes.php | 13 - course/addwiki.php | 35 - course/assessendmsg.php | 12 - course/categorize.php | 37 - course/chgassessments.php | 66 -- course/chgblocks.php | 11 - course/chgforums.php | 33 - course/chgoffline.php | 17 - course/claimbadge.php | 13 - course/contentstats.php | 19 - course/convertintro.php | 11 - course/copyitems.php | 136 --- course/copyoneitem.php | 20 - course/course.php | 33 - course/coursemap.php | 1 - course/courseshowitems.php | 52 -- course/coursetolibrary.php | 8 - course/definebadges.php | 26 - course/deleteassessment.php | 27 - course/deleteblock.php | 13 - course/deletedrillassess.php | 22 - course/deleteforum.php | 9 - course/deleteinlinetext.php | 29 - course/deletelinkedtext.php | 30 - course/deletewiki.php | 25 - course/delitembyid.php | 68 -- course/drillassess.php | 24 - course/edittoolscores.php | 52 -- course/enrollfromothercourse.php | 16 - course/exception.php | 42 - course/gb-aidexport.php | 20 - course/gb-export.php | 12 - course/gb-itemanalysis.php | 38 - course/gb-itemanalysisdetail.php | 23 - course/gb-itemresults.php | 17 - course/gb-testing.php | 3 - course/gb-viewasid.php | 162 ---- course/gb-viewdrill.php | 9 - course/gbcomments.php | 18 - course/gbsettings.php | 21 - course/gbtable2.php | 61 -- course/getblockitems.php | 14 - course/gradeallq.php | 32 - course/gradebook.php | 41 - course/improvoerassess.php | 13 - course/isolateassessbygroup.php | 23 - course/isolateassessgrade.php | 36 +- course/latepasses.php | 21 - course/libtree.php | 4 - course/libtree2.php | 5 - course/listusers.php | 122 --- course/lockstu.php | 14 - course/logingrid.php | 7 - course/managecalitems.php | 10 - course/managelibs.php | 78 -- course/manageqset.php | 105 --- course/managestugrps.php | 145 ---- course/managetutors.php | 30 - course/masschgdates.php | 33 - course/massexception.php | 64 -- course/masssend.php | 46 - course/mergeassess.php | 61 -- course/moddataset.php | 119 --- course/modquestion.php | 29 - course/modquestiongrid.php | 40 - course/modtutorialq.php | 76 -- course/outcomemap.php | 27 - course/outcomereport.php | 9 - course/outcometable.php | 53 -- course/printlayout.php | 21 - course/printlayoutbare.php | 14 - course/printlayoutword.php | 15 - course/public.php | 1 - course/quickdrill.php | 7 - course/rectrack.php | 9 - course/redeemlatepass.php | 39 - course/redeemlatepassforum.php | 42 - course/report-weeklylab.php | 12 - course/reviewlibrary.php | 80 -- course/savebrokenqflag.php | 15 - course/savecalendardrag.php | 8 - course/savelibassignflag.php | 4 - course/savequickreorder.php | 14 - course/sendmsgmodal.php | 17 - course/showlinkedtext.php | 13 - course/showlinkedtextpublic.php | 14 - course/showstugroup.php | 4 - course/testquestion.php | 10 - course/timeshift.php | 4 - course/treereader.php | 35 - course/unenroll.php | 21 - course/uploadgrades.php | 18 - course/uploadmultgrades.php | 30 - course/verifybadge.php | 31 - course/viewactionlog.php | 30 - course/viewemails.php | 6 - course/viewforumgrade.php | 23 +- course/viewloginlog.php | 8 - course/viewsource.php | 3 - diag/index.php | 53 -- directaccess.php | 28 - embedq.php | 3 - filter/basiclti/post.php | 12 - filter/graph/svgimg.php | 2 - footer.php | 3 - forms.php | 40 - forums/flaggedthreads.php | 5 - forums/forums.php | 30 - forums/listlikes.php | 11 - forums/listviews.php | 11 - forums/newthreads.php | 18 - forums/posthandler.php | 187 ----- forums/posts.php | 1349 ++++++++++++++---------------- forums/postsbyname.php | 34 - forums/recordlikes.php | 18 - forums/savetagged.php | 8 - forums/thread.php | 114 --- getpostlist.php | 37 - includes/JWT.php | 6 - includes/OAuth.php | 4 - includes/calendardisp.php | 26 - includes/copyiteminc.php | 188 ----- includes/filehandler.php | 21 - includes/ltioauthstore.php | 28 - includes/ltioutcomes.php | 19 - includes/stugroups.php | 20 - includes/unenroll.php | 49 -- includes/updateassess.php | 8 - index.php | 72 -- installexamples.php | 8 - ltihome.php | 99 --- msgs/allstumsglist.php | 33 - msgs/msghistory.php | 23 - msgs/msglist.php | 158 ---- msgs/newmsglist.php | 16 - msgs/savetagged.php | 4 - msgs/sentlist.php | 46 - msgs/viewmsg.php | 42 - setupdb.php | 69 -- upgrade.php | 78 -- util/blocksearch.php | 4 - util/getqcnt.php | 7 - util/getstucnt.php | 22 - util/getstucntdet.php | 7 - util/itemsearch.php | 8 - util/listdeprecated.php | 4 - util/listextref.php | 4 - util/listwronglibs.php | 7 - util/makeconditional.php | 14 - util/mergescores.php | 14 - util/mergestus.php | 15 - util/mergeteachers.php | 2 - util/replacevids.php | 18 - util/rescoreassess.php | 12 - util/rescuecourse.php | 14 - util/updatedeprecated.php | 5 - util/updateextref.php | 8 - util/updatewronglibs.php | 2 - util/utils.php | 30 - validate.php | 60 -- wikis/editwiki.php | 36 - wikis/viewwiki.php | 58 -- wikis/viewwikipublic.php | 21 - wikis/wikirev.php | 11 - 208 files changed, 640 insertions(+), 7709 deletions(-) diff --git a/DEembedq.php b/DEembedq.php index 5eef89ae11..65731a54b2 100644 --- a/DEembedq.php +++ b/DEembedq.php @@ -110,16 +110,12 @@ } $rawafter = implode('~',$rawafter); } - //DB $lastanswers[0] = stripslashes($lastanswers[0]); $pts = getpts($after); $params = array('action'=>'updatescore', 'id'=>$qsetid, 'score'=>$pts, 'redisplay'=>"$seed;$rawafter;{$lastanswers[0]}"); if (isset($_POST['auth'])) { - //DB $query = "SELECT password FROM imas_users WHERE SID='".$_POST['auth']."'"; - //DB $result = mysql_query($query) or die("Query failed: $query: " . mysql_error()); - //DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT password FROM imas_users WHERE SID=:SID"); $stm->execute(array(':SID'=>Sanitize::stripHtmlTags($_POST['auth']))); $row = $stm->fetch(PDO::FETCH_NUM); @@ -230,9 +226,6 @@ function printscore($sc,$qsetid,$seed) { $pts = $sc; if (!is_numeric($pts)) { $pts = 0;} } else { - //DB $query = "SELECT control FROM imas_questionset WHERE id='$qsetid'"; - //DB $result = mysql_query($query) or die("Query failed: $query: " . mysql_error()); - //DB $control = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT control FROM imas_questionset WHERE id=:id"); $stm->execute(array(':id'=>$qsetid)); $control = $stm->fetchColumn(0); diff --git a/OEAembedq.php b/OEAembedq.php index 86a137be03..34f6426f9a 100644 --- a/OEAembedq.php +++ b/OEAembedq.php @@ -166,9 +166,6 @@ function sendresizemsg() { $seed = intval($_POST['seed']); $scoredonsubmit = false; if (isset($_POST['auth'])) { - //DB $query = "SELECT password FROM imas_users WHERE SID='{$_POST['auth']}'"; - //DB $result = mysql_query($query) or die("Query failed: $query: " . mysql_error()); - //DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT password FROM imas_users WHERE SID=:SID"); $stm->execute(array(':SID'=>Sanitize::stripHtmlTags($_POST['auth']))); $row = $stm->fetch(PDO::FETCH_NUM); @@ -285,9 +282,6 @@ function sendresizemsg() { } if (isset($QS['auth'])) { $verarr = array("id"=>$qsetid, "seed"=>$seed, 'scoredonsubmit'=>$scoredonsubmit, 'showans'=>$showansonsubmit); - //DB $query = "SELECT password FROM imas_users WHERE SID='".addslashes(stripslashes($QS['auth']))."'"; - //DB $result = mysql_query($query) or die("Query failed: $query: " . mysql_error()); - //DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT password FROM imas_users WHERE SID=:SID"); $stm->execute(array(':SID'=>Sanitize::stripHtmlTags($QS['auth']))); $key = $stm->fetchColumn(0); @@ -367,9 +361,6 @@ function printscore($sc,$qsetid,$seed) { $pts = $sc; if (!is_numeric($pts)) { $pts = 0;} } else { - //DB $query = "SELECT control FROM imas_questionset WHERE id='$qsetid'"; - //DB $result = mysql_query($query) or die("Query failed: $query: " . mysql_error()); - //DB $control = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT control FROM imas_questionset WHERE id=:id"); $stm->execute(array(':id'=>$qsetid)); $control = $stm->fetchColumn(0); diff --git a/actions.php b/actions.php index 20c6247a76..5705f071e0 100644 --- a/actions.php +++ b/actions.php @@ -102,10 +102,6 @@ exit; } } - //DB $query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify, homelayout) "; - //DB $query .= "VALUES ('{$_POST['SID']}','$md5pw',$initialrights,'{$_POST['firstname']}','{$_POST['lastname']}','{$_POST['email']}',$msgnot,'$homelayout');"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $newuserid = mysql_insert_id(); $query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify, homelayout) "; $query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :msgnotify, :homelayout)"; @@ -156,9 +152,6 @@ if (!is_numeric($_POST['courseid'])) { $error = 'Invalid course id'; } else { - //DB $query = "SELECT enrollkey,allowunenroll,deflatepass FROM imas_courses WHERE id = '{$_POST['courseid']}' AND (available=0 OR available=2)"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $query = "SELECT enrollkey,allowunenroll,deflatepass,msgset FROM imas_courses WHERE id=:cid AND (available=0 OR available=2)"; $stm = $DBH->prepare($query); @@ -178,7 +171,6 @@ $error = 'Incorrect enrollment key'; } else { if (count($keylist)>1) { - //DB $query = "INSERT INTO imas_students (userid,courseid,section,latepass) VALUES ('$newuserid','{$_POST['courseid']}','{$_POST['ekey']}','{$line['deflatepass']}');"; $query = "INSERT INTO imas_students (userid,courseid,section,latepass) VALUES (:uid,:cid,:section,:latepass);"; $array = array( ':uid'=>$newuserid, @@ -187,13 +179,11 @@ ':latepass'=>$line['deflatepass'] ); } else { - //DB $query = "INSERT INTO imas_students (userid,courseid,latepass) VALUES ('$newuserid','{$_POST['courseid']}','{$line['deflatepass']}');"; $query = "INSERT INTO imas_students (userid,courseid,latepass) VALUES (:uid,:cid,:latepass);"; $array = array(':uid'=>$newuserid, ':cid'=>$_POST['courseid'], ':latepass'=>$line['deflatepass']); } $stm = $DBH->prepare($query); $stm->execute($array); - //DB mysql_query($query) or die("Query failed : " . mysql_error()); echo '

You have been enrolled in course ID '.Sanitize::encodeStringForDisplay($_POST['courseid']).'

'; $msgOnEnroll = ((floor($line['msgset']/5)&2) > 0); @@ -224,9 +214,6 @@ exit; } else if ($_GET['action']=="confirm") { require_once("init_without_validate.php"); - //DB $query = "UPDATE imas_users SET rights=10 WHERE id='{$_GET['id']}' AND rights=0"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_affected_rows()>0) { $query = "UPDATE imas_users SET rights=10 WHERE id=:id AND rights=0"; $stm = $DBH->prepare($query); @@ -245,24 +232,18 @@ } else if ($_GET['action']=="resetpw") { require_once("init_without_validate.php"); if (isset($_POST['username'])) { - //DB $query = "SELECT id,email,rights FROM imas_users WHERE SID='{$_POST['username']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $query = "SELECT id,email,rights FROM imas_users WHERE SID=:sid"; $stm = $DBH->prepare($query); $stm->execute(array(':sid'=>$_POST['username'])); if ($stm->rowCount()>0) { list($id,$email,$rights) = $stm->fetch(PDO::FETCH_NUM); - //DB mysql_fetch_row($result); $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $code = ''; for ($i=0;$i<10;$i++) { $code .= substr($chars,rand(0,61),1); } - //DB $query = "UPDATE imas_users SET remoteaccess='$code' WHERE id=$id"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $query = "UPDATE imas_users SET remoteaccess=:code WHERE id=:id"; $stm = $DBH->prepare($query); @@ -302,10 +283,6 @@ .'&id='.Sanitize::encodeUrlParam($_POST['id']).'">Try again'; exit; } - //DB $query = "SELECT remoteaccess FROM imas_users WHERE id='{$_POST['id']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $realcode = mysql_result($result,0,0); - //DB if (mysql_num_rows($result)>0 && $_POST['code']===$realcode && $realcode!='') { $query = "SELECT remoteaccess FROM imas_users WHERE id=:id"; $stm = $DBH->prepare($query); @@ -318,8 +295,6 @@ } else { $newpw = md5($_POST['pw1']); } - //DB $query = "UPDATE imas_users SET password='$newpw',remoteaccess='' WHERE id='{$_POST['id']}' LIMIT 1"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $query = "UPDATE imas_users SET password=:newpw,remoteaccess='' WHERE id=:id LIMIT 1"; $stm = $DBH->prepare($query); @@ -339,9 +314,6 @@ } } else if ($_GET['action']=="lookupusername") { require_once("init_without_validate.php"); - //DB $query = "SELECT SID,lastaccess FROM imas_users WHERE email='{$_POST['email']}' AND SID NOT LIKE 'lti-%'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $query = "SELECT SID,lastaccess FROM imas_users WHERE email=:email AND SID NOT LIKE 'lti-%'"; $stm = $DBH->prepare($query); @@ -355,7 +327,6 @@ $message = "

This is an automated message from $installname. Do not respond to this email

\r\n"; $message .= "

Your email was entered in the Username Lookup page on $installname. If you did not do this, you may ignore and delete this message. "; $message .= "All usernames using this email address are listed below

"; - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_ASSOC)) { if ($row['lastaccess']==0) { $lastlogin = "Never"; @@ -373,9 +344,6 @@ exit; } else { - //DB $query = "SELECT SID,lastaccess FROM imas_users WHERE email='{$_POST['email']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $query = "SELECT SID,lastaccess FROM imas_users WHERE email=:email AND SID LIKE 'lti-%'"; $stm = $DBH->prepare($query); @@ -406,8 +374,6 @@ require("init.php"); if ($_GET['action']=="logout") { $sessionid = session_id(); - //DB $query = "DELETE FROM imas_sessions WHERE sessionid='$sessionid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_sessions WHERE sessionid=?"); $stm->execute(array($sessionid)); $_SESSION = array(); @@ -416,9 +382,6 @@ } session_destroy(); } else if ($_GET['action']=="chgpwd" || $_GET['action']=="forcechgpwd") { - //DB $query = "SELECT password FROM imas_users WHERE id = '$userid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT password FROM imas_users WHERE id=:uid"); $stm->execute(array(':uid'=>$userid)); $line = $stm->fetch(PDO::FETCH_ASSOC); @@ -457,9 +420,6 @@ require("footer.php"); exit; } - //DB $query = "SELECT enrollkey,allowunenroll,deflatepass FROM imas_courses WHERE id = '{$_POST['cid']}' AND (available=0 OR available=2)"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT enrollkey,allowunenroll,deflatepass,msgset FROM imas_courses WHERE id = :cid AND (available=0 OR available=2)"); $stm->execute(array(':cid'=>$_POST['cid'])); @@ -484,9 +444,6 @@ require("footer.php"); exit; } else { - //DB $query = "SELECT * FROM imas_teachers WHERE userid='$userid' AND courseid='{$_POST['cid']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $stm = $DBH->prepare("SELECT id FROM imas_teachers WHERE userid=:uid AND courseid=:cid"); $stm->execute(array(':uid'=>$userid, ':cid'=>$_POST['cid'])); if ($stm->rowCount() > 0) { @@ -498,9 +455,6 @@ require("footer.php"); exit; } - //DB $query = "SELECT * FROM imas_tutors WHERE userid='$userid' AND courseid='{$_POST['cid']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $stm = $DBH->prepare("SELECT id FROM imas_tutors WHERE userid=:uid AND courseid=:cid"); $stm->execute(array(':uid'=>$userid, ':cid'=>$_POST['cid'])); if ($stm->rowCount() > 0) { @@ -511,9 +465,6 @@ require("footer.php"); exit; } - //DB $query = "SELECT * FROM imas_students WHERE userid='$userid' AND courseid='{$_POST['cid']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $stm = $DBH->prepare("SELECT id FROM imas_students WHERE userid=:uid AND courseid=:cid"); $stm->execute(array(':uid'=>$userid, ':cid'=>$_POST['cid'])); if ($stm->rowCount() > 0) { @@ -532,11 +483,9 @@ exit; } else { if (count($keylist)>1) { - //DB $query = "INSERT INTO imas_students (userid,courseid,section,latepass) VALUES ('$userid','{$_POST['cid']}','{$_POST['ekey']}','{$line['deflatepass']}');"; $query = "INSERT INTO imas_students (userid,courseid,section,latepass) VALUES (:uid,:cid,:section,:latepass);"; $array = array(':uid'=>$userid, ':cid'=>$_POST['cid'], ':section'=>$_POST['ekey'],':latepass'=>$line['deflatepass']); } else { - //DB $query = "INSERT INTO imas_students (userid,courseid,latepass) VALUES ('$userid','{$_POST['cid']}','{$line['deflatepass']}');"; $query = "INSERT INTO imas_students (userid,courseid,latepass) VALUES (:uid,:cid,:latepass);"; $array = array(':uid'=>$userid, ':cid'=>$_POST['cid'], ':latepass'=>$line['deflatepass']); } @@ -554,8 +503,6 @@ ':msgto'=>$tuid, ':msgfrom'=>$userid, ':senddate'=>time())); } } - - //DB mysql_query($query) or die("Query failed : " . mysql_error()); require("header.php"); echo $pagetopper; echo '

You have been enrolled in course ID '.Sanitize::courseId($_POST['cid']).'

'; @@ -581,29 +528,17 @@ exit; } $cid = Sanitize::courseId($_GET['cid']); - //DB $query = "SELECT allowunenroll FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_result($result,0,0)==1) { $stm = $DBH->prepare("SELECT allowunenroll FROM imas_courses WHERE id=:cid"); $stm->execute(array(':cid'=>$cid)); if ($stm->fetchColumn()==1) { - //DB $query = "DELETE FROM imas_students WHERE userid='$userid' AND courseid='$cid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_students WHERE userid=:uid AND courseid=:cid"); $stm->execute(array(':uid'=>$userid,':cid'=>$cid)); - //DB $query = "SELECT id FROM imas_assessments WHERE courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { /* $stm = $DBH->prepare("SELECT id FROM imas_assessments WHERE courseid=:cid"); $stm->execute(array(':cid'=>$cid)); while ($row = $stm->fetch(PDO::FETCH_ASSOC)) { - //DB $query = "DELETE FROM imas_assessment_sessions WHERE assessmentid='{$row[0]}' AND userid='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_assessment_sessions WHERE assessmentid=:aid AND userid=:uid"); $stm->execute(array(':uid'=>$userid,':aid'=>$row['id'])); - //DB $query = "DELETE FROM imas_exceptions WHERE assessmentid='{$row[0]}' AND userid='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_exceptions WHERE assessmentid=:aid AND itemtype='A' AND userid=:uid"); $stm->execute(array(':uid'=>$userid,':aid'=>$row['id'])); } @@ -613,29 +548,11 @@ $stm = $DBH->prepare("DELETE FROM imas_exceptions WHERE itemtype='A' AND assessmentid IN (SELECT id FROM imas_assessments WHERE courseid=:cid) AND userid=:uid"); $stm->execute(array(':uid'=>$userid,':cid'=>$cid)); - - //DB $query = "DELETE FROM imas_drillassess_sessions WHERE drillassessid IN (SELECT id FROM imas_drillassess WHERE courseid='$cid') AND userid='$userid'"; - //DB mysql_query($query) or die("Query failed : $query" . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_drillassess_sessions WHERE drillassessid IN (SELECT id FROM imas_drillassess WHERE courseid=:cid) AND userid=:uid"); $stm->execute(array(':uid'=>$userid,':cid'=>$cid)); - - //DB $query = "SELECT id FROM imas_gbitems WHERE courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { - //DB $query = "DELETE FROM imas_grades WHERE gradetype='offline' AND gradetypeid='{$row[0]}' AND userid='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); //} $stm = $DBH->prepare("DELETE FROM imas_grades WHERE gradetype='offline' AND gradetypeid= IN (SELECT id FROM imas_gbitems WHERE courseid=:cid) AND userid=:uid"); $stm->execute(array(':uid'=>$userid,':cid'=>$cid)); - - //DB $query = "SELECT id FROM imas_forums WHERE courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { - //DB $q2 = "SELECT threadid FROM imas_forum_posts WHERE forumid='{$row[0]}'"; - //DB $r2 = mysql_query($q2) or die("Query failed : " . mysql_error()); - //DB while ($rw2 = mysql_fetch_row($r2)) { - //DB $query = "DELETE FROM imas_forum_views WHERE threadid='{$rw2[0]}' AND userid='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); // } //} $query = "DELETE FROM imas_forum_views WHERE userid=:uid AND threadid IN "; @@ -718,8 +635,6 @@ $_POST['theme'] = str_replace(array('/','..'), '', $_POST['theme']); //DEB $query = "UPDATE imas_users SET FirstName='{$_POST['firstname']}',LastName='{$_POST['lastname']}',email='{$_POST['email']}',msgnotify=$msgnot,qrightsdef=$qrightsdef,deflib='$deflib',usedeflib='$usedeflib',homelayout='$layoutstr',theme='{$_POST['theme']}',listperpage='$perpage'$chguserimg "; - //DB $query .= "WHERE id='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $query = "UPDATE imas_users SET FirstName=:FirstName, LastName=:LastName, email=:email, msgnotify=:msgnotify, qrightsdef=:qrightsdef, deflib=:deflib,"; $query .= "usedeflib=:usedeflib, homelayout=:homelayout, theme=:theme, listperpage=:listperpage $chguserimg WHERE id=:uid"; @@ -729,9 +644,6 @@ ':deflib'=>$deflib, ':usedeflib'=>$usedeflib, ':theme'=>$_POST['theme'], ':listperpage'=>$perpage, ':uid'=>$userid)); if (isset($_POST['dochgpw'])) { - //DB $query = "SELECT password FROM imas_users WHERE id = '$userid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT password FROM imas_users WHERE id = :uid"); $stm->execute(array(':uid'=>$userid)); $line = $stm->fetch(PDO::FETCH_ASSOC); @@ -741,8 +653,6 @@ } else { $newpw =md5($_POST['pw1']); } - //DB $query = "UPDATE imas_users SET password='$md5pw' WHERE id='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_users SET password = :newpw WHERE id = :uid"); $stm->execute(array(':uid'=>$userid, ':newpw'=>$newpw)); } else { @@ -762,8 +672,6 @@ if (isset($_POST['settimezone'])) { if (date_default_timezone_set($_POST['settimezone'])) { $tzname = $_POST['settimezone']; - //DB $query = "UPDATE imas_sessions SET tzname='$tzname' WHERE sessionid='$sessionid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_sessions SET tzname=:tzname WHERE sessionid=:sessionid"); $stm->execute(array(':tzname'=>$tzname, ':sessionid'=>$sessionid)); } @@ -776,14 +684,10 @@ } $tohide = array_diff($all,$checked); $hidelist = implode(',', $tohide); - //DB $query = "UPDATE imas_users SET hideonpostswidget='$hidelist' WHERE id='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_users SET hideonpostswidget=:hidelist WHERE id= :uid"); $stm->execute(array(':uid'=>$userid, ':hidelist'=>$hidelist)); } else if ($_GET['action']=="googlegadget") { if (isset($_GET['clear'])) { - //DB $query = "UPDATE imas_users SET remoteaccess='' WHERE id='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_users SET remoteaccess='' WHERE id = :uid"); $stm->execute(array(':uid'=>$userid)); } diff --git a/admin/actions.php b/admin/actions.php index bd6f44f020..89f9eb29e3 100644 --- a/admin/actions.php +++ b/admin/actions.php @@ -962,8 +962,6 @@ function updateoutcomes(&$arr) { } } } - //DB $query = "DELETE FROM imas_instr_files WHERE itemid='{$ilid[0]}'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_instr_files WHERE itemid=:itemid"); $stm->execute(array(':itemid'=>$ilid[0])); } diff --git a/admin/admin.php b/admin/admin.php index baf14ee8cb..a60f95dbd2 100644 --- a/admin/admin.php +++ b/admin/admin.php @@ -47,19 +47,15 @@ } else { //data manipulation here //data processing for COURSES block - //DB $query = "SELECT imas_courses.id,imas_courses.ownerid,imas_courses.name,imas_courses.available,imas_users.FirstName,imas_users.LastName FROM imas_courses,imas_users "; - //DB $query .= "WHERE imas_courses.ownerid=imas_users.id "; $query = "SELECT imas_courses.id,imas_courses.ownerid,imas_courses.name,imas_courses.available,imas_users.FirstName,imas_users.LastName FROM imas_courses,imas_users "; $query .= "WHERE imas_courses.ownerid=imas_users.id "; $qarr = array(); if ($myrights<100) { $query .= " AND imas_courses.available<4 ";} if (($myrights >= 40 && $myrights<75) || $showcourses==0) { - //DB $query .= " AND imas_courses.ownerid='$userid'"; $query .= " AND imas_courses.ownerid=:ownerid"; $qarr[':ownerid'] = $userid; } if ($myrights >= 75 && $showcourses>0) { - //DB $query .= " AND imas_courses.ownerid='$showcourses'"; $query .= " AND imas_courses.ownerid=:ownerid"; $qarr[':ownerid'] = $showcourses; $query .= " ORDER BY imas_users.LastName,imas_courses.name"; @@ -68,11 +64,8 @@ } $stm = $DBH->prepare($query); $stm->execute($qarr); - - //DB $result = mysql_query($query) or die("Query failed : $query" . mysql_error()); $page_courseList = array(); $i=0; - //DB while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { while ($line = $stm->fetch(PDO::FETCH_ASSOC)) { $page_courseList[$i]['id'] = $line['id']; $page_courseList[$i]['name'] = $line['name']; @@ -92,16 +85,12 @@ //get list of teachers for the select box if ($myrights==75) { - //DB $query = "SELECT id,LastName,FirstName,SID FROM imas_users WHERE rights>10 AND groupid='$groupid' ORDER BY LastName,FirstName"; $stm = $DBH->prepare("SELECT id,LastName,FirstName,SID FROM imas_users WHERE rights>10 AND groupid=:groupid ORDER BY LastName,FirstName"); $stm->execute(array(':groupid'=>$groupid)); } else if ($myrights==100) { - //DB $query = "SELECT id,LastName,FirstName,SID FROM imas_users WHERE rights>10 ORDER BY LastName,FirstName"; $stm = $DBH->query("SELECT id,LastName,FirstName,SID FROM imas_users WHERE rights>10 ORDER BY LastName,FirstName"); } - //DB $result = mysql_query($query) or die("Query failed : $query" . mysql_error()); $i=0; - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $page_teacherSelectVal[$i] = $row[0]; $page_teacherSelectLabel[$i] = sprintf("%s, %s (%s)", Sanitize::encodeStringForDisplay($row[1]), @@ -113,15 +102,11 @@ if (($myspecialrights&4)==4 || $myrights == 100) { if ($myrights<75) { - //DB $query = "SELECT d.id,d.name,d.public FROM imas_diags as d JOIN imas_users AS u ON u.id=d.ownerid"; - //DB $query .= " WHERE d.ownerid='$userid' ORDER BY d.name"; $query = "SELECT d.id,d.name,d.public FROM imas_diags as d JOIN imas_users AS u ON u.id=d.ownerid"; $query .= " WHERE d.ownerid=:ownerid ORDER BY d.name"; $stm = $DBH->prepare($query); $stm->execute(array(':ownerid'=>$userid)); } else if ($myrights<100) { - //DB $query = "SELECT d.id,d.name,d.public FROM imas_diags as d JOIN imas_users AS u ON u.id=d.ownerid"; - //DB $query .= " WHERE u.groupid='$groupid' ORDER BY d.name"; $query = "SELECT d.id,d.name,d.public FROM imas_diags as d JOIN imas_users AS u ON u.id=d.ownerid"; $query .= " WHERE u.groupid=:groupid ORDER BY d.name"; $stm = $DBH->prepare($query); @@ -129,9 +114,7 @@ } else { $stm = $DBH->query("SELECT id,name,public FROM imas_diags ORDER BY name"); } - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $i=0; - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $page_diagnosticsId[$i] = $row[0]; $page_diagnosticsName[$i] = $row[1]; @@ -144,31 +127,24 @@ //DATA PROCESSING FOR USERS BLOCK if ($myrights < 100) { $page_userBlockTitle = "Group - Non Students"; - //DB $query = "SELECT id,SID,FirstName,LastName,rights,lastaccess FROM imas_users WHERE rights > 10 AND groupid='$groupid' ORDER BY LastName"; $stm = $DBH->prepare("SELECT id,SID,FirstName,LastName,rights,lastaccess FROM imas_users WHERE rights > 10 AND groupid=:groupid ORDER BY LastName"); $stm->execute(array(':groupid'=>$groupid)); } else { if ($showusers==-1) { $page_userBlockTitle = "Pending Users"; - //DB $query = "SELECT id,SID,FirstName,LastName,email,rights,lastaccess FROM imas_users WHERE rights=0 OR rights=12 ORDER BY LastName"; $stm = $DBH->query("SELECT id,SID,FirstName,LastName,email,rights,lastaccess FROM imas_users WHERE rights=0 OR rights=12 ORDER BY LastName"); } else if (is_numeric($showusers)) { $page_userBlockTitle = "Group Users"; - //DB $query = "SELECT id,SID,FirstName,LastName,email,rights,lastaccess FROM imas_users WHERE rights > 10 AND groupid='$showusers' ORDER BY LastName"; $stm = $DBH->prepare("SELECT id,SID,FirstName,LastName,email,rights,lastaccess FROM imas_users WHERE rights > 11 AND rights<>76 AND groupid=:groupid ORDER BY LastName"); $stm->execute(array(':groupid'=>$showusers)); } else { $page_userBlockTitle = "All Users - $showusers"; - //DB $query = "SELECT id,SID,FirstName,LastName,email,rights,lastaccess FROM imas_users WHERE substring(LastName,1,1)='$showusers' ORDER BY LastName"; $stm = $DBH->prepare("SELECT id,SID,FirstName,LastName,email,rights,lastaccess FROM imas_users WHERE substring(LastName,1,1)=:showusers ORDER BY LastName"); $stm->execute(array(':showusers'=>$showusers)); } } - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - $i=0; - //DB while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { while ($line = $stm->fetch(PDO::FETCH_ASSOC)) { $page_userDataId[$i] = $line['id']; $page_userDataSid[$i] = $line['SID']; @@ -194,11 +170,8 @@ $page_userSelectVal[1] = 0; $page_userSelectLabel[1] = "Default"; $i=2; - //DB $query = "SELECT id,name,parent from imas_groups ORDER BY name"; - //DB $result = mysql_query($query) or die("Query failed : $query" . mysql_error()); $stm = $DBH->query("SELECT id,name,parent from imas_groups ORDER BY name"); $groupdata = array(); - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $groupdata[$row[0]] = $row; } diff --git a/admin/approvepending.php b/admin/approvepending.php index 5819f2f2be..d87247e071 100644 --- a/admin/approvepending.php +++ b/admin/approvepending.php @@ -14,8 +14,6 @@ if (isset($_POST['skip'])) { $offset++; } else if (isset($_POST['deny'])) { - //DB $query = "UPDATE imas_users SET rights=10 WHERE id='{$_POST['id']}'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_users SET rights=10 WHERE id=:id"); $stm->execute(array(':id'=>$uid)); if (isset($CFG['GEN']['enrollonnewinstructor'])) { @@ -30,26 +28,17 @@ if ($_POST['group']>-1) { $group = intval($_POST['group']); } else if (trim($_POST['newgroup'])!='') { - //DB $query = "INSERT INTO imas_groups (name) VALUES ('{$_POST['newgroup']}')"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $group = mysql_insert_id(); $stm = $DBH->prepare("INSERT INTO imas_groups (name) VALUES (:name)"); $stm->execute(array(':name'=>$_POST['newgroup'])); $group = $DBH->lastInsertId(); } else { $group = 0; } - //DB $query = "UPDATE imas_users SET rights=40,groupid=$group WHERE id='{$_POST['id']}'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_users SET rights=40,groupid=:groupid WHERE id=:id"); $stm->execute(array(':groupid'=>$group, ':id'=>$uid)); $stm = $DBH->prepare("UPDATE imas_instr_acct_reqs SET status=11 WHERE userid=:id"); $stm->execute(array(':id'=>$uid)); - - //DB $query = "SELECT FirstName,SID,email FROM imas_users WHERE id='{$_POST['id']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT FirstName,SID,email FROM imas_users WHERE id=:id"); $stm->execute(array(':id'=>$uid)); $row = $stm->fetch(PDO::FETCH_NUM); @@ -71,20 +60,11 @@ } require("../header.php"); -//DB $query = "SELECT id,SID,LastName,FirstName,email FROM imas_users WHERE rights=0 OR rights=12 LIMIT 1 OFFSET $offset"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB if (mysql_num_rows($result)==0) { $stm = $DBH->query("SELECT id,SID,LastName,FirstName,email FROM imas_users WHERE rights=0 OR rights=12 LIMIT 1 OFFSET $offset"); //sanitized above if ($stm->rowCount()==0) { echo 'No one to approve'; } else { - //DB $row = mysql_fetch_row($result); $row = $stm->fetch(PDO::FETCH_NUM); - - //DB $query = "SELECT log FROM imas_log WHERE log LIKE 'New Instructor Request: {$row[0]}::%'"; - //DB $res = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($res)>0) { - //DB $log = explode('::', mysql_result($res,0,0)); $stm = $DBH->prepare("SELECT time,log FROM imas_log WHERE log LIKE :log"); $stm->execute(array(':log'=>"New Instructor Request: {$row[0]}::%")); if ($stm->rowCount()>0) { @@ -134,9 +114,6 @@ echo '

Group:
\n"; echo 'Associate with group
\n"; echo 'Associate with group '; - //DB $query = "SELECT id,name FROM imas_groups ORDER BY name"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($r = mysql_fetch_row($result)) { $stm = $DBH->query("SELECT id,name FROM imas_groups ORDER BY name"); while ($r = $stm->fetch(PDO::FETCH_NUM)) { echo '

Pushed out Question settings for $nq questions. $n total changes made.

"; } if (isset($_POST['instr'])) { - //DB $query = "SELECT name,intro FROM imas_assessments WHERE courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("SELECT name,intro FROM imas_assessments WHERE courseid=:courseid"); $stm->execute(array(':courseid'=>$cid)); $n = 0; $na = 0; - //DB while ($row = mysql_fetch_array($result)) { - //DB while ($row = mysql_fetch_array($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { - //DB $query = "UPDATE imas_assessments SET intro='".addslashes($row[1])."' WHERE name='{$row[0]}'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $n += mysql_affected_rows(); $stm2 = $DBH->prepare("UPDATE imas_assessments SET intro=:intro WHERE name=:name"); $stm2->execute(array(':name'=>$row[0], ':intro'=>$row[1])); $n += $stm2->rowCount(); @@ -60,17 +40,11 @@ echo "

Pushed out Intro/Instructions for $na assessments. $n total changes made.

"; } if (isset($_POST['caltag'])) { - //DB $query = "SELECT name,caltag,calrtag FROM imas_assessments WHERE courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("SELECT name,caltag,calrtag FROM imas_assessments WHERE courseid=:courseid"); $stm->execute(array(':courseid'=>$cid)); $n = 0; $na = 0; - //DB while ($row = mysql_fetch_array($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { - //DB $query = "UPDATE imas_assessments SET caltag='".addslashes($row[1])."',calrtag='".addslashes($row[2])."' WHERE name='{$row[0]}'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $n += mysql_affected_rows(); $stm2 = $DBH->prepare("UPDATE imas_assessments SET caltag=:caltag,calrtag=:calrtag WHERE name=:name"); $stm2->execute(array(':name'=>$row[0], ':caltag'=>$row[1], ':calrtag'=>$row[2])); $n += $stm2->rowCount(); @@ -84,11 +58,8 @@ echo '

Push out Changes

'; echo '
'; echo '

Select the course to push out from: -

+ +
+ $name) { $existBlocksVals[$i]=$k; - //DB $existBlocksLabels[$i]=stripslashes($name); $existBlocksLabels[$i]=$name; $i++; } @@ -95,14 +94,9 @@ function buildExistBlocksArray($items,$parent) { $grouplimit[] = $_POST['grouplimit']; } //$_POST['title'] = str_replace(array(',','\\"','\\\'','~'),"",$_POST['title']); - - //DB $query = "SELECT itemorder,blockcnt FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("SELECT itemorder,blockcnt FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$cid)); list ($itemlist, $blockcnt) = $stm->fetch(PDO::FETCH_NUM); - //DB $items = unserialize(mysql_result($result,0,0)); - //DB $blockcnt = mysql_result($result,0,1); $items = unserialize($itemlist); if (isset($_GET['block'])) { //adding new @@ -138,7 +132,6 @@ function buildExistBlocksArray($items,$parent) { } } if (isset($existingid)) { //already have id; update - //DB $sub[$existingid]['name'] = htmlentities(stripslashes($_POST['title'])); $sub[$existingid]['name'] = htmlentities($_POST['title']); $sub[$existingid]['startdate'] = $startdate; $sub[$existingid]['enddate'] = $enddate; @@ -150,7 +143,6 @@ function buildExistBlocksArray($items,$parent) { $sub[$existingid]['grouplimit'] = $grouplimit; } else { //add new $blockitems = array(); - //DB $blockitems['name'] = htmlentities(stripslashes($_POST['title'])); $blockitems['name'] = htmlentities($_POST['title']); $blockitems['id'] = $blockcnt; $blockitems['startdate'] = $startdate; @@ -170,10 +162,7 @@ function buildExistBlocksArray($items,$parent) { $blockcnt++; } - //DB $itemorder = addslashes(serialize($items)); $itemorder = serialize($items); - //DB $query = "UPDATE imas_courses SET itemorder='$itemorder',blockcnt=$blockcnt WHERE id='$cid';"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_courses SET itemorder=:itemorder,blockcnt=:blockcnt WHERE id=:id"); $stm->execute(array(':itemorder'=>$itemorder, ':blockcnt'=>$blockcnt, ':id'=>$cid)); header(sprintf('Location: %s/course/course.php?cid=%s&r=' .Sanitize::randomQueryStringParam() , $GLOBALS['basesiteurl'], $cid)); @@ -182,9 +171,6 @@ function buildExistBlocksArray($items,$parent) { } else { //it is a teacher but the form has not been posted if (isset($_GET['id'])) { //teacher modifying existing block, load form with block data - //DB $query = "SELECT itemorder FROM imas_courses WHERE id='{$_GET['cid']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $items = unserialize(mysql_result($result,0,0)); $stm = $DBH->prepare("SELECT itemorder FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$cid)); $items = unserialize($stm->fetchColumn(0)); @@ -197,7 +183,6 @@ function buildExistBlocksArray($items,$parent) { $blockitems = $blockitems[$blocktree[$i]-1]['items']; //-1 to adjust for 1-indexing } } - //DB $title = stripslashes($blockitems[$existingid]['name']); $title = $blockitems[$existingid]['name']; $title = str_replace('"','"',$title); $startdate = $blockitems[$existingid]['startdate']; @@ -253,9 +238,6 @@ function buildExistBlocksArray($items,$parent) { $usedef = 1; $fixedheight = 0; $grouplimit = array(); - //DB $query = "SELECT itemorder FROM imas_courses WHERE id='{$_GET['cid']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $items = unserialize(mysql_result($result,0,0)); $stm = $DBH->prepare("SELECT itemorder FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$cid)); $items = unserialize($stm->fetchColumn(0)); @@ -270,9 +252,6 @@ function buildExistBlocksArray($items,$parent) { $page_sectionlistval = array("none"); $page_sectionlistlabel = array("No restriction"); - //DB $query = "SELECT DISTINCT section FROM imas_students WHERE courseid='$cid' ORDER BY section"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT DISTINCT section FROM imas_students WHERE courseid=:courseid ORDER BY section"); $stm->execute(array(':courseid'=>$cid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { diff --git a/course/addcalendar.php b/course/addcalendar.php index 171983cf9e..cbf123a0e5 100644 --- a/course/addcalendar.php +++ b/course/addcalendar.php @@ -27,15 +27,8 @@ $block = $_GET['block']; $itemid = Sanitize::onlyInt($_GET['id']); - - //DB $query = "DELETE FROM imas_items WHERE id='$itemid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_items WHERE id=:id"); $stm->execute(array(':id'=>$itemid)); - - //DB $query = "SELECT itemorder FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $items = unserialize(mysql_result($result,0,0)); $stm = $DBH->prepare("SELECT itemorder FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$cid)); $items = unserialize($stm->fetchColumn(0)); @@ -47,29 +40,17 @@ } $key = array_search($itemid,$sub); array_splice($sub,$key,1); - //DB $itemorder = addslashes(serialize($items)); $itemorder = serialize($items); - //DB $query = "UPDATE imas_courses SET itemorder='$itemorder' WHERE id='$cid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_courses SET itemorder=:itemorder WHERE id=:id"); $stm->execute(array(':itemorder'=>$itemorder, ':id'=>$cid)); } else { $block = $_GET['block']; $cid = Sanitize::courseId($_GET['cid']); - - //DB $query = "INSERT INTO imas_items (courseid,itemtype) VALUES "; - //DB $query .= "('$cid','Calendar');"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $query = "INSERT INTO imas_items (courseid,itemtype) VALUES "; $query .= "(:courseid, 'Calendar');"; $stm = $DBH->prepare($query); $stm->execute(array(':courseid'=>$cid)); - //DB $itemid = mysql_insert_id(); $itemid = $DBH->lastInsertId(); - - //DB $query = "SELECT itemorder FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT itemorder FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$cid)); $line = $stm->fetch(PDO::FETCH_ASSOC); @@ -85,11 +66,7 @@ } else if ($totb=='t') { array_unshift($sub,$itemid); } - - //DB $itemorder = addslashes(serialize($items)); $itemorder = serialize($items); - //DB $query = "UPDATE imas_courses SET itemorder='$itemorder' WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_courses SET itemorder=:itemorder WHERE id=:id"); $stm->execute(array(':itemorder'=>$itemorder, ':id'=>$cid)); diff --git a/course/adddrillassess.php b/course/adddrillassess.php index 42e1917cb5..3a6b0f5b0b 100644 --- a/course/adddrillassess.php +++ b/course/adddrillassess.php @@ -21,10 +21,6 @@ $totb = 'b'; } $block = $_GET['block']; - -//DB $query = "SELECT * FROM imas_drillassess WHERE id='$daid' AND courseid='$cid'"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB if (mysql_num_rows($result)==0) { $stm = $DBH->prepare("SELECT * FROM imas_drillassess WHERE id=:id AND courseid=:courseid"); $stm->execute(array(':id'=>$daid, ':courseid'=>$cid)); if ($stm->rowCount()==0) { @@ -43,7 +39,6 @@ $avail = 1; $caltag = 'D'; } else { - //DB $dadata = mysql_fetch_array($result, MYSQL_ASSOC); $dadata = $stm->fetch(PDO::FETCH_ASSOC); $n = $dadata['n']; $showtype = $dadata['showtype']; @@ -69,8 +64,6 @@ } if (isset($_GET['clearatt'])) { - //DB $query = "DELETE FROM imas_drillassess_sessions WHERE drillassessid=$daid"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_drillassess_sessions WHERE drillassessid=:drillassessid"); $stm->execute(array(':drillassessid'=>$daid)); header(sprintf('Location: %s/course/adddrillassess.php?cid=%s&daid=%d&r=%s', $GLOBALS['basesiteurl'], $cid, $daid, Sanitize::randomQueryStringParam())); @@ -92,14 +85,12 @@ $startdate = 0; $enddate = 2000000000; } - //DB $_POST['title'] = addslashes(htmlentities(stripslashes($_POST['title']))); $_POST['title'] = htmlentities($_POST['title']); require_once("../includes/htmLawed.php"); if ($_POST['summary']=='

Enter summary here (displays on course page)

') { $_POST['summary'] = ''; } else { - //DB $_POST['summary'] = addslashes(myhtmLawed(stripslashes($_POST['summary']))); $_POST['summary'] = myhtmLawed($_POST['summary']); } @@ -140,13 +131,10 @@ } } $toadd_query_placeholders = Sanitize::generateQueryPlaceholders($toadd); - //DB $query = "SELECT id,description FROM imas_questionset WHERE id IN ($toaddlist)"; $query = "SELECT id,description FROM imas_questionset WHERE id IN ($toadd_query_placeholders)"; $stm = $DBH->prepare($query); //pre-sanitized INTs $stm->execute(array_values($toadd)); - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $descr = array(); - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $descr[$row[0]] = str_replace(',','',$row[1]); } @@ -170,10 +158,6 @@ $descrlist = implode(',',$itemdescr); $bestlist = implode(',',$classbests); if ($daid==0) { - //DB $query = "INSERT INTO imas_drillassess (courseid,name,summary,avail,startdate,enddate,itemdescr,itemids,scoretype,showtype,n,classbests,showtostu) VALUES "; - //DB $query .= "($cid,'{$_POST['title']}','{$_POST['summary']}','{$_POST['avail']}','$startdate','$enddate','$descrlist','$itemlist','$scoretype',$showtype,$n,'$bestlist',$showtostu)"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $daid = mysql_insert_id(); $query = "INSERT INTO imas_drillassess (courseid,name,summary,avail,startdate,enddate,itemdescr,itemids,scoretype,showtype,n,classbests,showtostu) VALUES "; $query .= "(:courseid, :name, :summary, :avail, :startdate, :enddate, :itemdescr, :itemids, :scoretype, :showtype, :n, :classbests, :showtostu)"; $stm = $DBH->prepare($query); @@ -181,18 +165,9 @@ ':startdate'=>$startdate, ':enddate'=>$enddate, ':itemdescr'=>$descrlist, ':itemids'=>$itemlist, ':scoretype'=>$scoretype, ':showtype'=>$showtype, ':n'=>$n, ':classbests'=>$bestlist, ':showtostu'=>$showtostu)); $daid = $DBH->lastInsertId(); - - //DB $query = "INSERT INTO imas_items (courseid,itemtype,typeid) VALUES "; - //DB $query .= "('$cid','Drill','$daid');"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $itemid = mysql_insert_id(); $stm = $DBH->prepare("INSERT INTO imas_items (courseid,itemtype,typeid) VALUES (:courseid, 'Drill', :typeid)"); $stm->execute(array(':courseid'=>$cid, ':typeid'=>$daid)); $itemid = $DBH->lastInsertId(); - - //DB $query = "SELECT itemorder FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT itemorder FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$cid)); $line = $stm->fetch(PDO::FETCH_ASSOC); @@ -208,26 +183,16 @@ } else if ($totb=='t') { array_unshift($sub,$itemid); } - //DB $itemorder = addslashes(serialize($items)); $itemorder = serialize($items); - //DB $query = "UPDATE imas_courses SET itemorder='$itemorder' WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_courses SET itemorder=:itemorder WHERE id=:id"); $stm->execute(array(':itemorder'=>$itemorder, ':id'=>$cid)); } else { if ($beentaken) { - //DB $query = "UPDATE imas_drillassess SET itemdescr='$descrlist',showtostu=$showtostu"; - //DB $query .= ",name='{$_POST['title']}',summary='{$_POST['summary']}',avail='{$_POST['avail']}',caltag='{$_POST['caltag']}',startdate='$startdate',enddate='$enddate'"; - //DB $query .= " WHERE id=$daid"; $query = "UPDATE imas_drillassess SET itemdescr=:itemdescr,showtostu=:showtostu,"; $query .= "name=:name,summary=:summary,avail=:avail,caltag=:caltag,startdate=:startdate,enddate=:enddate"; $qarr = array(':itemdescr'=>$descrlist, ':showtostu'=>$showtostu, ':name'=>$_POST['title'], ':summary'=>$_POST['summary'], ':avail'=>$_POST['avail'], ':caltag'=>$_POST['caltag'], ':startdate'=>$startdate, ':enddate'=>$enddate); } else { - //DB $query = "UPDATE imas_drillassess SET itemdescr='$descrlist',showtostu=$showtostu,itemids='$itemlist',"; - //DB $query .= "scoretype='$scoretype',showtype=$showtype,n=$n"; - //DB $query .= ",name='{$_POST['title']}',summary='{$_POST['summary']}',avail='{$_POST['avail']}',caltag='{$_POST['caltag']}',startdate='$startdate',enddate='$enddate'"; - //DB $query .= " WHERE id=$daid"; $query = "UPDATE imas_drillassess SET itemdescr=:itemdescr,showtostu=:showtostu,"; $query .= "name=:name,summary=:summary,avail=:avail,caltag=:caltag,startdate=:startdate,enddate=:enddate,"; $query .= "itemids=:itemids,scoretype=:scoretype,showtype=:showtype,n=:n"; @@ -237,7 +202,6 @@ } if ($updatebests) { - //DB $query .= ",classbests='$bestlist'"; $query .= ",classbests=:classbests"; $qarr[':classbests'] = $bestlist; } @@ -245,11 +209,8 @@ $qarr[':id'] = $daid; $stm = $DBH->prepare($query); $stm->execute($qarr); - //DB mysql_query($query) or die("Query failed : " . mysql_error()); if (!$beentaken) { //Delete any instructor attempts to account for possible changes - //DB $query = "DELETE FROM imas_drillassess_sessions WHERE drillassessid=$daid"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_drillassess_sessions WHERE drillassessid=:drillassessid"); $stm->execute(array(':drillassessid'=>$daid)); } @@ -258,7 +219,6 @@ if (isset($_POST['search'])) { $safesearch = $_POST['search']; $safesearch = str_replace(' and ', ' ',$safesearch); - //DB $search = stripslashes($safesearch); $search = $safesearch; $search = str_replace('"','"',$search); $sessiondata['lastsearch'.$cid] = $safesearch; //str_replace(" ","+",$safesearch); @@ -308,11 +268,6 @@ } exit; } - -//DB $query = "SELECT ias.id FROM imas_drillassess_sessions AS ias,imas_students WHERE "; -//DB $query .= "ias.drillassessid='$daid' AND ias.userid=imas_students.userid AND imas_students.courseid='$cid' LIMIT 1"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB if (mysql_num_rows($result)>0) { $query = "SELECT ias.id FROM imas_drillassess_sessions AS ias,imas_students WHERE "; $query .= "ias.drillassessid=:drillassessid AND ias.userid=imas_students.userid AND imas_students.courseid=:courseid LIMIT 1"; $stm = $DBH->prepare($query); @@ -338,7 +293,6 @@ if (isset($sessiondata['lastsearch'.$cid])) { $safesearch = trim($sessiondata['lastsearch'.$cid]); //str_replace("+"," ",$sessiondata['lastsearch'.$cid]); - //DB $search = stripslashes($safesearch); $search = $safesearch; $search = str_replace('"','"',$search); $searchall = $sessiondata['searchall'.$cid]; @@ -357,17 +311,14 @@ $searchlikes = ''; } else { $searchterms = explode(" ",$safesearch); - //DB $searchlikes = "((imas_questionset.description LIKE '%".implode("%' AND imas_questionset.description LIKE '%",$searchterms)."%') "; $searchlikes = "((imas_questionset.description LIKE ?".str_repeat(" AND imas_questionset.description LIKE ?",count($searchterms)-1).") "; foreach ($searchterms as $t) { $searchlikevals[] = "%$t%"; } if (substr($safesearch,0,3)=='id=') { - //DB searchlikes = "imas_questionset.id='".substr($safesearch,3)."' AND "; $searchlikes = "imas_questionset.id=? AND "; $searchlikevals = array(substr($safesearch,3)); } else if (is_numeric($safesearch)) { - //DB $searchlikes .= "OR imas_questionset.id='$safesearch') AND "; $searchlikes .= "OR imas_questionset.id=?) AND "; $searchlikevals[] = $safesearch; } else { @@ -381,7 +332,6 @@ } else { $searchlibs = $userdeflib; } -//DB $llist = "'".implode("','",explode(',',$searchlibs))."'"; $llist = implode(',',array_map('intval', explode(',',$searchlibs))); echo ' 0) { $query = "SELECT COUNT(imas_users.id) FROM imas_users,imas_students WHERE imas_users.id=imas_students.userid "; $query .= "AND imas_students.courseid=:courseid AND imas_students.section IS NOT NULL"; $stm = $DBH->prepare($query); @@ -124,9 +116,6 @@ function sendtoall(type) { } if ($hassection) { - //DB $query = "SELECT usersort FROM imas_gbscheme WHERE courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_result($result,0,0)==0) { $stm = $DBH->prepare("SELECT usersort FROM imas_gbscheme WHERE courseid=:courseid"); $stm->execute(array(':courseid'=>$cid)); if ($stm->fetchColumn(0)==0) { @@ -141,9 +130,6 @@ function sendtoall(type) { if ($hassection) { echo "\n"; } - //DB $query = "SELECT latepasshrs FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $hours = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT latepasshrs FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$cid)); $hours = $stm->fetchColumn(0); @@ -156,10 +142,6 @@ function sendtoall(type) { echo 'Section'; } echo "LatePasses Remaining"; - - //DB $query = "SELECT imas_users.id,imas_users.LastName,imas_users.FirstName,imas_students.section,imas_students.latepass "; - //DB $query .= "FROM imas_users,imas_students WHERE "; - //DB $query .= "imas_users.id=imas_students.userid AND imas_students.courseid='$cid'"; $query = "SELECT imas_users.id,imas_users.LastName,imas_users.FirstName,imas_students.section,imas_students.latepass "; $query .= "FROM imas_users,imas_students WHERE "; $query .= "imas_users.id=imas_students.userid AND imas_students.courseid=:courseid"; @@ -169,11 +151,8 @@ function sendtoall(type) { } else { $query .= " ORDER BY imas_users.LastName,imas_users.FirstName"; } - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare($query); $stm->execute(array(':courseid'=>$cid)); - - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { echo "" . Sanitize::encodeStringForDisplay($row[1]) . ", " . Sanitize::encodeStringForDisplay($row[2]) . ""; if ($hassection) { diff --git a/course/libtree.php b/course/libtree.php index 1be3c3c0c2..df628ffbf8 100644 --- a/course/libtree.php +++ b/course/libtree.php @@ -38,9 +38,6 @@
END; } - //DB $query = "SELECT imas_libraries.id,imas_libraries.name,imas_libraries.parent,imas_libraries.ownerid,imas_libraries.userights,imas_libraries.sortorder,imas_libraries.groupid,COUNT(imas_library_items.id) AS count "; - //DB $query .= "FROM imas_libraries LEFT JOIN imas_library_items ON imas_library_items.libid=imas_libraries.id GROUP BY imas_libraries.id"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $query = "SELECT imas_libraries.id,imas_libraries.name,imas_libraries.parent,imas_libraries.ownerid,imas_libraries.userights,imas_libraries.sortorder,imas_libraries.groupid,COUNT(imas_library_items.id) AS count "; $query .= "FROM imas_libraries LEFT JOIN imas_library_items ON imas_library_items.libid=imas_libraries.id AND imas_library_items.deleted=0 WHERE imas_libraries.deleted=0 "; $qarr = array(); @@ -87,7 +84,6 @@ $rights = array(); $sortorder = array(); - //DB while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { while ($line = $stm->fetch(PDO::FETCH_ASSOC)) { $id = $line['id']; $name = $line['name']; diff --git a/course/libtree2.php b/course/libtree2.php index 1e3ee0b44f..e659b39860 100644 --- a/course/libtree2.php +++ b/course/libtree2.php @@ -39,8 +39,6 @@ END; } echo "'; require("../header.php"); - -//DB $query = "SELECT value FROM imas_bookmarks WHERE userid='$userid' AND courseid='$cid' AND name='TR{$_GET['folder']}'"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB if (mysql_num_rows($result)==0) { $stm = $DBH->prepare("SELECT value FROM imas_bookmarks WHERE userid=:userid AND courseid=:courseid AND name=:name"); $stm->execute(array(':userid'=>$userid, ':courseid'=>$cid, ':name'=>'TR'.$_GET['folder'])); if ($stm->rowCount()==0) { $openitem = ''; } else { - //DB $openitem = mysql_result($result,0,0); $openitem = $stm->fetchColumn(0); } @@ -244,10 +233,6 @@ function updateTRunans(aid, status) { $astatus = array(); if (!$viewall) { - //DB $query = "SELECT ia.id,ias.bestscores FROM imas_assessments AS ia JOIN imas_assessment_sessions AS ias ON ia.id=ias.assessmentid "; - //DB $query .= "WHERE ia.courseid='$cid' AND ias.userid='$userid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $query = "SELECT ia.id,ias.bestscores FROM imas_assessments AS ia JOIN imas_assessment_sessions AS ias ON ia.id=ias.assessmentid "; $query .= "WHERE ia.courseid=:courseid AND ias.userid=:userid"; $stm = $DBH->prepare($query); @@ -268,12 +253,6 @@ function updateTRunans(aid, status) { } $exceptions = array(); if (!isset($teacherid) && !isset($tutorid)) { - //DB $query = "SELECT items.id,ex.startdate,ex.enddate,ex.islatepass,ex.waivereqscore,ex.itemtype FROM "; - //DB $query .= "imas_exceptions AS ex,imas_items as items,imas_assessments as i_a WHERE ex.userid='$userid' AND "; - //DB $query .= "ex.assessmentid=i_a.id AND (items.typeid=i_a.id AND items.itemtype='Assessment' AND items.courseid='$cid') "; - //DB $query .= "UNION SELECT items.id,ex.startdate,ex.enddate,ex.islatepass,ex.waivereqscore,ex.itemtype FROM "; - //DB $query .= "imas_exceptions AS ex,imas_items as items,imas_forums as i_f WHERE ex.userid='$userid' AND "; - //DB $query .= "ex.assessmentid=i_f.id AND (items.typeid=i_f.id AND items.itemtype='Forum' AND items.courseid='$cid') "; $query = "SELECT items.id,ex.startdate,ex.enddate,ex.islatepass,ex.waivereqscore,ex.itemtype FROM "; $query .= "imas_exceptions AS ex,imas_items as items,imas_assessments as i_a WHERE ex.userid=:userid AND "; $query .= "ex.assessmentid=i_a.id AND (items.typeid=i_a.id AND items.itemtype='Assessment' AND items.courseid=:courseid) "; @@ -285,8 +264,6 @@ function updateTRunans(aid, status) { // $query .= "AND (($nowi_a.enddate AND $nowfetch(PDO::FETCH_ASSOC)) { $exceptions[$line['id']] = array($line['startdate'],$line['enddate'],$line['islatepass'],$line['waivereqscore'],$line['itemtype']); } @@ -326,9 +303,6 @@ function printlist($items) { $out .= ''; } } else { - //DB $query = "SELECT itemtype,typeid FROM imas_items WHERE id='$item'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT itemtype,typeid FROM imas_items WHERE id=:id"); $stm->execute(array(':id'=>$item)); $line = $stm->fetch(PDO::FETCH_ASSOC); @@ -344,9 +318,6 @@ function printlist($items) { if ($line['itemtype']=='Assessment') { //TODO check availability, timelimit, etc. //TODO: reqscoreaid, latepasses - //DB $query = "SELECT name,summary,startdate,enddate,reviewdate,deffeedback,reqscore,reqscoreaid,avail,allowlate,timelimit,displaymethod FROM imas_assessments WHERE id='$typeid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT name,summary,startdate,enddate,reviewdate,deffeedback,reqscore,reqscoreaid,reqscoretype,avail,allowlate,timelimit,displaymethod FROM imas_assessments WHERE id=:id"); $stm->execute(array(':id'=>$typeid)); $line = $stm->fetch(PDO::FETCH_ASSOC); @@ -414,9 +385,6 @@ function printlist($items) { } } else if ($line['itemtype']=='LinkedText') { //TODO check availability, etc. - //DB $query = "SELECT title,summary,text,startdate,enddate,avail,target FROM imas_linkedtext WHERE id='$typeid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT title,summary,text,startdate,enddate,avail,target FROM imas_linkedtext WHERE id=:id"); $stm->execute(array(':id'=>$typeid)); $line = $stm->fetch(PDO::FETCH_ASSOC); @@ -443,9 +411,6 @@ function printlist($items) { $out .= '
  • Forum '.$line['name'].'
    • '; } */else if ($line['itemtype']=='Wiki') { //TODO check availability, etc. - //DB $query = "SELECT id,name,description,startdate,enddate,editbydate,avail,settings,groupsetid FROM imas_wikis WHERE id='$typeid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT id,name,description,startdate,enddate,editbydate,avail,settings,groupsetid FROM imas_wikis WHERE id=:id"); $stm->execute(array(':id'=>$typeid)); $line = $stm->fetch(PDO::FETCH_ASSOC); diff --git a/course/unenroll.php b/course/unenroll.php index ce80e8547e..7487da2dfa 100644 --- a/course/unenroll.php +++ b/course/unenroll.php @@ -18,9 +18,6 @@ if ($get_uid=="selected") { $tounenroll = explode(",",$_POST['tounenroll']); } else if ($get_uid=="all") { - //DB $query = "SELECT userid FROM imas_students WHERE courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT userid FROM imas_students WHERE courseid=:courseid"); $stm->execute(array(':courseid'=>$cid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -43,10 +40,8 @@ } else { $withwithdraw = false; } - //DB mysql_query("START TRANSACTION") or die("Query failed :$query " . mysql_error()); $DBH->beginTransaction(); unenrollstu($cid,$tounenroll,($get_uid=="all" || isset($_POST['delforumposts'])),($get_uid=="all" && isset($_POST['removeoffline'])),$withwithdraw,$delwikirev, isset($_POST['usereplaceby'])); - //DB mysql_query("COMMIT") or die("Query failed :$query " . mysql_error()); $DBH->commit(); @@ -74,9 +69,6 @@ $get_uid = 'selected'; } }*/ - //DB $query = "SELECT COUNT(id) FROM imas_students WHERE courseid='{$_GET['cid']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (count($_POST['checked']) == mysql_result($result,0,0)) { $stm = $DBH->prepare("SELECT COUNT(id) FROM imas_students WHERE courseid=:courseid"); $stm->execute(array(':courseid'=>$cid)); if (count($_POST['checked']) == $stm->fetchColumn(0)) { @@ -87,20 +79,12 @@ } if ($get_uid=="all") { - //DB $query = "SELECT iu.LastName,iu.FirstName,iu.SID FROM imas_users AS iu JOIN imas_students ON iu.id=imas_students.userid WHERE imas_students.courseid='$cid'"; - //DB $resultUserList = mysql_query($query) or die("Query failed : " . mysql_error()); $resultUserList = $DBH->prepare("SELECT iu.LastName,iu.FirstName,iu.SID FROM imas_users AS iu JOIN imas_students ON iu.id=imas_students.userid WHERE imas_students.courseid=:courseid"); $resultUserList->execute(array(':courseid'=>$cid)); } else if ($get_uid=="selected") { if (count($_POST['checked'])>0) { - //DB $ulist = "'".implode("','",$_POST['checked'])."'"; $ulist = implode(',', array_map('intval', $_POST['checked'])); - //DB $query = "SELECT LastName,FirstName,SID FROM imas_users WHERE id IN ($ulist)"; - //DB $resultUserList = mysql_query($query) or die("Query failed : " . mysql_error()); $resultUserList = $DBH->query("SELECT LastName,FirstName,SID FROM imas_users WHERE id IN ($ulist)"); - //DB $query = "SELECT COUNT(id) FROM imas_students WHERE courseid='{$_GET['cid']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (count($_POST['checked']) > floor(mysql_result($result,0,0)/2)) { $stm = $DBH->prepare("SELECT COUNT(id) FROM imas_students WHERE courseid=:courseid"); $stm->execute(array(':courseid'=>$cid)); if (count($_POST['checked']) > floor($stm->fetchColumn(0)/2)) { @@ -115,9 +99,6 @@ } } } else { - //DB $query = "SELECT FirstName,LastName,SID FROM imas_users WHERE id='{$get_uid}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT FirstName,LastName,SID FROM imas_users WHERE id=:id"); $stm->execute(array(':id'=>Sanitize::onlyInt($get_uid))); $row = $stm->fetch(PDO::FETCH_NUM); @@ -143,7 +124,6 @@

    Are you SURE you want to unenroll ALL students?

      fetch(PDO::FETCH_NUM)) { printf("
    • %s %s (%s)
      • ", Sanitize::encodeStringForDisplay($row[0]), Sanitize::encodeStringForDisplay($row[1]), @@ -185,7 +165,6 @@

      Are you SURE you want to unenroll the selected students?

        fetch(PDO::FETCH_NUM)) { printf("
      • %s %s (%s)
        • ", Sanitize::encodeStringForDisplay($row[0]), Sanitize::encodeStringForDisplay($row[1]), diff --git a/course/uploadgrades.php b/course/uploadgrades.php index 16b2af8a6c..13570d33c6 100644 --- a/course/uploadgrades.php +++ b/course/uploadgrades.php @@ -30,9 +30,6 @@ function fopen_utf8 ($filename, $mode) { if (isset($_FILES['userfile']['name']) && $_FILES['userfile']['name']!='') { if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { $curscores = array(); - //DB $query = "SELECT userid,score FROM imas_grades WHERE gradetype='offline' AND gradetypeid='{$_GET['gbitem']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT userid,score FROM imas_grades WHERE gradetype='offline' AND gradetypeid=:gradetypeid"); $stm->execute(array(':gradetypeid'=>$_GET['gbitem'])); while ($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -60,23 +57,17 @@ function fopen_utf8 ($filename, $mode) { } while (($data = fgetcsv($handle, 4096, ",")) !== FALSE) { $data = array_map('trim', $data); - //DB $query = "SELECT imas_users.id FROM imas_users,imas_students WHERE imas_users.id=imas_students.userid AND imas_students.courseid='$cid' AND "; $query = "SELECT imas_users.id FROM imas_users,imas_students WHERE imas_users.id=imas_students.userid AND imas_students.courseid=:courseid AND "; $qarr = array(':courseid'=>$cid); if ($_POST['useridtype']==0) { - //DB $data[$usercol] = str_replace("'","\\'",trim($data[$usercol])); if ($data[$usercol]=='') {continue;} - //DB $query .= "imas_users.SID='{$data[$usercol]}'"; $query .= "imas_users.SID=:SID"; $qarr[':SID'] = Sanitize::stripHtmlTags($data[$usercol]); } else if ($_POST['useridtype']==1) { if (strpos($data[$usercol],',')===false) { continue;} list($last,$first) = explode(',',$data[$usercol]); - //DB $first = str_replace("'","\\'",trim($first)); - //DB $last = str_replace("'","\\'",trim($last)); $first = trim($first); $last = trim($last); - //DB $query .= "imas_users.FirstName='$first' AND imas_users.LastName='$last'"; $query .= "imas_users.FirstName=:firstname AND imas_users.LastName=:lastname"; $qarr[':firstname'] = Sanitize::stripHtmlTags($first); $qarr[':lastname'] = Sanitize::stripHtmlTags($last); @@ -84,36 +75,27 @@ function fopen_utf8 ($filename, $mode) { } else { $query .= "0"; } - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare($query); $stm->execute($qarr); if ($feedbackcol==-1) { $feedback = ''; } else { - //DB $feedback = addslashes($data[$feedbackcol]); $feedback = Sanitize::incomingHtml($data[$feedbackcol]); } - //DB $score = addslashes($data[$scorecol]); $score = Sanitize::onlyFloat($data[$scorecol]); - //DB if (mysql_num_rows($result)>0) { if ($stm->rowCount()>0) { - //DB $cuserid=mysql_result($result,0,0); $cuserid=$stm->fetchColumn(0); if (isset($curscores[$cuserid])) { - //DB $query = "UPDATE imas_grades SET score='$score',feedback='$feedback' WHERE userid='$cuserid' AND gradetype='offline' AND gradetypeid='{$_GET['gbitem']}'"; $stm = $DBH->prepare("UPDATE imas_grades SET score=:score,feedback=:feedback WHERE userid=:userid AND gradetype='offline' AND gradetypeid=:gradetypeid"); $stm->execute(array(':score'=>$score, ':feedback'=>$feedback, ':userid'=>$cuserid, ':gradetypeid'=>$_GET['gbitem'])); $successes++; } else { - //DB $query = "INSERT INTO imas_grades (gradetype,gradetypeid,userid,score,feedback) VALUES "; - //DB $query .= "('offline','{$_GET['gbitem']}','$cuserid','$score','$feedback')"; $query = "INSERT INTO imas_grades (gradetype,gradetypeid,userid,score,feedback) VALUES "; $query .= "(:gradetype, :gradetypeid, :userid, :score, :feedback)"; $stm = $DBH->prepare($query); $stm->execute(array(':gradetype'=>'offline', ':gradetypeid'=>$_GET['gbitem'], ':userid'=>$cuserid, ':score'=>$score, ':feedback'=>$feedback)); $successes++; } - //DB mysql_query($query) or die("Query failed : " . mysql_error()); } else { $failures[] = $data[$usercol]; } diff --git a/course/uploadmultgrades.php b/course/uploadmultgrades.php index 1c0c1bd6af..510ba9751c 100644 --- a/course/uploadmultgrades.php +++ b/course/uploadmultgrades.php @@ -33,9 +33,6 @@ function fopen_utf8 ($filename, $mode) { echo "File is missing!"; exit; } - //DB $query = "SELECT imas_users.id,imas_users.SID FROM imas_users JOIN imas_students ON imas_students.userid=imas_users.id WHERE imas_students.courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : $query; " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT imas_users.id,imas_users.SID FROM imas_users JOIN imas_students ON imas_students.userid=imas_users.id WHERE imas_students.courseid=:courseid"); $stm->execute(array(':courseid'=>$cid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -57,10 +54,6 @@ function fopen_utf8 ($filename, $mode) { $gbcat = $_POST["colgbcat$col"]; if ($_POST["coloverwrite$col"]>0) { //we're going to check that this id really belongs to this course. Don't want cross-course hacking :) - //DB $query = "SELECT id FROM imas_gbitems WHERE id='{$_POST["coloverwrite$col"]}' AND courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $gbitemid[$col] = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT id FROM imas_gbitems WHERE id=:id AND courseid=:courseid"); $stm->execute(array(':id'=>$_POST["coloverwrite$col"], ':courseid'=>$cid)); if ($stm->rowCount()>0) { @@ -72,14 +65,10 @@ function fopen_utf8 ($filename, $mode) { continue; } } - //DB $query = "INSERT INTO imas_gbitems (courseid,name,points,showdate,gbcategory,cntingb,tutoredit) VALUES "; - //DB $query .= "('$cid','$name','$pts',$showdate,'$gbcat','$cnt',0) "; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $query = "INSERT INTO imas_gbitems (courseid,name,points,showdate,gbcategory,cntingb,tutoredit) VALUES "; $query .= "(:courseid, :name, :points, :showdate, :gbcategory, :cntingb, :tutoredit) "; $stm = $DBH->prepare($query); $stm->execute(array(':courseid'=>$cid, ':name'=>$name, ':points'=>$pts, ':showdate'=>$showdate, ':gbcategory'=>$gbcat, ':cntingb'=>$cnt, ':tutoredit'=>0)); - //DB $gbitemid[$col] = mysql_insert_id(); $gbitemid[$col] = $DBH->lastInsertId(); } $adds = array(); @@ -101,7 +90,6 @@ function fopen_utf8 ($filename, $mode) { $fbcol = $_POST["colfeedback$col"]; $feedback = ''; if (trim($fbcol)!='' && intval($fbcol)>0) { - //DB $feedback = addslashes($line[intval($fbcol)-1]); $feedback = Sanitize::incomingHtml($line[intval($fbcol)-1]); } if (trim($line[$col])=='' || $line[$col] == '-') { @@ -119,7 +107,6 @@ function fopen_utf8 ($filename, $mode) { if (isset($gradestodel[$col])) { $gradestodel[$col][] = $stu; } - //DB $adds[] = "('offline',$gid,$stu,$score,'$feedback')"; $adds[] = "('offline',?,?,?,?)"; array_push($addsvals, $gid,$stu,$score,$feedback); } @@ -129,17 +116,12 @@ function fopen_utf8 ($filename, $mode) { foreach ($gradestodel as $col=>$stus) { if (count($stus)>0) { $stulist = implode(',', array_map('intval', $stus)); - //DB $query = "DELETE FROM imas_grades WHERE gradetype='offline' AND gradetypeid={$gbitemid[$col]} AND userid IN ($stulist)"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_grades WHERE gradetype='offline' AND gradetypeid=:gradetypeid AND userid IN ($stulist)"); $stm->execute(array(':gradetypeid'=>$gbitemid[$col])); } } //now we load in the data! if (count($adds)>0) { - //DB $query = "INSERT INTO imas_grades (gradetype,gradetypeid,userid,score,feedback) VALUES "; - //DB $query .= implode(',',$adds); - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $query = "INSERT INTO imas_grades (gradetype,gradetypeid,userid,score,feedback) VALUES ".implode(',',$adds); $stm = $DBH->prepare($query); $stm->execute($addsvals); @@ -200,16 +182,8 @@ function fopen_utf8 ($filename, $mode) { } } //look to see if any of these names have been used before - //DB foreach ($names as $k=>$n) { - //DB //prep for db use - //DB $names[$k] = addslashes($n); - //DB } - //DB $namelist = "'".implode("','",$names)."'"; if (count($names)>0) { $query_placeholders = Sanitize::generateQueryPlaceholders($names); - //DB $query = "SELECT id,name FROM imas_gbitems WHERE name IN ($namelist) AND courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT id,name FROM imas_gbitems WHERE name IN ($query_placeholders) AND courseid=?"); $stm->execute(array_merge($names, array($cid))); while ($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -271,13 +245,9 @@ function fopen_utf8 ($filename, $mode) { prepare("SELECT id,name FROM imas_gbcats WHERE courseid=:courseid"); $stm->execute(array(':courseid'=>$cid)); $gbcatoptions = ''; - //DB if (mysql_num_rows($result)>0) { - //DB while ($row = mysql_fetch_row($result)) { if ($stm->rowCount()>0) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $gbcatoptions .= "\n"; diff --git a/course/verifybadge.php b/course/verifybadge.php index 6fbe878c6c..95ad516c6b 100644 --- a/course/verifybadge.php +++ b/course/verifybadge.php @@ -11,10 +11,6 @@ if (!empty($_GET['userid'])) { $userid = intval($_GET['userid']); - //DB $query = "SELECT SID FROM imas_users WHERE id='$userid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $s = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT SID FROM imas_users WHERE id=:id"); $stm->execute(array(':id'=>$userid)); if ($stm->rowCount()>0) { @@ -28,17 +24,12 @@ } else { $userid = 0; } - -//DB $query = "SELECT courseid, name, badgetext, description, longdescription, requirements FROM imas_badgesettings WHERE id=$badgeid"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB if (mysql_num_rows($result)==0) { $stm = $DBH->prepare("SELECT courseid, name, badgetext, description, longdescription, requirements FROM imas_badgesettings WHERE id=:id"); $stm->execute(array(':id'=>$badgeid)); if ($stm->rowCount()==0) { echo "Invalid Badge"; exit; } else { - //DB list($cid, $name, $badgetext, $descr, $longdescr, $req) = mysql_fetch_row($result); list($cid, $name, $badgetext, $descr, $longdescr, $req) = $stm->fetch(PDO::FETCH_NUM); $req = unserialize($req); if ($userid==0) {//this is a criteria request @@ -50,21 +41,14 @@ list($reqnameout,$reqout,$stuout,$metout) = validatebadge($badgeid, $cid, $req, 0); print_html($badgetext, $name, $descr, $longdescr, $reqnameout, $reqout); } else { //student specific - //DB $query = "SELECT id FROM imas_students WHERE courseid=$cid AND userid=$userid"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)==0) { $stm = $DBH->prepare("SELECT id FROM imas_students WHERE courseid=:courseid AND userid=:userid"); $stm->execute(array(':courseid'=>$cid, ':userid'=>$userid)); if ($stm->rowCount()==0) { - //DB $query = "SELECT data FROM imas_badgerecords WHERE userid=$userid AND badgeid=$badgeid"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_fetch_row($result)==0) { $stm = $DBH->prepare("SELECT data FROM imas_badgerecords WHERE userid=:userid AND badgeid=:badgeid"); $stm->execute(array(':userid'=>$userid, ':badgeid'=>$badgeid)); if ($stm->fetch(PDO::FETCH_NUM)==0) { exit; } else { - //DB $data = unserialize(mysql_result($result,0,0)); $data = unserialize($stm->fetchColumn(0)); //if ($_GET['format']=='json') { print_assertation($cid, $badgetext, $name, $descr, $userid, $data[5]); @@ -205,15 +189,10 @@ function validatebadge($badgeid, $cid, $req, $userid=0) { $canviewall = true; $gbt = gbtable($userid); } - - //DB $query = "SELECT id,name FROM imas_gbcats WHERE courseid='$cid' ORDER BY name"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("SELECT id,name FROM imas_gbcats WHERE courseid=:courseid ORDER BY name"); $stm->execute(array(':courseid'=>$cid)); $gtypes = array('0'=>'Past Due', '3'=>'Past and Attempted', '1'=>'Past and Available', '2'=>'All Items'); $gbcats = array(); - - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $gbcats[$row[0]] = $row[1]; } @@ -280,26 +259,16 @@ function validatebadge($badgeid, $cid, $req, $userid=0) { if ($reqmet) { if (isset($userid) && $userid!=0) { - //DB $query = "SELECT FirstName, LastName, email FROM imas_users WHERE id=$userid"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT FirstName, LastName, email FROM imas_users WHERE id=:id"); $stm->execute(array(':id'=>$userid)); $row = $stm->fetch(PDO::FETCH_NUM); $stuname = $row[1]. ', '.$row[0]; $email = $row[2]; $data = array($reqnameout, $reqout, $stuout, $metout, $stuname, $email); - - //DB $data = addslashes(serialize($data)); $data = serialize($data); - //DB $query = "UPDATE imas_badgerecords SET data='$data' WHERE badgeid='$badgeid' AND userid='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_affected_rows()==0) { $stm = $DBH->prepare("UPDATE imas_badgerecords SET data=:data WHERE badgeid=:badgeid AND userid=:userid"); $stm->execute(array(':data'=>$data, ':badgeid'=>$badgeid, ':userid'=>$userid)); if ($stm->rowCount()==0) { - //DB $query = "INSERT INTO imas_badgerecords (badgeid,userid,data) VALUES ('$badgeid','$userid','$data')"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_badgerecords (badgeid,userid,data) VALUES (:badgeid, :userid, :data)"); $stm->execute(array(':badgeid'=>$badgeid, ':userid'=>$userid, ':data'=>$data)); } diff --git a/course/viewactionlog.php b/course/viewactionlog.php index 98c9a28710..cd633958b6 100644 --- a/course/viewactionlog.php +++ b/course/viewactionlog.php @@ -29,11 +29,6 @@ echo '

        '.$pagetitle. '

        '; echo '
        View Login Log
        '; - - -//DB $query = "SELECT LastName,FirstName FROM imas_users WHERE id='$uid'"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT LastName,FirstName FROM imas_users WHERE id=:id"); $stm->execute(array(':id'=>$uid)); $row = $stm->fetch(PDO::FETCH_NUM); @@ -42,10 +37,6 @@ $actions = array(); $lookups = array('as'=>array(), 'in'=>array(), 'li'=>array(), 'ex'=>array(), 'wi'=>array(), 'fo'=>array(), 'forums'=>array()); - -//DB $query = "SELECT type,typeid,viewtime,info FROM imas_content_track WHERE userid='$uid' AND courseid='$cid' ORDER BY viewtime DESC"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT type,typeid,viewtime,info FROM imas_content_track WHERE userid=:userid AND courseid=:courseid ORDER BY viewtime DESC"); $stm->execute(array(':userid'=>$uid, ':courseid'=>$cid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -59,9 +50,6 @@ } $asnames = array(); if (count($lookups['as'])>0) { - //DB $query = 'SELECT id,name FROM imas_assessments WHERE id IN ('..')'; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $lookuplist = array_map('intval', array_unique($lookups['as'])); $query_placeholders = Sanitize::generateQueryPlaceholders($lookuplist); $stm = $DBH->prepare("SELECT id,name FROM imas_assessments WHERE id IN ($query_placeholders)"); @@ -73,9 +61,6 @@ $innames = array(); if (count($lookups['in'])>0) { $lookuplist = array_map('intval', array_unique($lookups['in'])); - //DB $query = 'SELECT id,title FROM imas_inlinetext WHERE id IN ('.implode(',',array_unique($lookups['in'])).')'; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $query_placeholders = Sanitize::generateQueryPlaceholders($lookuplist); $stm = $DBH->prepare("SELECT id,title FROM imas_inlinetext WHERE id IN ($query_placeholders)"); $stm->execute(array_values($lookuplist)); @@ -86,9 +71,6 @@ $linames = array(); if (count($lookups['li'])>0) { $lookuplist = array_map('intval', array_unique($lookups['li'])); - //DB $query = 'SELECT id,title FROM imas_linkedtext WHERE id IN ('.implode(',',array_unique($lookups['li'])).')'; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $query_placeholders = Sanitize::generateQueryPlaceholders($lookuplist); $stm = $DBH->prepare("SELECT id,title FROM imas_linkedtext WHERE id IN ($query_placeholders)"); $stm->execute(array_values($lookuplist)); @@ -99,9 +81,6 @@ $winames = array(); if (count($lookups['wi'])>0) { $lookuplist = array_map('intval', array_unique($lookups['wi'])); - //DB $query = 'SELECT id,name FROM imas_wikis WHERE id IN ('.implode(',',array_unique($lookups['wi'])).')'; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $query_placeholders = Sanitize::generateQueryPlaceholders($lookuplist); $stm = $DBH->prepare("SELECT id,name FROM imas_wikis WHERE id IN ($query_placeholders)"); $stm->execute(array_values($lookuplist)); @@ -112,9 +91,6 @@ $exnames = array(); if (count($lookups['ex'])>0) { $lookuplist = array_map('intval', array_unique($lookups['ex'])); - //DB $query = 'SELECT id,assessmentid FROM imas_questions WHERE id IN ('.implode(',',array_unique($lookups['ex'])).')'; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $query_placeholders = Sanitize::generateQueryPlaceholders($lookuplist); $stm = $DBH->prepare("SELECT id,assessmentid FROM imas_questions WHERE id IN ($query_placeholders)"); $stm->execute(array_values($lookuplist)); @@ -125,9 +101,6 @@ $fpnames = array(); if (count($lookups['fo'])>0) { $lookuplist = array_map('intval', array_unique($lookups['fo'])); - //DB $query = 'SELECT id,subject FROM imas_forum_posts WHERE id IN ('.implode(',',array_unique($lookups['fo'])).')'; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $query_placeholders = Sanitize::generateQueryPlaceholders($lookuplist); $stm = $DBH->prepare("SELECT id,subject FROM imas_forum_posts WHERE id IN ($query_placeholders)"); $stm->execute(array_values($lookuplist)); @@ -138,9 +111,6 @@ $forumnames = array(); if (count($lookups['forums'])>0) { $lookuplist = array_map('intval', array_unique($lookups['forums'])); - //DB $query = 'SELECT id,name FROM imas_forums WHERE id IN ('.implode(',',array_unique($lookups['forums'])).')'; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $query_placeholders = Sanitize::generateQueryPlaceholders($lookuplist); $stm = $DBH->prepare("SELECT id,name FROM imas_forums WHERE id IN ($query_placeholders)"); $stm->execute(array_values($lookuplist)); diff --git a/course/viewemails.php b/course/viewemails.php index a44929ad78..9b2180dff4 100644 --- a/course/viewemails.php +++ b/course/viewemails.php @@ -7,18 +7,12 @@ $ids = explode('-',$_GET['ids']); $idlist = implode(',', array_map('intval', $ids)); - -//DB $query = "SELECT imas_users.FirstName,imas_users.LastName,imas_users.email "; -//DB $query .= "FROM imas_students JOIN imas_users ON imas_students.userid=imas_users.id WHERE imas_students.courseid='$cid' AND imas_users.id IN ($idlist)"; -//DB $query .= "ORDER BY imas_users.LastName,imas_users.FirstName"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $query = "SELECT imas_users.FirstName,imas_users.LastName,imas_users.email "; $query .= "FROM imas_students JOIN imas_users ON imas_students.userid=imas_users.id WHERE imas_students.courseid=:courseid AND imas_users.id IN ($idlist) "; $query .= "ORDER BY imas_users.LastName,imas_users.FirstName"; $stm = $DBH->prepare($query); $stm->execute(array(':courseid'=>$cid)); $stuemails = array(); -//DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $stuemails[] = $row[0].' '.$row[1]. ' <'.$row[2].'>'; } diff --git a/course/viewforumgrade.php b/course/viewforumgrade.php index 4a8f60e3ca..c20b0e2ac8 100644 --- a/course/viewforumgrade.php +++ b/course/viewforumgrade.php @@ -27,9 +27,6 @@ if (($isteacher || $istutor) && (isset($_POST['score']) || isset($_POST['newscore']))) { if ($istutor) { - //DB $query = "SELECT tutoredit FROM imas_forums WHERE id='$forumid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT tutoredit FROM imas_forums WHERE id=:id"); $stm->execute(array(':id'=>$forumid)); $row = $stm->fetch(PDO::FETCH_NUM); @@ -46,9 +43,6 @@ } if (count($keys)>0) { $kl = implode(',', array_map('intval', $keys)); - //DB $query = "SELECT refid FROM imas_grades WHERE gradetype='forum' AND gradetypeid='$forumid' AND userid='$uid' AND refid IN ($kl)"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT refid FROM imas_grades WHERE gradetype='forum' AND gradetypeid=:gradetypeid AND userid=:userid AND refid IN ($kl)"); $stm->execute(array(':gradetypeid'=>$forumid, ':userid'=>$uid)); while($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -67,13 +61,9 @@ $_POST['feedback'.$k] = ''; } if ($sc!='') { - //DB $query = "UPDATE imas_grades SET score='$sc',feedback='{$_POST['feedback'][$k]}' WHERE refid='$k' AND gradetype='forum' AND gradetypeid='$forumid' AND userid='$uid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_grades SET score=:score,feedback=:feedback WHERE refid=:refid AND gradetype='forum' AND gradetypeid=:gradetypeid AND userid=:userid"); $stm->execute(array(':score'=>$sc, ':feedback'=>$_POST['feedback'.$k], ':refid'=>$k, ':gradetypeid'=>$forumid, ':userid'=>$uid)); } else { - //DB $query = "DELETE FROM imas_grades WHERE refid='$k' AND gradetype='forum' AND gradetypeid='$forumid' AND userid='$uid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_grades WHERE refid=:refid AND gradetype='forum' AND gradetypeid=:gradetypeid AND userid=:userid"); $stm->execute(array(':refid'=>$k, ':gradetypeid'=>$forumid, ':userid'=>$uid)); } @@ -83,16 +73,13 @@ foreach($_POST['newscore'] as $k=>$sc) { if (trim($k)=='') {continue;} if ($sc!='') { - //DB $query = "INSERT INTO imas_grades (gradetype,gradetypeid,refid,userid,score,feedback) VALUES "; - //DB $query .= "('forum','$forumid','$k','$uid','$sc','{$_POST['feedback'][$k]}')"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $query = "INSERT INTO imas_grades (gradetype,gradetypeid,refid,userid,score,feedback) VALUES "; $query .= "(:gradetype, :gradetypeid, :refid, :userid, :score, :feedback)"; $stm = $DBH->prepare($query); $stm->execute(array(':gradetype'=>'forum', ':gradetypeid'=>$forumid, ':refid'=>$k, ':userid'=>$uid, ':score'=>$sc, ':feedback'=>$_POST['feedback'.$k])); } } - } + } if ($embedded) { echo '

        '._('Saved').'

        '; echo '

        '; @@ -100,7 +87,7 @@ exit; } else { header('Location: ' . $GLOBALS['basesiteurl'] . "/course/gradebook.php?stu=$stu&cid=$cid&r=" . Sanitize::randomQueryStringParam()); - } + } exit; } @@ -154,12 +141,9 @@ } $scores = array(); - //DB $query = "SELECT score,feedback,refid FROM imas_grades WHERE gradetype='forum' AND gradetypeid='$forumid' AND userid='$uid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("SELECT score,feedback,refid FROM imas_grades WHERE gradetype='forum' AND gradetypeid=:gradetypeid AND userid=:userid"); $stm->execute(array(':gradetypeid'=>$forumid, ':userid'=>$uid)); $totalpts = 0; - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $scores[$row[2]] = $row; $totalpts += $row[0]; @@ -177,9 +161,6 @@ } echo ''; - //DB $query = "SELECT id,threadid,subject FROM imas_forum_posts WHERE forumid='$forumid' AND userid='$uid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT id,threadid,subject FROM imas_forum_posts WHERE forumid=:forumid AND userid=:userid"); $stm->execute(array(':forumid'=>$forumid, ':userid'=>$uid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { diff --git a/course/viewloginlog.php b/course/viewloginlog.php index 7cc4ef673d..b24d73a67d 100644 --- a/course/viewloginlog.php +++ b/course/viewloginlog.php @@ -30,19 +30,11 @@ echo '

        '.$pagetitle. '

        '; echo '
        View Activity Log
        '; - -//DB $query = "SELECT LastName,FirstName FROM imas_users WHERE id='$uid'"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT LastName,FirstName FROM imas_users WHERE id=:id"); $stm->execute(array(':id'=>$uid)); $row = $stm->fetch(PDO::FETCH_NUM); printf('

        Login Log for %s, %s

        ', Sanitize::encodeStringForDisplay($row[0]), Sanitize::encodeStringForDisplay($row[1])); echo '
          '; - -//DB $query = "SELECT logintime,lastaction FROM imas_login_log WHERE userid='$uid' AND courseid='$cid' ORDER BY logintime DESC"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT logintime,lastaction FROM imas_login_log WHERE userid=:userid AND courseid=:courseid ORDER BY logintime DESC"); $stm->execute(array(':userid'=>$uid, ':courseid'=>$cid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { diff --git a/course/viewsource.php b/course/viewsource.php index f9b77e3a90..af915cfe49 100644 --- a/course/viewsource.php +++ b/course/viewsource.php @@ -33,9 +33,6 @@ } $qsetid = $_GET['id']; - //DB $query = "SELECT * FROM imas_questionset WHERE id='$qsetid'"; - //DB $result = mysql_query($query) or die("Query failed :$query " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT * FROM imas_questionset WHERE id=:id"); $stm->execute(array(':id'=>$qsetid)); $line = $stm->fetch(PDO::FETCH_ASSOC); diff --git a/diag/index.php b/diag/index.php index 45bbac63bd..e3bb71c104 100644 --- a/diag/index.php +++ b/diag/index.php @@ -25,14 +25,10 @@

          ", _('Available Diagnostics'), "

            "; - //DB $query = "SELECT id,name FROM imas_diags WHERE public=3 OR public=7"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->query("SELECT id,name FROM imas_diags WHERE public=3 OR public=7"); - //DB if (mysql_num_rows($result)==0) { if ($stm->rowCount()==0) { echo "
          • ", _('No diagnostics are available through this page at this time'), "
            • "; } - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { echo "
          • ".Sanitize::encodeStringForDisplay($row[1])."
            • "; } @@ -41,10 +37,6 @@ exit; } $diagid = Sanitize::onlyInt($_GET['id']); - - //DB $query = "SELECT * from imas_diags WHERE id='$diagid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT * from imas_diags WHERE id=:id"); $stm->execute(array(':id'=>$diagid)); $line = $stm->fetch(PDO::FETCH_ASSOC); @@ -83,16 +75,10 @@ } } } - - //DB $query = "SELECT sessiondata FROM imas_sessions WHERE sessionid='$sessionid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("SELECT sessiondata FROM imas_sessions WHERE sessionid=:sessionid"); $stm->execute(array(':sessionid'=>$sessionid)); //if (isset($sessiondata['mathdisp'])) { - //DB if (mysql_num_rows($result)>0) { if ($stm->rowCount()>0) { - //DB $query = "DELETE FROM imas_sessions WHERE sessionid='$sessionid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_sessions WHERE sessionid=:sessionid"); $stm->execute(array(':sessionid'=>$sessionid)); $sessiondata = array(); @@ -172,7 +158,6 @@ foreach ($superpw as $k=>$v) { $superpw[$k] = strtolower($v); } - //DB $diagSID = $_POST['SID'].'~'.addslashes($diagqtr).'~'.$pcid; $diagSID = $_POST['SID'].'~'.$diagqtr.'~'.$pcid; if ($entrynotunique) { $diagSID .= '~'.preg_replace('/\W/','',$sel1[$_POST['course']]); @@ -182,33 +167,23 @@ } if (!$noproctor) { if (!in_array(strtolower($_POST['passwd']),$basicpw) && !in_array(strtolower($_POST['passwd']),$superpw)) { - //DB $query = "SELECT id,goodfor FROM imas_diag_onetime WHERE code='".strtoupper($_POST['passwd'])."' AND diag='$diagid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("SELECT id,goodfor FROM imas_diag_onetime WHERE code=:code AND diag=:diag"); $stm->execute(array(':code'=>strtoupper($_POST['passwd']), ':diag'=>$diagid)); $passwordnotfound = false; - //DB if (mysql_num_rows($result)>0) { if ($stm->rowCount()>0) { - //DB $row = mysql_fetch_row($result); $row = $stm->fetch(PDO::FETCH_NUM); if ($row[1]==0) { //onetime - //DB $query = "DELETE FROM imas_diag_onetime WHERE id={$row[0]}"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_diag_onetime WHERE id=:id"); $stm->execute(array(':id'=>$row[0])); } else { //set time expiry $now = time(); if ($row[1]<100000000) { //is time its good for - not yet used $expiry = $now + $row[1]*60; - //DB $query = "UPDATE imas_diag_onetime SET goodfor=$expiry WHERE id={$row[0]}"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_diag_onetime SET goodfor=:goodfor WHERE id=:id"); $stm->execute(array(':goodfor'=>$expiry, ':id'=>$row[0])); } else if ($now<$row[1]) {//is expiry time and we're within it //alls good } else { //past expiry - //DB $query = "DELETE FROM imas_diag_onetime WHERE id={$row[0]}"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_diag_onetime WHERE id=:id"); $stm->execute(array(':id'=>$row[0])); $passwordnotfound = true; @@ -218,9 +193,6 @@ $passwordnotfound = true; } if ($passwordnotfound) { - //DB $query = "SELECT password FROM imas_users WHERE SID='$diagSID'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0 && strtoupper(mysql_result($result,0,0))==strtoupper($_POST['passwd'])) { $stm = $DBH->prepare("SELECT password FROM imas_users WHERE SID=:SID"); $stm->execute(array(':SID'=>$diagSID)); if ($stm->rowCount()>0 && strtoupper($stm->fetchColumn(0))==strtoupper($_POST['passwd'])) { @@ -234,11 +206,6 @@ } $cnt = 0; $now = time(); - - //DB $query = "SELECT id FROM imas_users WHERE SID='$diagSID'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $userid = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT id FROM imas_users WHERE SID=:SID"); $stm->execute(array(':SID'=>$diagSID)); if ($stm->rowCount()>0) { @@ -247,9 +214,6 @@ if (!in_array(strtolower($_POST['passwd']),$superpw) && (!$allowreentry || $line['reentrytime']>0)) { $aids = explode(',',$line['aidlist']); $paid = $aids[$_POST['course']]; - //DB $query = "SELECT id,starttime FROM imas_assessment_sessions WHERE userid='$userid' AND assessmentid='$paid'"; - //DB $r2 = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($r2)>0) { $stm2 = $DBH->prepare("SELECT id,starttime FROM imas_assessment_sessions WHERE userid=:userid AND assessmentid=:assessmentid"); $stm2->execute(array(':userid'=>$userid, ':assessmentid'=>$paid)); if ($stm2->rowCount()>0) { @@ -257,7 +221,6 @@ echo _("You've already taken this diagnostic."), " ", _('Back'), "\n"; exit; } else { - //DB $d = mysql_fetch_row($r2); $d = $stm2->fetch(PDO::FETCH_NUM); $now = time(); if ($now - $d[1] > 60*$line['reentrytime']) { @@ -281,21 +244,14 @@ } else { $tzname = ''; } - //DB $query = "INSERT INTO imas_sessions (sessionid,userid,time,tzoffset,tzname,sessiondata) VALUES ('$sessionid','$userid',$now,'{$_POST['tzoffset']}','$tzname','$enc')"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_sessions (sessionid,userid,time,tzoffset,tzname,sessiondata) VALUES (:sessionid, :userid, :time, :tzoffset, :tzname, :sessiondata)"); $stm->execute(array(':sessionid'=>$sessionid, ':userid'=>$userid, ':time'=>$now, ':tzoffset'=>$_POST['tzoffset'], ':tzname'=>$tzname, ':sessiondata'=>$enc)); $aids = explode(',',$line['aidlist']); $paid = $aids[$_POST['course']]; if ((intval($line['forceregen']) & (1<0) { - //DB $query = "DELETE FROM imas_assessment_sessions WHERE userid='$userid' AND assessmentid='$paid' LIMIT 1"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_assessment_sessions WHERE userid=:userid AND assessmentid=:assessmentid LIMIT 1"); $stm->execute(array(':userid'=>$userid, ':assessmentid'=>$paid)); } - - //DB $query = "UPDATE imas_users SET lastaccess=$now WHERE id=$userid"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_users SET lastaccess=:lastaccess WHERE id=:id"); $stm->execute(array(':lastaccess'=>$now, ':id'=>$userid)); @@ -310,11 +266,6 @@ } $eclass = $sel1[$_POST['course']] . '@' . $_POST['teachers']; - - //DB $query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, lastaccess) "; - //DB $query .= "VALUES ('$diagSID','{$_POST['passwd']}',10,'{$_POST['firstname']}','{$_POST['lastname']}','$eclass',$now);"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $userid = mysql_insert_id(); $query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, lastaccess) "; $query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :lastaccess);"; $stm = $DBH->prepare($query); @@ -323,8 +274,6 @@ } $stm->execute(array(':SID'=>$diagSID, ':password'=>$_POST['passwd'], ':rights'=>10, ':FirstName'=>$_POST['firstname'], ':LastName'=>$_POST['lastname'], ':email'=>$eclass, ':lastaccess'=>$now)); $userid = $DBH->lastInsertId(); - //DB $query = "INSERT INTO imas_students (userid,courseid,section) VALUES ('$userid','$pcid','{$_POST['teachers']}');"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); if (!isset($_POST['timelimitmult'])) { $_POST['timelimitmult'] = 1; } @@ -341,8 +290,6 @@ } else { $tzname = ''; } - //DB $query = "INSERT INTO imas_sessions (sessionid,userid,time,tzoffset,tzname,sessiondata) VALUES ('$sessionid','$userid',$now,'{$_POST['tzoffset']}','$tzname','$enc')"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_sessions (sessionid,userid,time,tzoffset,tzname,sessiondata) VALUES (:sessionid, :userid, :time, :tzoffset, :tzname, :sessiondata)"); $stm->execute(array(':sessionid'=>$sessionid, ':userid'=>$userid, ':time'=>$now, ':tzoffset'=>$_POST['tzoffset'], ':tzname'=>$tzname, ':sessiondata'=>$enc)); $aids = explode(',',$line['aidlist']); diff --git a/directaccess.php b/directaccess.php index 6716eba6ed..328df838cb 100644 --- a/directaccess.php +++ b/directaccess.php @@ -30,10 +30,6 @@ unset($_POST['username']); unset($_POST['password']); $page_newaccounterror = checkNewUserValidation(); - - //DB $query = "SELECT enrollkey,deflatepass FROM imas_courses WHERE id = '$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB list($enrollkey,$deflatepass) = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT enrollkey,deflatepass FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$_GET['cid'])); list($enrollkey,$deflatepass) = $stm->fetch(PDO::FETCH_NUM); @@ -71,29 +67,20 @@ } else { $homelayout = '|0,1,2||0,1'; } - //DB $query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify, homelayout) "; - //DB $query .= "VALUES ('{$_POST['SID']}','$md5pw',$initialrights,'{$_POST['firstname']}','{$_POST['lastname']}','{$_POST['email']}',$msgnot,'$homelayout');"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $newuserid = mysql_insert_id(); $query = "INSERT INTO imas_users (SID, password, rights, FirstName, LastName, email, msgnotify, homelayout) "; $query .= "VALUES (:SID, :password, :rights, :FirstName, :LastName, :email, :msgnotify, :homelayout)"; $stm = $DBH->prepare($query); $stm->execute(array(':SID'=>$_POST['SID'], ':password'=>$md5pw, ':rights'=>$initialrights, ':FirstName'=>$_POST['firstname'], ':LastName'=>$_POST['lastname'], ':email'=>$_POST['email'], ':msgnotify'=>$msgnot, ':homelayout'=>$homelayout)); $newuserid = $DBH->lastInsertId(); if (strlen($enrollkey)>0 && count($keylist)>1) { - //DB $query = "INSERT INTO imas_students (userid,courseid,section,gbcomment,latepass) VALUES ('$userid','$cid','{$_POST['ekey2']}','$code','$deflatepass');"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_students (userid,courseid,section,gbcomment,latepass) VALUES (:userid, :courseid, :section, :gbcomment, :latepass)"); $stm->execute(array(':userid'=>$newuserid, ':courseid'=>$cid, ':section'=>$_POST['ekey2'], ':gbcomment'=>$code, ':latepass'=>$deflatepass)); } else { - //DB $query = "INSERT INTO imas_students (userid,courseid,gbcomment,latepass) VALUES ('$newuserid','$cid','$code','$deflatepass');"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_students (userid,courseid,gbcomment,latepass) VALUES (:userid, :courseid, :gbcomment, :latepass)"); $stm->execute(array(':userid'=>$newuserid, ':courseid'=>$cid, ':gbcomment'=>$code, ':latepass'=>$deflatepass)); } if ($emailconfirmation) { - //DB $id = mysql_insert_id(); $id = $DBH->lastInsertId(); $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; @@ -124,22 +111,15 @@ $flexwidth = true; if ($verified) { //already have session if (!isset($studentid) && !isset($teacherid) && !isset($tutorid)) { //have account, not a student - //DB $query = "SELECT name,enrollkey,deflatepass FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB list($coursename,$enrollkey,$deflatepass) = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT name,enrollkey,deflatepass FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$_GET['cid'])); list($coursename,$enrollkey,$deflatepass) = $stm->fetch(PDO::FETCH_NUM); $keylist = array_map('trim',explode(';',$enrollkey)); if (strlen($enrollkey)==0 || (isset($_REQUEST['ekey']) && in_array($_REQUEST['ekey'], $keylist))) { if (count($keylist)>1) { - //DB $query = "INSERT INTO imas_students (userid,courseid,section,latepass) VALUES ('$userid','$cid','{$_REQUEST['ekey']}','$deflatepass')"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_students (userid,courseid,section,latepass) VALUES (:userid, :courseid, :section, :latepass)"); $stm->execute(array(':userid'=>$userid, ':courseid'=>$cid, ':section'=>$_REQUEST['ekey'], ':latepass'=>$deflatepass)); } else { - //DB $query = "INSERT INTO imas_students (userid,courseid,latepass) VALUES ('$userid','$cid','$deflatepass')"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_students (userid,courseid,latepass) VALUES (:userid, :courseid, :latepass)"); $stm->execute(array(':userid'=>$userid, ':courseid'=>$cid, ':latepass'=>$deflatepass)); } @@ -163,10 +143,6 @@ } } else { //not verified //$placeinhead = "\n"; - - //DB $query = "SELECT name FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $coursename = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT name FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$_GET['cid'])); $coursename = $stm->fetchColumn(0); @@ -199,10 +175,6 @@ if (file_exists("$curdir/".(isset($CFG['GEN']['directaccessincludepath'])?$CFG['GEN']['directaccessincludepath']:'')."directaccess$cid.html")) { require("$curdir/".(isset($CFG['GEN']['directaccessincludepath'])?$CFG['GEN']['directaccessincludepath']:'')."directaccess$cid.html"); } - - //DB $query = "SELECT enrollkey FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $enrollkey = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT enrollkey FROM imas_courses WHERE id=:id"); $stm->execute(array(':id'=>$cid)); $enrollkey = $stm->fetchColumn(0); diff --git a/embedq.php b/embedq.php index 85480ee22b..43f5491fd8 100644 --- a/embedq.php +++ b/embedq.php @@ -256,9 +256,6 @@ function printscore($sc,$qsetid,$seed) { $pts = $sc; if (!is_numeric($pts)) { $pts = 0;} } else { - //DB $query = "SELECT control FROM imas_questionset WHERE id='$qsetid'"; - //DB $result = mysql_query($query) or die("Query failed: $query: " . mysql_error()); - //DB $control = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT control FROM imas_questionset WHERE id=:id"); $stm->execute(array(':id'=>$qsetid)); $control = $stm->fetchColumn(0); diff --git a/filter/basiclti/post.php b/filter/basiclti/post.php index 75bd7ac888..11eddbcf90 100644 --- a/filter/basiclti/post.php +++ b/filter/basiclti/post.php @@ -6,9 +6,6 @@ exit; } $linkid = Sanitize::onlyInt($_GET['linkid']); -//DB $query = "SELECT text,title,points FROM imas_linkedtext WHERE id='{$_GET['linkid']}'"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB list($text,$title,$points) = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT text,title,points FROM imas_linkedtext WHERE id=:id"); $stm->execute(array(':id'=>$linkid)); list($text,$title,$points) = $stm->fetch(PDO::FETCH_NUM); @@ -27,17 +24,12 @@ $gradesecret = $toolparts[6]; } $tool = intval($tool); - -//DB $query = "SELECT * from imas_external_tools WHERE id=$tool AND (courseid='$cid' OR (courseid=0 AND (groupid='$groupid' OR groupid=0)))"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB if (mysql_num_rows($result)==0) { $stm = $DBH->prepare("SELECT * from imas_external_tools WHERE id=:id AND (courseid=:courseid OR (courseid=0 AND (groupid=:groupid OR groupid=0)))"); $stm->execute(array(':id'=>$tool, ':courseid'=>$cid, ':groupid'=>$groupid)); if ($stm->rowCount()==0) { echo 'Invalid tool'; exit; } -//DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $line = $stm->fetch(PDO::FETCH_ASSOC); require_once("blti_util.php"); @@ -63,10 +55,6 @@ } } } - -//DB $query = "SELECT FirstName,LastName,email FROM imas_users WHERE id='$userid'"; -//DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); -//DB list($firstname,$lastname,$email) = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT FirstName,LastName,email FROM imas_users WHERE id=:id"); $stm->execute(array(':id'=>$userid)); list($firstname,$lastname,$email) = $stm->fetch(PDO::FETCH_NUM); diff --git a/filter/graph/svgimg.php b/filter/graph/svgimg.php index 3f9a5b277b..86b02eb5cc 100644 --- a/filter/graph/svgimg.php +++ b/filter/graph/svgimg.php @@ -5,7 +5,6 @@ $imgdir = 'imgs/'; //relative to current dir if (isset($_GET['script']) && trim($_GET['script']!='')) { - //DB $_GET['script'] = stripslashes($_GET['script']); $fn = md5($_GET['script']); if (!file_exists($imgdir.$fn.'.png')) { include("asciisvgimg.php"); @@ -14,7 +13,6 @@ $AS->outputimage($imgdir.$fn.'.png'); } } else if (isset($_GET['sscr'])) { - //DB $_GET['sscr'] = stripslashes($_GET['sscr']); $fn = md5($_GET['sscr']); if (!file_exists($imgdir.$fn.'.png')) { include("asciisvgimg.php"); diff --git a/footer.php b/footer.php index 64a079e81e..ad234e7d85 100644 --- a/footer.php +++ b/footer.php @@ -40,9 +40,6 @@ function googleTranslateElementInit() { 0) { $stm = $DBH->query("SELECT id,name FROM imas_courses WHERE (istemplate&4)=4 AND available<4 ORDER BY name"); if ($stm->rowCount()>0) { $doselfenroll = true; @@ -66,7 +63,6 @@ echo '


            \n"; echo "
            \n"; if ($myrights>10 && $groupid>0) { - //DB $query = "SELECT name FROM imas_groups WHERE id=".intval($groupid); - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $r = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT name FROM imas_groups WHERE id=:id"); $stm->execute(array(':id'=>$groupid)); $r = $stm->fetch(PDO::FETCH_NUM); @@ -252,9 +242,6 @@ if ($line['deflib']==0) { $lname = "Unassigned"; } else { - //DB $query = "SELECT name FROM imas_libraries WHERE id='{$line['deflib']}'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $lname = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT name FROM imas_libraries WHERE id=:id"); $stm->execute(array(':id'=>$line['deflib'])); $lname = $stm->fetchColumn(0); @@ -306,9 +293,6 @@ echo '

            Enroll in a Course

            '; echo ""; $doselfenroll = false; - //DB $query = "SELECT id,name FROM imas_courses WHERE (istemplate&4)=4 AND available<4 ORDER BY name"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $stm = $DBH->query("SELECT id,name FROM imas_courses WHERE (istemplate&4)=4 AND available<4 ORDER BY name"); if ($stm->rowCount()>0) { $doselfenroll = true; @@ -316,7 +300,6 @@ echo '

            '; } - //DB $query = "SELECT ic.id,ic.name FROM imas_courses AS ic JOIN imas_tutors AS it ON ic.id=it.courseid WHERE it.userid='$userid' ORDER BY ic.name"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $stm = $DBH->prepare("SELECT ic.id,ic.name FROM imas_courses AS ic JOIN imas_tutors AS it ON ic.id=it.courseid WHERE it.userid=:userid ORDER BY ic.name"); $stm->execute(array(':userid'=>$userid)); if ($stm->rowCount()>0) { echo '

            Courses you\'re tutoring: Check: All None'; - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $allcourses[] = Sanitize::encodeStringForDisplay($row[0]); echo '
            '; } - //DB $query = "SELECT ic.id,ic.name FROM imas_courses AS ic JOIN imas_students AS it ON ic.id=it.courseid WHERE it.userid='$userid' ORDER BY ic.name"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $stm = $DBH->prepare("SELECT ic.id,ic.name FROM imas_courses AS ic JOIN imas_students AS it ON ic.id=it.courseid WHERE it.userid=:userid ORDER BY ic.name"); $stm->execute(array(':userid'=>$userid)); if ($stm->rowCount()>0) { echo '

            Courses you\'re taking: Check: All None'; - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $allcourses[] = $row[0]; echo '
            '; break; case "googlegadget": - //DB $query = "SELECT remoteaccess FROM imas_users WHERE id='$userid'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $code = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT remoteaccess FROM imas_users WHERE id=:id"); $stm->execute(array(':id'=>$userid)); $code = $stm->fetchColumn(0); @@ -503,14 +468,9 @@ for ($i=0;$i<10;$i++) { $pass .= substr($chars,rand(0,61),1); } - //DB $query = "SELECT id FROM imas_users WHERE remoteaccess='$pass'"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("SELECT id FROM imas_users WHERE remoteaccess=:remoteaccess"); $stm->execute(array(':remoteaccess'=>$pass)); - //DB } while (mysql_num_rows($result)>0); } while ($stm->rowCount()>0); - //DB $query = "UPDATE imas_users SET remoteaccess='$pass' WHERE id='$userid'"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_users SET remoteaccess=:remoteaccess WHERE id=:id"); $stm->execute(array(':remoteaccess'=>$pass, ':id'=>$userid)); $code = $pass; diff --git a/forums/flaggedthreads.php b/forums/flaggedthreads.php index 6abb651319..9f208ce54f 100644 --- a/forums/flaggedthreads.php +++ b/forums/flaggedthreads.php @@ -65,11 +65,6 @@ if (count($lastpost)>0) { echo '

        PostPointsPrivate Feedback
        '; $threadids = implode(',', array_map('intval', array_keys($lastpost))); - //DB $query = "SELECT imas_forum_posts.*,imas_users.LastName,imas_users.FirstName,imas_forum_threads.lastposttime FROM imas_forum_posts,imas_users,imas_forum_threads "; - //DB $query .= "WHERE imas_forum_posts.userid=imas_users.id AND imas_forum_posts.threadid=imas_forum_threads.id AND "; - //DB $query .= "imas_forum_posts.threadid IN ($threadids) AND imas_forum_posts.parent=0 ORDER BY imas_forum_posts.forumid, imas_forum_threads.lastposttime DESC"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { $query = "SELECT imas_forum_posts.*,imas_users.LastName,imas_users.FirstName,imas_forum_threads.lastposttime FROM imas_forum_posts,imas_users,imas_forum_threads "; $query .= "WHERE imas_forum_posts.userid=imas_users.id AND imas_forum_posts.threadid=imas_forum_threads.id AND "; $query .= "imas_forum_posts.threadid IN ($threadids) imas_forum_threads.lastposttime<$now AND imas_forum_posts.parent=0 ORDER BY imas_forum_threads.lastposttime DESC"; diff --git a/forums/forums.php b/forums/forums.php index 9e27a34abc..9c138e67c4 100644 --- a/forums/forums.php +++ b/forums/forums.php @@ -64,7 +64,6 @@ //get general forum info and page order $now = time(); - //DB $query = "SELECT * FROM imas_forums WHERE imas_forums.courseid='$cid'"; $query = "SELECT * FROM imas_forums WHERE imas_forums.courseid=:courseid"; if (!$teacherid) { //check for avail or past startdate; we'll do an enddate check later @@ -96,9 +95,6 @@ $forumdata[$row[5]]['enddate'] = $exceptionresult[7]; } } - - //DB $query = "SELECT itemorder FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : $query" . mysql_error()); $stm = $DBH->prepare("SELECT itemorder FROM imas_courses WHERE id=:id"); $result = $stm->execute(array(':id'=>$cid)); $itemorder = unserialize($stm->fetchColumn(0)); @@ -116,8 +112,6 @@ function flattenitems($items,&$addto) { flattenitems($itemorder,$itemsimporder); $itemsassoc = array(); - //DB $query = "SELECT id,typeid FROM imas_items WHERE courseid='$cid' AND itemtype='Forum'"; - //DB $result = mysql_query($query) or die("Query failed : $query" . mysql_error()); $stm = $DBH->prepare("SELECT id,typeid FROM imas_items WHERE courseid=:courseid AND itemtype='Forum'"); $stm->execute(array(':courseid'=>$cid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -224,9 +218,7 @@ function flattenitems($items,&$addto) { $query .= "WHERE imas_forums.courseid=? AND imas_forum_posts.id=imas_forum_posts.threadid "; //these are indexed fields, but parent is not $arr = array($now, $userid, $cid ); if ($searchstr != '') { - //DB $searchterms = explode(" ",addslashes($searchstr)); $searchterms = explode(" ", $searchstr); - //DB $searchlikes = "(imas_forum_posts.subject LIKE '%".implode("%' AND imas_forum_posts.subject LIKE '%",$searchterms)."%')"; $searchlikes = "(imas_forum_posts.subject LIKE ?".str_repeat(" AND imas_forum_posts.subject LIKE ?",count($searchterms)-1).") "; foreach ($searchterms as $t) { $arr[] = "%$t%"; @@ -249,8 +241,6 @@ function flattenitems($items,&$addto) { $stm = $DBH->prepare($query); $stm->execute($arr); $result=$stm->fetchALL(PDO::FETCH_ASSOC); - - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $threaddata = array(); $threadids = array(); foreach($result as $line) { @@ -261,16 +251,12 @@ function flattenitems($items,&$addto) { echo 'No results'; } else { $limthreads = implode(',', array_map('intval', $threadids)); - //DB $query = "SELECT threadid,COUNT(id) AS postcount,MAX(postdate) AS maxdate FROM imas_forum_posts "; - //DB $query .= "WHERE threadid IN ($limthreads) GROUP BY threadid"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $query = "SELECT threadid,COUNT(id) AS postcount,MAX(postdate) AS maxdate FROM imas_forum_posts "; $query .= "WHERE threadid IN ($limthreads) GROUP BY threadid"; $stm = $DBH->query($query); $postcount = array(); $maxdate = array(); - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $postcount[$row[0]] = $row[1] - 1; $maxdate[$row[0]] = $row[2]; @@ -343,19 +329,12 @@ function flattenitems($items,&$addto) { if ($searchstr != '') { $searchstr = trim(str_replace(' and ', ' ',$searchstr)); $searchterms = explode(" ", $searchstr); - //DB $searchlikes = "(imas_forum_posts.message LIKE '%".implode("%' AND imas_forum_posts.message LIKE '%",$searchterms)."%')"; - //DB $searchlikes2 = "(imas_forum_posts.subject LIKE '%".implode("%' AND imas_forum_posts.subject LIKE '%",$searchterms)."%')"; - //DB $searchlikes3 = "(imas_users.LastName LIKE '%".implode("%' AND imas_users.LastName LIKE '%",$searchterms)."%')"; $searchlikesarr = array(); foreach ($searchterms as $t) { $searchlikesarr[] = '(imas_forum_posts.message LIKE ? OR imas_forum_posts.subject LIKE ? OR imas_users.LastName LIKE ?)'; } $searchlikes = implode(' AND ', $searchlikesarr); } - - //DB $query = "SELECT imas_forums.id AS forumid,imas_forum_posts.id,imas_forum_posts.threadid,imas_forum_posts.subject,imas_forum_posts.message,imas_users.FirstName,imas_users.LastName,imas_forum_posts.postdate,imas_forums.name,imas_forum_posts.files,imas_forum_posts.isanon "; - //DB $query .= "FROM imas_forum_posts JOIN imas_forums ON imas_forum_posts.forumid=imas_forums.id "; - //DB $query .= "JOIN imas_users ON imas_users.id=imas_forum_posts.userid "; $query = "SELECT imas_forums.id AS forumid,imas_forum_posts.id,imas_forum_posts.threadid,imas_forum_posts.subject,imas_forum_posts.message,imas_users.FirstName,imas_users.LastName,imas_forum_posts.postdate,imas_forums.name,imas_forum_posts.files,imas_forum_posts.isanon "; $query .= "FROM imas_forum_posts JOIN imas_forums ON imas_forum_posts.forumid=imas_forums.id "; $query .= "JOIN imas_users ON imas_users.id=imas_forum_posts.userid "; @@ -451,10 +430,6 @@ function flattenitems($items,&$addto) { mfv.lastview OR (mfv.lastview IS NULL)) GROUP BY imas_forums.id"; */ - //DB $query = "SELECT imas_forum_threads.forumid, COUNT(imas_forum_threads.id) FROM imas_forum_threads "; - //DB $query .= "JOIN imas_forums ON imas_forum_threads.forumid=imas_forums.id AND imas_forums.courseid='$cid' "; - //DB $query .= "LEFT JOIN imas_forum_views as mfv ON mfv.threadid=imas_forum_threads.id AND mfv.userid='$userid' "; - //DB $query .= "WHERE (imas_forum_threads.lastposttime>mfv.lastview OR (mfv.lastview IS NULL)) "; - //DB NOT WORKING $query = "SELECT imas_forum_threads.forumid, COUNT(imas_forum_threads.id) FROM imas_forum_threads "; $query .= "JOIN imas_forums ON imas_forum_threads.forumid=imas_forums.id AND imas_forums.courseid=:courseid "; $query .= "LEFT JOIN imas_forum_views as mfv ON mfv.threadid=imas_forum_threads.id AND mfv.userid=:userid "; diff --git a/forums/listlikes.php b/forums/listlikes.php index afc978e02d..5e5ddb0e57 100644 --- a/forums/listlikes.php +++ b/forums/listlikes.php @@ -9,11 +9,6 @@ exit; } $postid = intval($_GET['post']); - -//DB $query = "SELECT imas_forums.id FROM imas_forums JOIN imas_forum_posts ON imas_forums.id=imas_forum_posts.forumid "; -//DB $query .= " WHERE imas_forum_posts.id=$postid AND imas_forums.courseid='$cid'"; -//DB $result = mysql_query($query) or die("Query failed : $query: " . mysql_error()); -//DB if (mysql_num_rows($result)==0) { $query = "SELECT imas_forums.id FROM imas_forums JOIN imas_forum_posts ON imas_forums.id=imas_forum_posts.forumid "; $query .= " WHERE imas_forum_posts.id=:id AND imas_forums.courseid=:courseid"; $stm = $DBH->prepare($query); @@ -27,11 +22,6 @@ require("../header.php"); echo '

        '._('Post Likes').'

        '; - -//DB query = "SELECT iu.LastName,iu.FirstName FROM imas_users AS iu JOIN "; -//DB $query .= "imas_forum_likes AS ifl ON iu.id=ifl.userid WHERE ifl.postid=$postid ORDER BY iu.LastName,iu.FirstName"; -//DB $result = mysql_query($query) or die("Query failed : $query: " . mysql_error()); -//DB if (mysql_num_rows($result)==0) { $query = "SELECT iu.LastName,iu.FirstName FROM imas_users AS iu JOIN "; $query .= "imas_forum_likes AS ifl ON iu.id=ifl.userid WHERE ifl.postid=:postid ORDER BY iu.LastName,iu.FirstName"; $stm = $DBH->prepare($query); @@ -40,7 +30,6 @@ echo '

        '._('No post likes').'

        '; } else { echo '
          '; - //DB while ($row = mysql_fetch_assoc($result)) { while ($row = $stm->fetch(PDO::FETCH_ASSOC)) { printf('
        • %s, %s
          • ', Sanitize::encodeStringForDisplay($row['LastName']), Sanitize::encodeStringForDisplay($row['FirstName'])); diff --git a/forums/listviews.php b/forums/listviews.php index c2a9a0c37f..35de066218 100644 --- a/forums/listviews.php +++ b/forums/listviews.php @@ -13,11 +13,6 @@ exit; } $thread = intval($_GET['thread']); - -//DB query = "SELECT imas_forums.id FROM imas_forums JOIN imas_forum_threads ON imas_forums.id=imas_forum_threads.forumid "; -//DB $query .= " WHERE imas_forum_threads.id=$thread AND imas_forums.courseid='$cid'"; -//DB $result = mysql_query($query) or die("Query failed : $query: " . mysql_error()); -//DB if (mysql_num_rows($result)==0) { $query = "SELECT imas_forums.id FROM imas_forums JOIN imas_forum_threads ON imas_forums.id=imas_forum_threads.forumid "; $query .= "WHERE imas_forum_threads.id=:id AND imas_forums.courseid=:courseid"; $stm = $DBH->prepare($query); @@ -31,11 +26,6 @@ require("../header.php"); echo '

          '._('Thread Views').'

          '; - -//DB $query = "SELECT iu.LastName,iu.FirstName,ifv.lastview FROM imas_users AS iu JOIN "; -//DB $query .= "imas_forum_views AS ifv ON iu.id=ifv.userid WHERE ifv.threadid=$thread ORDER BY ifv.lastview"; -//DB $result = mysql_query($query) or die("Query failed : $query: " . mysql_error()); -//DB if (mysql_num_rows($result)==0) { $query = "SELECT iu.LastName,iu.FirstName,ifv.lastview FROM imas_users AS iu JOIN "; $query .= "imas_forum_views AS ifv ON iu.id=ifv.userid WHERE ifv.threadid=:threadid ORDER BY ifv.lastview"; $stm = $DBH->prepare($query); @@ -45,7 +35,6 @@ } else { echo '
        TopicStarted ByForumLast Post Date
        '; echo ''; - //DB while ($row = mysql_fetch_assoc($result)) { while ($row = $stm->fetch(PDO::FETCH_ASSOC)) { echo ''; echo ''; diff --git a/forums/newthreads.php b/forums/newthreads.php index 57c9669e55..191639a12a 100644 --- a/forums/newthreads.php +++ b/forums/newthreads.php @@ -12,8 +12,6 @@ $query .= "GROUP BY imas_forum_posts.threadid HAVING ((max(imas_forum_posts.postdate)>mfv.lastview) OR (mfv.lastview IS NULL))"; */ $now = time(); -//DB $query = "SELECT imas_forums.name,imas_forums.id,imas_forum_threads.id as threadid,imas_forum_threads.lastposttime FROM imas_forum_threads "; -//DB $query .= "JOIN imas_forums ON imas_forum_threads.forumid=imas_forums.id "; $query = "SELECT imas_forums.name,imas_forums.id,imas_forum_threads.id as threadid,imas_forum_threads.lastposttime,mfv.tagged FROM imas_forum_threads "; $query .= "JOIN imas_forums ON imas_forum_threads.forumid=imas_forums.id AND imas_forum_threads.lastposttime<:now "; $array = array(':now'=>$now); @@ -51,8 +49,6 @@ if (count($forumids)>0) { $forumidlist = array_map('Sanitize::onlyInt', array_values($forumids)); $forumidlist_query_placeholders = Sanitize::generateQueryPlaceholders($forumidlist); - //DB $query = "SELECT DISTINCT threadid FROM imas_forum_posts WHERE forumid IN ($forumidlist)"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("SELECT DISTINCT threadid FROM imas_forum_posts WHERE forumid IN ($forumidlist_query_placeholders)"); $stm->execute(array_values($forumidlist)); @@ -66,10 +62,6 @@ $threadids_query_placeholders = Sanitize::generateQueryPlaceholders($threadidsSanitize); $toupdate = array(); - //DB $query = "SELECT threadid FROM imas_forum_views WHERE userid='$userid' AND threadid IN ($threadlist)"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { - //DB $to $stm = $DBH->prepare("SELECT threadid FROM imas_forum_views WHERE userid=? AND threadid IN ($threadids_query_placeholders)"); $stm->execute(array_merge(array($userid), $threadidsSanitize)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -78,15 +70,11 @@ if (count($toupdate)>0) { $toupdatelistSanitize = array_map('Sanitize::onlyInt', $toupdate);//INT vals from DB - safe $toupdatelist_query_placeholders = Sanitize::generateQueryPlaceholders($toupdatelistSanitize); - //DB $query = "UPDATE imas_forum_views SET lastview=$now WHERE userid='$userid AND threadid IN ($toupdatelist)'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_views SET lastview=? WHERE userid=? AND threadid IN ($toupdatelist_query_placeholders)"); $stm->execute(array_merge(array($now, $userid), $toupdatelistSanitize)); } $toinsert = array_diff($threadids,$toupdate); if (count($toinsert)>0) { - //DB $query = "INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES "; - //DB $query .= ",('$userid','$tid',$now)"; $query = "INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES "; $array = array(); @@ -95,7 +83,6 @@ if (!$first) { $query .= ','; } - //DB $query .= "('$userid','$tid',$now)"; $query .= "(?,?,?)"; array_push($array, $userid, $tid, $now); @@ -128,11 +115,6 @@ if (count($lastpost)>0) { echo '
        '._('Name').''._('Last Viewed').'
        '.$row['LastName'].', '.$row['FirstName'].''.tzdate("F j, Y, g:i a", $row['lastview']).'
        '; $threadids = array_map('intval', array_keys($lastpost)); - //DB $query = "SELECT imas_forum_posts.*,imas_users.LastName,imas_users.FirstName,imas_forum_threads.lastposttime FROM imas_forum_posts,imas_users,imas_forum_threads "; - //DB $query .= "WHERE imas_forum_posts.userid=imas_users.id AND imas_forum_posts.threadid=imas_forum_threads.id AND "; - //DB $query .= "imas_forum_posts.threadid IN ($threadids) AND imas_forum_posts.parent=0 ORDER BY imas_forum_posts.forumid, imas_forum_threads.lastposttime DESC"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { $ph = Sanitize::generateQueryPlaceholders($threadids); $query = "SELECT imas_forum_posts.*,imas_users.LastName,imas_users.FirstName,imas_forum_threads.lastposttime FROM imas_forum_posts,imas_users,imas_forum_threads "; $query .= "WHERE imas_forum_posts.userid=imas_users.id AND imas_forum_posts.threadid=imas_forum_threads.id AND "; diff --git a/forums/posthandler.php b/forums/posthandler.php index bdd8283eff..daedc46446 100644 --- a/forums/posthandler.php +++ b/forums/posthandler.php @@ -67,12 +67,9 @@ } else { $tag = ''; } - - //DB $_POST['subject'] = addslashes(htmlentities(stripslashes($_POST['subject']))); $_POST['subject'] = htmlentities($_POST['subject']); require_once("../includes/htmLawed.php"); - //DB $_POST['message'] = addslashes(myhtmLawed(stripslashes($_POST['message']))); $_POST['message'] = myhtmLawed($_POST['message']); $_POST['subject'] = trim(strip_tags($_POST['subject'])); if (trim($_POST['subject'])=='') { @@ -101,37 +98,20 @@ exit; } } - - //DB $query = "INSERT INTO imas_forum_posts (forumid,subject,message,userid,postdate,parent,posttype,isanon,replyby,tag) VALUES "; - //DB $query .= "('$forumid','{$_POST['subject']}','{$_POST['message']}','$userid',$now,0,'$type','$isanon',$replyby,'$tag')"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $threadid = mysql_insert_id(); $query = "INSERT INTO imas_forum_posts (forumid,subject,message,userid,postdate,parent,posttype,isanon,replyby,tag) VALUES "; $query .= "(:forumid, :subject, :message, :userid, :postdate, :parent, :posttype, :isanon, :replyby, :tag)"; $stm = $DBH->prepare($query); $stm->execute(array(':forumid'=>$forumid, ':subject'=>$_POST['subject'], ':message'=>$_POST['message'], ':userid'=>$userid, ':postdate'=>$thisposttime, ':parent'=>0, ':posttype'=>$type, ':isanon'=>$isanon, ':replyby'=>$replyby, ':tag'=>$tag)); $threadid = $DBH->lastInsertId(); - - //DB $query = "UPDATE imas_forum_posts SET threadid='$threadid' WHERE id='$threadid'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_posts SET threadid=:threadid WHERE id=:id"); $stm->execute(array(':threadid'=>$threadid, ':id'=>$threadid)); - - //DB $query = "INSERT INTO imas_forum_threads (id,forumid,lastposttime,lastpostuser,stugroupid) VALUES ('$threadid','$forumid',$now,'$userid','$groupid')"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_forum_threads (id,forumid,lastposttime,lastpostuser,stugroupid) VALUES (:id, :forumid, :lastposttime, :lastpostuser, :stugroupid)"); $stm->execute(array(':id'=>$threadid, ':forumid'=>$forumid, ':lastposttime'=>$thisposttime, ':lastpostuser'=>$userid, ':stugroupid'=>$groupid)); - - //DB $query = "INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES ('$userid','$threadid',$now)"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES (:userid, :threadid, :lastview)"); $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid, ':lastview'=>$now)); $sendemail = true; if (isset($studentid)) { - //DB $query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES "; - //DB $query .= "('$userid','$cid','forumpost','$threadid',$now,'$forumid')"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); $query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES "; $query .= "(:userid, :courseid, :type, :typeid, :viewtime, :info)"; $stm = $DBH->prepare($query); @@ -141,10 +121,6 @@ $_GET['modify'] = $threadid; $files = array(); } else if ($_GET['modify']=="reply") { //new reply post - - //DB $query = "SELECT userid FROM imas_forum_posts WHERE id='{$_GET['replyto']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)==0) { $stm = $DBH->prepare("SELECT userid FROM imas_forum_posts WHERE id=:id"); $stm->execute(array(':id'=>$_GET['replyto'])); if ($stm->rowCount()==0) { @@ -154,56 +130,33 @@ echo '

        Error:

        It looks like the post you were replying to was deleted. Your post is below in case you '; echo 'want to copy-and-paste it somewhere. Continue

        '; echo '
        '; - //DB echo '

        Message:

        '.filter(stripslashes($_POST['message'])).'
        '; // $_POST['message'] contains HTML. echo '

        Message:

        '.Sanitize::outgoingHtml(filter($_POST['message'])).'
        '; echo '

        HTML format:

        '; - //DB echo '
        '.htmlentities(stripslashes($_POST['message'])).'
        '; echo '
        '.Sanitize::encodeStringForDisplay($_POST['message']).'
        '; require("../footer.php"); exit; } else { - //DB $uid = mysql_result($result,0,0); $uid = $stm->fetchColumn(0); - - //DB $query = "INSERT INTO imas_forum_posts (forumid,threadid,subject,message,userid,postdate,parent,posttype,isanon) VALUES "; - //DB $query .= "('$forumid','$threadid','{$_POST['subject']}','{$_POST['message']}','$userid',$now,'{$_GET['replyto']}',0,'$isanon')"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $_GET['modify'] = mysql_insert_id(); $query = "INSERT INTO imas_forum_posts (forumid,threadid,subject,message,userid,postdate,parent,posttype,isanon) VALUES "; $query .= "(:forumid, :threadid, :subject, :message, :userid, :postdate, :parent, :posttype, :isanon)"; $stm = $DBH->prepare($query); $stm->execute(array(':forumid'=>$forumid, ':threadid'=>$threadid, ':subject'=>$_POST['subject'], ':message'=>$_POST['message'], ':userid'=>$userid, ':postdate'=>$now, ':parent'=>$_GET['replyto'], ':posttype'=>0, ':isanon'=>$isanon)); $_GET['modify'] = $DBH->lastInsertId(); - - //DB $query = "UPDATE imas_forum_threads SET lastposttime=$now,lastpostuser='$userid' WHERE id='$threadid'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_threads SET lastposttime=:lastposttime,lastpostuser=:lastpostuser WHERE id=:id"); $stm->execute(array(':lastposttime'=>$now, ':lastpostuser'=>$userid, ':id'=>$threadid)); if (isset($studentid)) { - //DB $query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES "; - //DB $query .= "('$userid','$cid','forumreply','{$_GET['modify']}',$now,'$forumid;$threadid')"; - //DB mysql_query($query) or die("Query failed : " . mysql_error()); - //DB $query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES "; - //DB $query .= "('$userid','$cid','forumreply','{$_GET['modify']}',$now,'$forumid')"; $query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES "; $query .= "(:userid, :courseid, :type, :typeid, :viewtime, :info)"; $stm = $DBH->prepare($query); $stm->execute(array(':userid'=>$userid, ':courseid'=>$cid, ':type'=>'forumreply', ':typeid'=>$_GET['modify'], ':viewtime'=>$now, ':info'=>"$forumid;$threadid")); } - - //DB if ($isteacher && isset($_POST['points']) && trim($_POST['points'])!='') { - //DB $query = "SELECT id FROM imas_grades WHERE gradetype='forum' AND refid='{$_GET['replyto']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $gradeid = mysql_result($result,0,0); if ($isteacher && isset($_POST['points']) && trim($_POST['points'])!='') { $stm = $DBH->prepare("SELECT id FROM imas_grades WHERE gradetype='forum' AND refid=:refid"); $stm->execute(array(':refid'=>$_GET['replyto'])); if ($stm->rowCount()>0) { $gradeid = $stm->fetchColumn(0); - //DB $query = "UPDATE imas_grades SET score='{$_POST['points']}' WHERE id=$gradeid"; $stm = $DBH->prepare("UPDATE imas_grades SET score=:score WHERE id=:id"); $stm->execute(array(':score'=>$_POST['points'], ':id'=>$gradeid)); @@ -214,9 +167,6 @@ //$query = "SELECT userid FROM imas_forum_posts WHERE id='{$_GET['replyto']}'"; //$result = mysql_query($query) or die("Query failed : $query " . mysql_error()); //$uid = mysql_result($result,0,0); - //DB $query = "INSERT INTO imas_grades (gradetype,gradetypeid,userid,refid,score) VALUES "; - //DB $query .= "('forum','$forumid','$uid','{$_GET['replyto']}','{$_POST['points']}')"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $query = "INSERT INTO imas_grades (gradetype,gradetypeid,userid,refid,score) VALUES "; $query .= "(:gradetype, :gradetypeid, :userid, :refid, :score)"; $stm = $DBH->prepare($query); @@ -227,8 +177,6 @@ $files = array(); } } else { - //DB $query = "UPDATE imas_forum_posts SET subject='{$_POST['subject']}',message='{$_POST['message']}',isanon='$isanon',tag='$tag',posttype='$type',replyby=$replyby "; - //DB $query .= "WHERE id='{$_GET['modify']}'"; $query = "UPDATE imas_forum_posts SET subject=:subject,message=:message,isanon=:isanon,tag=:tag,posttype=:posttype,replyby=:replyby"; $arr = array(':subject'=>$_POST['subject'], ':message'=>$_POST['message'], ':isanon'=>$isanon, ':tag'=>$tag, ':posttype'=>$type, ':replyby'=>$replyby, ':id'=>$_GET['modify']); if ($isteacher && isset($_POST['releaseon']) && $_POST['releaseon'] != 'nochange') { @@ -249,8 +197,6 @@ if ($caller=='thread' || $_GET['thread']==$_GET['modify']) { if ($groupsetid>0 && $isteacher && isset($_POST['stugroup'])) { $groupid = $_POST['stugroup']; - //DB $query = "UPDATE imas_forum_threads SET stugroupid='$groupid' WHERE id='{$_GET['modify']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_threads SET stugroupid=:stugroupid WHERE id=:id"); $stm->execute(array(':stugroupid'=>$groupid, ':id'=>$_GET['modify'])); @@ -262,11 +208,6 @@ } if (isset($studentid)) { - //DB $query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES "; - //DB $query .= "('$userid','$cid','forummod','{$_GET['modify']}',$now,'$forumid;$threadid')"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES "; - //DB $query .= "('$userid','$cid','forummod','{$_GET['modify']}',$now,'$forumid')"; $query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES "; $query .= "(:userid, :courseid, :type, :typeid, :viewtime, :info)"; $stm = $DBH->prepare($query); @@ -275,9 +216,6 @@ } $sendemail = false; - //DB $query = "SELECT files FROM imas_forum_posts WHERE id='{$_GET['modify']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $files = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT files FROM imas_forum_posts WHERE id=:id"); $stm->execute(array(':id'=>$_GET['modify'])); $files = $stm->fetchColumn(0); @@ -289,10 +227,6 @@ } } if ($sendemail) { - //DB $query = "SELECT iu.email FROM imas_users AS iu,imas_forum_subscriptions AS ifs WHERE "; - //DB $query .= "iu.id=ifs.userid AND ifs.forumid='$forumid' AND iu.id<>'$userid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $query = "SELECT iu.email FROM imas_users AS iu,imas_forum_subscriptions AS ifs WHERE "; $query .= "iu.id=ifs.userid AND ifs.forumid=:forumid AND iu.id<>:userid"; $stm = $DBH->prepare($query); @@ -303,13 +237,11 @@ $headers .= "From: $sendfrom\r\n"; $message = "

        This is an automated message. Do not respond to this email

        \r\n"; $message .= "

        A new post has been made in forum $forumname in course ".Sanitize::encodeStringForDisplay($coursename)."

        \r\n"; - //DB $message .= "

        Subject:".stripslashes($_POST['subject'])."

        "; $message .= "

        Subject:".Sanitize::encodeStringForDisplay($_POST['subject'])."

        "; $message .= "

        Poster: $userfullname

        "; $message .= ""; $message .= "View Posting\r\n"; } - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $row[0] = trim($row[0]); if ($row[0]!='' && $row[0]!='none@none.com') { @@ -343,17 +275,13 @@ $extension = strtolower(strrchr($userfilename,".")); if (!in_array($extension,$badextensions) && storeuploadedfile('newfile-'.$i,'ffiles/' .Sanitize::sanitizeFilenameAndCheckBlacklist($_GET['modify']).'/'.$userfilename,"public")) { - //DB $files[] = stripslashes($_POST['newfiledesc-'.$i]); $files[] = $_POST['newfiledesc-'.$i]; $files[] = $userfilename; } $i++; } } - //DB $files = addslashes(implode('@@',$files)); $files = implode('@@',$files); - //DB $query = "UPDATE imas_forum_posts SET files='$files' WHERE id='{$_GET['modify']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_posts SET files=:files WHERE id=:id"); $stm->execute(array(':files'=>$files, ':id'=>$_GET['modify'])); @@ -387,9 +315,6 @@ } $notice = ''; if ($_GET['modify']!="reply" && $_GET['modify']!='new') { - //DB $query = "SELECT * from imas_forum_posts WHERE id='{$_GET['modify']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $line = mysql_fetch_array($result, MYSQL_ASSOC); $stm = $DBH->prepare("SELECT * from imas_forum_posts WHERE id=:id"); $stm->execute(array(':id'=>$_GET['modify'])); $line = $stm->fetch(PDO::FETCH_ASSOC); @@ -404,10 +329,6 @@ if ($_GET['modify']=='reply') { //$query = "SELECT subject,points FROM imas_forum_posts WHERE id='{$_GET['replyto']}'"; - //DB $query = "SELECT ifp.subject,ig.score FROM imas_forum_posts AS ifp LEFT JOIN imas_grades AS ig ON "; - //DB $query .= "ig.gradetype='forum' AND ifp.id=ig.refid WHERE ifp.id='{$_GET['replyto']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $sub = mysql_result($result,0,0); $query = "SELECT ifp.subject,ig.score FROM imas_forum_posts AS ifp LEFT JOIN imas_grades AS ig ON "; $query .= "ig.gradetype='forum' AND ifp.id=ig.refid WHERE ifp.id=:id"; $stm = $DBH->prepare($query); @@ -420,9 +341,6 @@ $line['files'] = ''; $replyby = $line['replyby']; if ($isteacher) { - //DB $query = "SELECT points FROM imas_forums WHERE id='$forumid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $haspoints = (mysql_result($result,0,0)>0); $stm = $DBH->prepare("SELECT points FROM imas_forums WHERE id=:id"); $stm->execute(array(':id'=>$forumid)); $haspoints = ($stm->fetchColumn(0)>0); @@ -450,11 +368,6 @@ $GLOBALS['assessver'] = $parts[4]; if (count($parts)==6) { //wants to show ans - //DB $query = "SELECT seeds,attempts,questions FROM imas_assessment_sessions WHERE userid='$userid' AND assessmentid='{$parts[3]}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $seeds = explode(',',mysql_result($result,0,0)); - //DB $seeds = $seeds[$parts[0]]; - //DB $attempts = explode(',',mysql_result($result,0,1)); $stm = $DBH->prepare("SELECT seeds,attempts,questions FROM imas_assessment_sessions WHERE userid=:userid AND assessmentid=:assessmentid"); $stm->execute(array(':userid'=>$userid, ':assessmentid'=>$parts[3])); list($seeds, $attempts, $questions) = $stm->fetch(PDO::FETCH_NUM); @@ -462,28 +375,17 @@ $seeds = $seeds[$parts[0]]; $attempts = explode(',', $attempts); $attempts = $attempts[$parts[0]]; - //DB $qs = explode(',',mysql_result($result,0,2)); $qs = explode(',', $questions); $qid = intval($qs[$parts[0]]); - //DB $query = "SELECT questionsetid,attempts,showans FROM imas_questions WHERE id=$qid"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $parts[1] = mysql_result($result,0,0); - //DB $allowedattempts = mysql_result($result,0,1); - //DB $showans = mysql_result($result,0,2); $stm = $DBH->prepare("SELECT questionsetid,attempts,showans FROM imas_questions WHERE id=:id"); $stm->execute(array(':id'=>$qid)); list($parts[1], $allowedattempts, $showans) = $stm->fetch(PDO::FETCH_NUM); - - //DB $query = "SELECT defattempts,deffeedback,displaymethod FROM imas_assessments WHERE id='{$parts[3]}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB list($displaymode,$defshowans) = explode('-',mysql_result($result,0,1)); $stm = $DBH->prepare("SELECT defattempts,deffeedback,displaymethod FROM imas_assessments WHERE id=:id"); $stm->execute(array(':id'=>$parts[3])); list($defattempts,$deffeedback,$displaymethod) = $stm->fetch(PDO::FETCH_NUM); list($displaymode,$defshowans) = explode('-', $deffeedback); if ($allowedattempts==9999) { - //DB $allowedattempts = mysql_result($result,0,0); $allowedattempts = $defattempts; } if ($showans==0) { @@ -509,14 +411,11 @@ $line['message'] = '


        '.$message; if (isset($parts[3])) { - //DB $query = "SELECT name,itemorder FROM imas_assessments WHERE id='".intval($parts[3])."'"; $stm = $DBH->prepare("SELECT name,itemorder FROM imas_assessments WHERE id=:id"); $stm->execute(array(':id'=>$parts[3])); list($aname, $itemorder) = $stm->fetch(PDO::FETCH_NUM); // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $line['subject'] = 'Question about #'.($parts[0]+1).' in '.str_replace('"','"',mysql_result($result,0,0)); $line['subject'] = 'Question about #'.($parts[0]+1).' in '.str_replace('"','"', $aname); - //DB $itemorder = mysql_result($result,0,1); $isgroupedq = false; if (strpos($itemorder, '~')!==false) { $itemorder = explode(',',$itemorder); @@ -536,8 +435,6 @@ } if (!$isgroupedq) { - //DB $query = "SELECT ift.id FROM imas_forum_posts AS ifp JOIN imas_forum_threads AS ift ON ifp.threadid=ift.id AND ifp.parent=0 "; - //DB $query .= "WHERE ifp.subject='".addslashes($line['subject'])."' AND ift.forumid='$forumid'"; $query = "SELECT ift.id FROM imas_forum_posts AS ifp JOIN imas_forum_threads AS ift ON ifp.threadid=ift.id AND ifp.parent=0 "; $query .= "WHERE ifp.subject=:subject AND ift.forumid=:forumid"; $array = array(':forumid'=>$forumid, ':subject'=>$line['subject']); @@ -548,11 +445,9 @@ $stm = $DBH->prepare($query); $stm->execute($array); // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { if ($stm->rowCount()>0) { $notice = 'This question has already been posted about.
        '; $notice .= 'Please read and participate in the existing discussion.'; - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $notice .= "
        ".Sanitize::encodeStringForDisplay($line['subject']).""; } @@ -562,9 +457,6 @@ } //end if quoteq } } - //DB $query = "SELECT name,settings,forumtype,taglist,postinstr,replyinstr FROM imas_forums WHERE id='$forumid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $forumsettings = mysql_fetch_assoc($result); $stm = $DBH->prepare("SELECT name,settings,forumtype,taglist,postinstr,replyinstr FROM imas_forums WHERE id=:id"); $stm->execute(array(':id'=>$forumid)); $forumsettings = $stm->fetch(PDO::FETCH_ASSOC); @@ -720,9 +612,6 @@ function addnewfile(t) { echo ''; - //DB $query = "SELECT id,name FROM imas_stugroups WHERE groupsetid='$groupsetid' ORDER BY name"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $grpnums = 1; $stm = $DBH->prepare("SELECT id,name FROM imas_stugroups WHERE groupsetid=:groupsetid ORDER BY name,id"); $stm->execute(array(':groupsetid'=>$groupsetid)); @@ -751,10 +640,6 @@ function addnewfile(t) { if ($_GET['modify']=='reply') { echo "

        Replying to:

        "; - //DB $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName from imas_forum_posts,imas_users "; - //DB $query .= "WHERE imas_forum_posts.userid=imas_users.id AND (imas_forum_posts.id='$threadid' OR imas_forum_posts.threadid='$threadid')"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName from imas_forum_posts,imas_users "; $query .= "WHERE imas_forum_posts.userid=imas_users.id AND (imas_forum_posts.id=:id OR imas_forum_posts.threadid=:threadid)"; $stm = $DBH->prepare($query); @@ -802,9 +687,6 @@ function printparents($id) { if (isset($_POST['confirm'])) { $go = true; if (!$isteacher) { - //DB $query = "SELECT id FROM imas_forum_posts WHERE parent='{$_GET['remove']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $stm = $DBH->prepare("SELECT id FROM imas_forum_posts WHERE parent=:parent"); $stm->execute(array(':parent'=>$_GET['remove'])); if ($stm->rowCount()>0) { @@ -813,18 +695,11 @@ function printparents($id) { } if ($go) { require_once("../includes/filehandler.php"); - //DB $query = "SELECT parent,files FROM imas_forum_posts WHERE id='{$_GET['remove']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $parent = mysql_result($result,0,0); - //DB $files = mysql_result($result,0,1); $stm = $DBH->prepare("SELECT parent,files FROM imas_forum_posts WHERE id=:id"); $stm->execute(array(':id'=>$_GET['remove'])); list($parent,$files) = $stm->fetch(PDO::FETCH_NUM); if ($parent==0) { - //DB $query = "SELECT id FROM imas_forum_posts WHERE threadid='{$_GET['remove']}' AND files<>''"; - //DB $r = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($r)) { $stm = $DBH->prepare("SELECT id,files FROM imas_forum_posts WHERE threadid=:threadid"); $stm->execute(array(':threadid'=>$_GET['remove'])); $children = array(); @@ -839,32 +714,17 @@ function printparents($id) { $stm = $DBH->prepare("DELETE FROM imas_grades WHERE gradetype='forum' AND refid IN ($ph)"); $stm->execute($children); } - - - //DB $query = "DELETE FROM imas_forum_posts WHERE threadid='{$_GET['remove']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_forum_posts WHERE threadid=:threadid"); $stm->execute(array(':threadid'=>$_GET['remove'])); - - - //DB $query = "DELETE FROM imas_forum_threads WHERE id='{$_GET['remove']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_forum_threads WHERE id=:id"); $stm->execute(array(':id'=>$_GET['remove'])); - - //DB $query = "DELETE FROM imas_forum_views WHERE threadid='{$_GET['remove']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_forum_views WHERE threadid=:threadid"); $stm->execute(array(':threadid'=>$_GET['remove'])); $lastpost = true; } else { - //DB $query = "DELETE FROM imas_forum_posts WHERE id='{$_GET['remove']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_forum_posts WHERE id=:id"); $stm->execute(array(':id'=>$_GET['remove'])); - //DB $query = "UPDATE imas_forum_posts SET parent='$parent' WHERE parent='{$_GET['remove']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_posts SET parent=:parent WHERE parent=:parent2"); $stm->execute(array(':parent'=>$parent, ':parent2'=>$_GET['remove'])); $lastpost = false; @@ -873,8 +733,6 @@ function printparents($id) { deleteallpostfiles(Sanitize::onlyInt($_GET['remove'])); } } - //DB $query = "DELETE FROM imas_grades WHERE gradetype='forum' AND refid='{$_GET['remove']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_grades WHERE gradetype='forum' AND refid=:refid"); $stm->execute(array(':refid'=>$_GET['remove'])); @@ -887,18 +745,12 @@ function printparents($id) { exit; } else { $pagetitle = "Remove Post"; - //DB $query = "SELECT parent FROM imas_forum_posts WHERE id='{$_GET['remove']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $parent = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT parent FROM imas_forum_posts WHERE id=:id"); $stm->execute(array(':id'=>$_GET['remove'])); $parent = $stm->fetchColumn(0); require("../header.php"); if (!$isteacher) { - //DB $query = "SELECT id FROM imas_forum_posts WHERE parent='{$_GET['remove']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { $stm = $DBH->prepare("SELECT id FROM imas_forum_posts WHERE parent=:parent"); $stm->execute(array(':parent'=>$_GET['remove'])); if ($stm->rowCount()>0) { @@ -929,9 +781,6 @@ function printparents($id) { } else if (isset($_GET['move']) && $isteacher) { //moving post to a different forum NEW ONE if (isset($_POST['movetype'])) { $threadid = intval($_POST['thread']); - //DB $query = "SELECT * FROM imas_forum_posts WHERE threadid='$threadid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { $stm = $DBH->prepare("SELECT * FROM imas_forum_posts WHERE threadid=:threadid"); $stm->execute(array(':threadid'=>$threadid)); while ($line = $stm->fetch(PDO::FETCH_ASSOC)) { @@ -951,47 +800,31 @@ function addchildren($b,&$tochange,$children) { } addchildren($_GET['move'],$tochange,$children); $tochange[] = $_GET['move']; - //DB $list = "'".implode("','",$tochange)."'"; $list = implode(',', array_map('intval', $tochange)); if ($_POST['movetype']==0) { //move to different forum if ($children[0][0] == $_GET['move']) { //is post head of thread? //if head of thread, then : - //DB $query = "UPDATE imas_forum_posts SET forumid='{$_POST['movetof']}' WHERE threadid='{$_GET['move']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_posts SET forumid=:forumid WHERE threadid=:threadid"); $stm->execute(array(':forumid'=>$_POST['movetof'], ':threadid'=>$_GET['move'])); - //DB $query = "UPDATE imas_forum_threads SET forumid='{$_POST['movetof']}' WHERE id='{$_GET['move']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_threads SET forumid=:forumid WHERE id=:id"); $stm->execute(array(':forumid'=>$_POST['movetof'], ':id'=>$_GET['move'])); } else { //if not head of thread, need to create new thread, move items to new thread, then move forum - //DB $query = "SELECT lastposttime,lastpostuser FROM imas_forum_threads WHERE id='$threadid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT lastposttime,lastpostuser FROM imas_forum_threads WHERE id=:id"); $stm->execute(array(':id'=>$threadid)); $row = $stm->fetch(PDO::FETCH_NUM); //set all lower posts to new threadid and forumid - //DB $query = "UPDATE imas_forum_posts SET threadid='{$_GET['move']}',forumid='{$_POST['movetof']}' WHERE id IN ($list)"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_posts SET threadid=:threadid,forumid=:forumid WHERE id IN ($list)"); $stm->execute(array(':threadid'=>$_GET['move'], ':forumid'=>$_POST['movetof'])); //set post to head of thread - //DB $query = "UPDATE imas_forum_posts SET parent=0 WHERE id='{$_GET['move']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_posts SET parent=0 WHERE id=:id"); $stm->execute(array(':id'=>$_GET['move'])); //create new threads listing - //DB $query = "INSERT INTO imas_forum_threads (id,forumid,lastposttime,lastpostuser) VALUES ('{$_GET['move']}','{$_POST['movetof']}','{$row[0]}','{$row[1]}')"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("INSERT INTO imas_forum_threads (id,forumid,lastposttime,lastpostuser) VALUES (:id, :forumid, :lastposttime, :lastpostuser)"); $stm->execute(array(':id'=>$_GET['move'], ':forumid'=>$_POST['movetof'], ':lastposttime'=>$row[0], ':lastpostuser'=>$row[1])); } //update grade records - //DB $query = "UPDATE imas_grades SET gradetypeid='{$_POST['movetof']}' WHERE gradetype='forum' AND refid IN ($list)"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_grades SET gradetypeid=:gradetypeid WHERE gradetype='forum' AND refid IN ($list)"); $stm->execute(array(':gradetypeid'=>$_POST['movetof'])); @@ -999,26 +832,15 @@ function addchildren($b,&$tochange,$children) { exit; } else if ($_POST['movetype']==1) { //move to different thread if ($_POST['movetot'] != $threadid) { - //DB $query = "SELECT id FROM imas_forum_posts WHERE threadid='{$_POST['movetot']}' AND parent=0"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $base = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT id FROM imas_forum_posts WHERE threadid=:threadid AND parent=0"); $stm->execute(array(':threadid'=>$_POST['movetot'])); $base = $stm->fetchColumn(0); - - //DB $query = "UPDATE imas_forum_posts SET threadid='{$_POST['movetot']}' WHERE id IN ($list)"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_posts SET threadid=:threadid WHERE id IN ($list)"); $stm->execute(array(':threadid'=>$_POST['movetot'])); - - //DB $query = "UPDATE imas_forum_posts SET parent='$base' WHERE id='{$_GET['move']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("UPDATE imas_forum_posts SET parent=:parent WHERE id=:id"); $stm->execute(array(':parent'=>$base, ':id'=>$_GET['move'])); if ($base != $_GET['move'] ) {//if not moving back to self, //delete thread. One will only exist if moved post was head of thread - //DB $query = "DELETE FROM imas_forum_threads WHERE id='{$_GET['move']}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_forum_threads WHERE id=:id"); $stm->execute(array(':id'=>$_GET['move'])); } @@ -1044,9 +866,6 @@ function addchildren($b,&$tochange,$children) { if ($caller != 'thread') {echo "> Forum Topics ";} echo "> $returnname > Move Thread"; } - //DB $query = "SELECT parent FROM imas_forum_posts WHERE id='{$_GET['move']}'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_result($result,0,0)==0) { $stm = $DBH->prepare("SELECT parent FROM imas_forum_posts WHERE id=:id"); $stm->execute(array(':id'=>$_GET['move'])); @@ -1072,9 +891,6 @@ function addchildren($b,&$tochange,$children) { echo '
        Move to forum:
        '; - //DB $query = "SELECT id,name FROM imas_forums WHERE courseid='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT id,name FROM imas_forums WHERE courseid=:courseid"); $stm->execute(array(':courseid'=>$cid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -1087,9 +903,6 @@ function addchildren($b,&$tochange,$children) { echo '
        Move to thread:
        '; - //DB $query = "SELECT threadid,subject FROM imas_forum_posts WHERE forumid='$forumid' AND parent=0 ORDER BY id DESC"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT threadid,subject FROM imas_forum_posts WHERE forumid=:forumid AND parent=0 ORDER BY id DESC"); $stm->execute(array(':forumid'=>$forumid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { diff --git a/forums/posts.php b/forums/posts.php index f21ff0277e..31a8e55a3a 100644 --- a/forums/posts.php +++ b/forums/posts.php @@ -1,717 +1,634 @@ -Home Page and enroll\n"; - require("../footer.php"); - exit; -} -if (isset($teacherid)) { - $isteacher = true; -} else { - $isteacher = false; -} - -$cid = Sanitize::courseId($_GET['cid']); -$forumid = Sanitize::onlyInt($_GET['forum']); -$threadid = Sanitize::onlyInt($_GET['thread']); -$page = Sanitize::onlyInt($_GET['page']); -if (!empty($_GET['embed'])) { - $flexwidth = true; - $nologo = true; -} - -//special "page"s -//-1 new posts from forum page -//-2 tagged posts from forum page -//-3 new posts from newthreads page -//-4 forum search -//-5 tagged posts page - -if ($page==-4) { - $redirecturl = $GLOBALS['basesiteurl'] . "/forums/forums.php?cid=$cid"; -} else if ($page==-3) { - $redirecturl = $GLOBALS['basesiteurl'] . "/forums/newthreads.php?cid=$cid"; -} else if ($page==-5) { - $redirecturl = $GLOBALS['basesiteurl'] . "/forums/flaggedthreads.php?cid=$cid"; -} else { - $redirecturl = $GLOBALS['basesiteurl'] . "/forums/thread.php?cid=$cid&forum=$forumid&page=$page"; -} -if (isset($_GET['markunread'])) { - //DB $query = "DELETE FROM imas_forum_views WHERE userid='$userid' AND threadid='$threadid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - $stm = $DBH->prepare("DELETE FROM imas_forum_views WHERE userid=:userid AND threadid=:threadid"); - $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid)); - header('Location: ' . $redirecturl . "&r=" . Sanitize::randomQueryStringParam()); - exit; -} -if (isset($_GET['marktagged'])) { - //DB $query = "UPDATE imas_forum_views SET tagged=1 WHERE userid='$userid' AND threadid='$threadid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - $stm = $DBH->prepare("UPDATE imas_forum_views SET tagged=1 WHERE userid=:userid AND threadid=:threadid"); - $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid)); - header('Location: ' . $redirecturl . "&r=" . Sanitize::randomQueryStringParam()); - exit; -} else if (isset($_GET['markuntagged'])) { - //DB $query = "UPDATE imas_forum_views SET tagged=0 WHERE userid='$userid' AND threadid='$threadid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - $stm = $DBH->prepare("UPDATE imas_forum_views SET tagged=0 WHERE userid=:userid AND threadid=:threadid"); - $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid)); - header('Location: ' . $redirecturl . "&r=" . Sanitize::randomQueryStringParam()); - exit; -} -//DB $query = "SELECT settings,replyby,defdisplay,name,points,groupsetid,postby,rubric,tutoredit,enddate,avail,allowlate FROM imas_forums WHERE id='$forumid'"; -//DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); -$stm = $DBH->prepare("SELECT settings,replyby,defdisplay,name,points,groupsetid,postby,rubric,tutoredit,enddate,avail,allowlate FROM imas_forums WHERE id=:id"); -$stm->execute(array(':id'=>$forumid)); - -//DB list($forumsettings, $replyby, $defdisplay, $forumname, $pointsposs, $groupset, $postby, $rubric, $tutoredit, $enddate, $avail, $allowlate) = mysql_fetch_row($result); -list($forumsettings, $replyby, $defdisplay, $forumname, $pointsposs, $groupset, $postby, $rubric, $tutoredit, $enddate, $avail, $allowlate) = $stm->fetch(PDO::FETCH_NUM); -if (($postby>0 && $postby<2000000000) || ($replyby>0 && $replyby<2000000000)) { - //DB $query = "SELECT startdate,enddate,islatepass,waivereqscore,itemtype FROM imas_exceptions WHERE assessmentid='$forumid' AND userid='$userid' AND (itemtype='F' OR itemtype='P' OR itemtype='R')"; - //DB $result = mysql_query($query) or die("Query failed : $query" . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $exception = mysql_fetch_row($result); - $stm = $DBH->prepare("SELECT startdate,enddate,islatepass,waivereqscore,itemtype FROM imas_exceptions WHERE assessmentid=:assessmentid AND userid=:userid AND (itemtype='F' OR itemtype='P' OR itemtype='R')"); - $stm->execute(array(':assessmentid'=>$forumid, ':userid'=>$userid)); - if ($stm->rowCount()>0) { - $exception = $stm->fetch(PDO::FETCH_NUM); - } else { - $exception = null; - } - require_once("../includes/exceptionfuncs.php"); - if (isset($studentid) && !isset($sessiondata['stuview'])) { - $exceptionfuncs = new ExceptionFuncs($userid, $cid, true, $studentinfo['latepasses'], $latepasshrs); - } else { - $exceptionfuncs = new ExceptionFuncs($userid, $cid, false); - } - $infoline = array('replyby'=>$replyby, 'postby'=>$postby, 'enddate'=>$enddate, 'allowlate'=>$allowlate); - list($canundolatepassP, $canundolatepassR, $canundolatepass, $canuselatepassP, $canuselatepassR, $postby, $replyby, $enddate) = $exceptionfuncs->getCanUseLatePassForums($exception, $infoline); -} -if (isset($studentid) && ($avail==0 || ($avail==1 && time()>$enddate))) { - require("../header.php"); - echo '

        This forum is closed. Return to the course page

        '; - require("../footer.php"); - exit; -} - -$allowreply = ($isteacher || (time()<$replyby)); -$allowanon = (($forumsettings&1)==1); -$allowmod = ($isteacher || (($forumsettings&2)==2)); -$allowdel = ($isteacher || (($forumsettings&4)==4)); -$allowlikes = (($forumsettings&8)==8); -$postbeforeview = (($forumsettings&16)==16); -$haspoints = ($pointsposs > 0); -$groupid = 0; - -$canviewall = (isset($teacherid) || isset($tutorid)); -$caneditscore = (isset($teacherid) || (isset($tutorid) && $tutoredit==1)); -$canviewscore = (isset($teacherid) || (isset($tutorid) && $tutoredit<2)); - -if ($groupset>0) { - if (!isset($_GET['grp'])) { - if (!$canviewall) { - //DB $query = 'SELECT i_sg.id FROM imas_stugroups AS i_sg JOIN imas_stugroupmembers as i_sgm ON i_sgm.stugroupid=i_sg.id '; - //DB $query .= "WHERE i_sgm.userid='$userid' AND i_sg.groupsetid='$groupset'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $groupid = mysql_result($result,0,0); - $query = 'SELECT i_sg.id FROM imas_stugroups AS i_sg JOIN imas_stugroupmembers as i_sgm ON i_sgm.stugroupid=i_sg.id '; - $query .= "WHERE i_sgm.userid=:userid AND i_sg.groupsetid=:groupsetid"; - $stm = $DBH->prepare($query); - $stm->execute(array(':userid'=>$userid, ':groupsetid'=>$groupset)); - if ($stm->rowCount()>0) { - $groupid = $stm->fetchColumn(0); - } else { - $groupid=0; - } - } else { - $groupid = -1; - } - } else { - if (!$canviewall) { - $groupid = intval($_GET['grp']); - //DB $query = "SELECT id FROM imas_stugroupmembers WHERE stugroupid='$groupid' AND userid='$userid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)==0) { - $stm = $DBH->prepare("SELECT id FROM imas_stugroupmembers WHERE stugroupid=:stugroupid AND userid=:userid"); - $stm->execute(array(':stugroupid'=>$groupid, ':userid'=>$userid)); - if ($stm->rowCount()==0) { - echo 'Invalid group - try again'; - exit; - } - } else { - $groupid = intval($_GET['grp']); - } - } -} -$placeinhead = ''; -if ($haspoints && $caneditscore && $rubric != 0) { - $placeinhead .= ''; - require("../includes/rubric.php"); -} - - -if (isset($_GET['view'])) { - $view = $_GET['view']; -} else { - $view = $defdisplay; //0: expanded, 1: collapsed, 2: condensed -} - -$caller = "posts"; -include("posthandler.php"); - -$pagetitle = "Posts"; -$placeinhead .= ''; -$placeinhead .= ''; -//$placeinhead = "\n"; -if ($caneditscore && $sessiondata['useed']!=0) { - $useeditor = "noinit"; - $placeinhead .= ''; -} -require("../header.php"); - -if ($haspoints && $caneditscore && $rubric != 0) { - //DB $query = "SELECT id,rubrictype,rubric FROM imas_rubrics WHERE id=$rubric"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $row = mysql_fetch_row($result); - $stm = $DBH->prepare("SELECT id,rubrictype,rubric FROM imas_rubrics WHERE id=:id"); - $stm->execute(array(':id'=>$rubric)); - if ($stm->rowCount()>0) { - $row = $stm->fetch(PDO::FETCH_NUM); - // $row data is sanitized by printrubrics(). - echo printrubrics(array($row)); - } -} - -$allowmsg = false; -if (!$canviewall) { - //DB $query = "SELECT msgset FROM imas_courses WHERE id='$cid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if ((mysql_result($result,0,0)%5)==0) { - $stm = $DBH->prepare("SELECT msgset FROM imas_courses WHERE id=:id"); - $stm->execute(array(':id'=>$cid)); - if (($stm->fetchColumn(0)%5)==0) { - $allowmsg = true; - } -} -if ($postbeforeview && !$canviewall) { - //DB $query = "SELECT id FROM imas_forum_posts WHERE forumid='$forumid' AND parent=0 AND userid='$userid' LIMIT 1"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $oktoshow = (mysql_num_rows($result)>0); - $stm = $DBH->prepare("SELECT id FROM imas_forum_posts WHERE forumid=:forumid AND parent=0 AND userid=:userid LIMIT 1"); - $stm->execute(array(':forumid'=>$forumid, ':userid'=>$userid)); - $oktoshow = ($stm->rowCount()>0); - if (!$oktoshow) { - //DB $query = "SELECT posttype FROM imas_forum_posts WHERE id='$threadid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $oktoshow = (mysql_result($result,0,0)>0); - $stm = $DBH->prepare("SELECT posttype FROM imas_forum_posts WHERE id=:id"); - $stm->execute(array(':id'=>$threadid)); - $oktoshow = ($stm->fetchColumn(0)>0); - } -} else { - $oktoshow = true; -} - -if ($oktoshow) { - if ($haspoints) { - //DB $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg,imas_grades.score,imas_grades.feedback,imas_students.section FROM "; - //DB $query .= "imas_forum_posts JOIN imas_users ON imas_forum_posts.userid=imas_users.id "; - //DB $query .= "LEFT JOIN imas_students ON imas_students.userid=imas_forum_posts.userid AND imas_students.courseid='$cid' "; - //DB $query .= "LEFT JOIN imas_grades ON imas_grades.gradetype='forum' AND imas_grades.refid=imas_forum_posts.id "; - //DB $query .= "WHERE (imas_forum_posts.id='$threadid' OR imas_forum_posts.threadid='$threadid') ORDER BY imas_forum_posts.id"; - $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg,imas_grades.score,imas_grades.feedback,imas_students.section FROM "; - $query .= "imas_forum_posts JOIN imas_users ON imas_forum_posts.userid=imas_users.id "; - $query .= "LEFT JOIN imas_students ON imas_students.userid=imas_forum_posts.userid AND imas_students.courseid=:courseid "; - $query .= "LEFT JOIN imas_grades ON imas_grades.gradetype='forum' AND imas_grades.refid=imas_forum_posts.id "; - $query .= "WHERE (imas_forum_posts.id=:id OR imas_forum_posts.threadid=:threadid) ORDER BY imas_forum_posts.id"; - } else { - //DB $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg,imas_students.section FROM "; - //DB $query .= "imas_forum_posts JOIN imas_users ON imas_forum_posts.userid=imas_users.id "; - //DB $query .= "LEFT JOIN imas_students ON imas_students.userid=imas_forum_posts.userid AND imas_students.courseid='$cid' "; - //DB $query .= "WHERE (imas_forum_posts.id='$threadid' OR imas_forum_posts.threadid='$threadid') ORDER BY imas_forum_posts.id"; - $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg,imas_students.section FROM "; - $query .= "imas_forum_posts JOIN imas_users ON imas_forum_posts.userid=imas_users.id "; - $query .= "LEFT JOIN imas_students ON imas_students.userid=imas_forum_posts.userid AND imas_students.courseid=:courseid "; - $query .= "WHERE (imas_forum_posts.id=:id OR imas_forum_posts.threadid=:threadid) ORDER BY imas_forum_posts.id"; - //$query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg from imas_forum_posts,imas_users "; - //$query .= "WHERE imas_forum_posts.userid=imas_users.id AND (imas_forum_posts.id='$threadid' OR imas_forum_posts.threadid='$threadid') ORDER BY imas_forum_posts.id"; - } - $stm = $DBH->prepare($query); - $stm->execute(array(':courseid'=>$cid, ':id'=>$threadid, ':threadid'=>$threadid)); - // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - $children = array(); $date = array(); $subject = array(); $re = array(); $message = array(); $posttype = array(); $likes = array(); $mylikes = array(); - $ownerid = array(); $files = array(); $points= array(); $feedback= array(); $poster= array(); $email= array(); $hasuserimg = array(); $section = array(); - //DB while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { - while ($line = $stm->fetch(PDO::FETCH_ASSOC)) { - if ($line['parent']==0) { - if ($line['replyby']!=null) { - $allowreply = ($canviewall || (time()<$line['replyby'])); - } - } - - if ($line['id']==$threadid) { - $newviews = $line['views']+1; - } - $children[$line['parent']][] = $line['id']; - $date[$line['id']] = $line['postdate']; - $n = 0; - while (strpos($line['subject'],'Re: ')===0) { - $line['subject'] = substr($line['subject'],4); - $n++; - } - if ($n==1) { - $re[$line['id']] = _('Re').': '; - } else if ($n>1) { - $re[$line['id']] = _('Re')."$n: "; - } else { - $re[$line['id']] = ''; - } - - $subject[$line['id']] = $line['subject']; - if ($sessiondata['graphdisp']==0) { - $line['message'] = preg_replace('/]*alt="([^"]*)"[^>]*>/',"[$1]", $line['message']); - } - $message[$line['id']] = $line['message']; - $posttype[$line['id']] = $line['posttype']; - $ownerid[$line['id']] = $line['userid']; - $hasuserimg[$line['id']] = $line['hasuserimg']; - - if ($line['files']!='') { - $files[$line['id']] = $line['files']; - } - if ($haspoints && $line['score']!==null) { - $points[$line['id']] = 1*$line['score']; - $feedback[$line['id']] = $line['feedback']; - } else { - $points[$line['id']] = $line['score']; - $feedback[$line['id']] = null; - } - if ($line['isanon']==1) { - $poster[$line['id']] = "Anonymous"; - $ownerid[$line['id']] = 0; - } else { - $poster[$line['id']] = $line['FirstName'] . ' ' . $line['LastName']; - $section[$line['id']] = $line['section']; - $email[$line['id']] = $line['email']; - } - $likes[$line['id']] = array(0,0,0); - - } - - if ($allowlikes) { - //get likes - //DB $query = "SELECT postid,type,count(*) FROM imas_forum_likes WHERE threadid='$threadid'"; - //DB $query .= "GROUP BY postid,type"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { - $query = "SELECT postid,type,count(*) FROM imas_forum_likes WHERE threadid=:threadid "; - $query .= "GROUP BY postid,type"; - $stm = $DBH->prepare($query); - $stm->execute(array(':threadid'=>$threadid)); - while ($row = $stm->fetch(PDO::FETCH_NUM)) { - $likes[$row[0]][$row[1]] = $row[2]; - } - - //DB $query = "SELECT postid FROM imas_forum_likes WHERE threadid='$threadid' AND userid='$userid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { - $stm = $DBH->prepare("SELECT postid FROM imas_forum_likes WHERE threadid=:threadid AND userid=:userid"); - $stm->execute(array(':threadid'=>$threadid, ':userid'=>$userid)); - while ($row = $stm->fetch(PDO::FETCH_NUM)) { - $mylikes[] = $row[0]; - } - } - - if (count($files)>0) { - require_once('../includes/filehandler.php'); - } - //update view count - //DB $query = "UPDATE imas_forum_posts SET views='$newviews' WHERE id='$threadid'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); - $stm = $DBH->prepare("UPDATE imas_forum_posts SET views=:views WHERE id=:id"); - $stm->execute(array(':views'=>$newviews, ':id'=>$threadid)); - - //DB $query = "UPDATE imas_forum_threads SET views=views+1 WHERE id='$threadid'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); - $stm = $DBH->prepare("UPDATE imas_forum_threads SET views=views+1 WHERE id=:id"); - $stm->execute(array(':id'=>$threadid)); - - //mark as read - //DB $query = "SELECT lastview,tagged FROM imas_forum_views WHERE userid='$userid' AND threadid='$threadid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - $stm = $DBH->prepare("SELECT lastview,tagged FROM imas_forum_views WHERE userid=:userid AND threadid=:threadid"); - $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid)); - $now = time(); - //DB if (mysql_num_rows($result)>0) { - //DB $lastview = mysql_result($result,0,0); - //DB $tagged = mysql_result($result,0,1); - if ($stm->rowCount()>0) { - list($lastview, $tagged) = $stm->fetch(PDO::FETCH_NUM); - //DB $query = "UPDATE imas_forum_views SET lastview=$now WHERE userid='$userid' AND threadid='$threadid'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); - $stm = $DBH->prepare("UPDATE imas_forum_views SET lastview=:lastview WHERE userid=:userid AND threadid=:threadid"); - $stm->execute(array(':lastview'=>$now, ':userid'=>$userid, ':threadid'=>$threadid)); - } else { - $lastview = 0; - $tagged = 0; - //DB $query = "INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES ('$userid','$threadid',$now)"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); - $stm = $DBH->prepare("INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES (:userid, :threadid, :lastview)"); - $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid, ':lastview'=>$now)); - } -} -if (empty($_GET['embed'])) { - echo "
        $breadcrumbbase ".Sanitize::encodeStringForDisplay($coursename)." > "; - if ($page==-4) { - echo "Forum Search "; - } else if ($page==-3) { - echo "New Threads "; - } else if ($page==-5) { - echo "Flagged Threads "; - } else { - echo "".Sanitize::encodeStringForDisplay($forumname)." "; - } - echo "> Posts
        \n"; -} - -if (!$oktoshow) { - echo '

        This post is blocked. In this forum, you must post your own thread before you can read those posted by others.

        '; -} else { - echo '

        Forum: '.Sanitize::encodeStringForDisplay($forumname).'

        '; - echo ""._('Post').': '. $re[$threadid] . Sanitize::encodeStringForDisplay($subject[$threadid]) . "
        \n"; - - //DB $query = "SELECT id FROM imas_forum_threads WHERE forumid='$forumid' AND id<'$threadid' "; - $query = "SELECT id FROM imas_forum_threads WHERE forumid=:forumid AND id<:threadid AND lastposttime<:now "; - $array = array(':forumid'=>$forumid, ':threadid'=>$threadid, ':now'=>$now); - if ($groupset>0 && $groupid!=-1) { - //DB $query .= "AND (stugroupid='$groupid' OR stugroupid=0) "; - $query .= "AND (stugroupid=:stugroupid OR stugroupid=0) "; - $array[':stugroupid']=$groupid; - } - $query .= "ORDER BY id DESC LIMIT 1"; - //$query = "SELECT id FROM imas_forum_posts WHERE forumid='$forumid' AND threadid<'$threadid' AND parent=0 ORDER BY threadid DESC LIMIT 1"; - $stm = $DBH->prepare($query); - $stm->execute($array); - // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - $prevth = ''; - //DB if (mysql_num_rows($result)>0) { - //DB $prevth = mysql_result($result,0,0); - if ($stm->rowCount()>0) { - $prevth = $stm->fetchColumn(0); - echo "Prev "; - } else { - echo "Prev "; - } - - //DB $query = "SELECT id FROM imas_forum_threads WHERE forumid='$forumid' AND id>'$threadid' "; - $query ="SELECT id FROM imas_forum_threads WHERE forumid=:forumid AND id>:threadid AND lastposttime<:now "; - $array = array(':forumid'=>$forumid, ':threadid'=>$threadid, ':now'=>$now); - if ($groupset>0 && $groupid!=-1) { - //DB $query .= "AND (stugroupid='$groupid' OR stugroupid=0) "; - $query .= "AND (stugroupid=:stugroupid OR stugroupid=0) "; - $array[':stugroupid']=$groupid; - } - $query .= "ORDER BY id LIMIT 1"; - $stm = $DBH->prepare($query); - $stm->execute($array); - //$query = "SELECT id FROM imas_forum_posts WHERE forumid='$forumid' AND threadid>'$threadid' AND parent=0 ORDER BY threadid LIMIT 1"; - // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - $nextth = ''; - //DB if (mysql_num_rows($result)>0) { - //DB $nextth = mysql_result($result,0,0); - if ($stm->rowCount()>0) { - $nextth = $stm->fetchColumn(0); - echo "Next"; - } else { - echo "Next"; - } - echo " | Mark Unread"; - if ($tagged) { - echo "| \"Flagged\" "; - } else { - echo "| \"Not "; - } - - echo '| '; - echo ' | '; - echo ''; - echo ''; - - - /*if ($view==2) { - echo "View Expanded"; -} else { -echo "View Condensed"; -}*/ - -function printchildren($base,$restricttoowner=false) { - $curdir = rtrim(dirname(__FILE__), '/\\'); - global $DBH,$children,$date,$subject,$re,$message,$poster,$email,$forumid,$threadid,$isteacher,$cid,$userid,$ownerid,$points; - global $feedback,$posttype,$lastview,$myrights,$allowreply,$allowmod,$allowdel,$allowlikes,$view,$page,$allowmsg; - global $haspoints,$imasroot,$postby,$replyby,$files,$CFG,$rubric,$pointsposs,$hasuserimg,$urlmode,$likes,$mylikes,$section; - global $canviewall, $caneditscore, $canviewscore, $sessiondata; - if (!isset($CFG['CPS']['itemicons'])) { - $itemicons = array('web'=>'web.png', 'doc'=>'doc.png', 'wiki'=>'wiki.png', - 'html'=>'html.png', 'forum'=>'forum.png', 'pdf'=>'pdf.png', - 'ppt'=>'ppt.png', 'zip'=>'zip.png', 'png'=>'image.png', 'xls'=>'xls.png', - 'gif'=>'image.png', 'jpg'=>'image.png', 'bmp'=>'image.png', - 'mp3'=>'sound.png', 'wav'=>'sound.png', 'wma'=>'sound.png', - 'swf'=>'video.png', 'avi'=>'video.png', 'mpg'=>'video.png', - 'nb'=>'mathnb.png', 'mws'=>'maple.png', 'mw'=>'maple.png'); - } else { - $itemicons = $CFG['CPS']['itemicons']; - } - foreach($children[$base] as $child) { - if ($restricttoowner && $ownerid[$child] != $userid) { - continue; - } - echo "
        "; - echo ''; - if (isset($children[$child])) { - if ($view==1) { - $lbl = '+'; - $img = "expand"; - } else { - $lbl = '-'; - $img = "collapse"; - } - echo "\"Expand/Collapse\"/ "; - } - if ($hasuserimg[$child]==1) { - if(isset($GLOBALS['CFG']['GEN']['AWSforcoursefiles']) && $GLOBALS['CFG']['GEN']['AWSforcoursefiles'] == true) { - echo "\"User"; - } else { - echo "\"User"; - } - } - echo ''; - echo ""; - - if ($view==2) { - echo "\n"; - } else { - echo "\n"; - } - if ($posttype[$child]!=2 && $myrights > 5 && $allowreply) { - $embedstr = isset($_GET['embed'])?'&embed=true':''; - echo "Reply "; - } - if ($isteacher || ($ownerid[$child]==$userid && $allowmod && (($base==0 && time()<$postby) || ($base>0 && time()<$replyby))) || ($allowdel && $ownerid[$child]==$userid && !isset($children[$child]))) { - echo ''; - echo ''; - echo ''; - } - - echo "\n"; - echo ''; - echo "".$re[$child]. Sanitize::encodeStringForDisplay($subject[$child]) . "
        "._('Posted by').": "; - //if ($isteacher && $ownerid[$child]!=0) { - // echo ""; - //} else if ($allowmsg && $ownerid[$child]!=0) { - if (($isteacher || $allowmsg) && $ownerid[$child]!=0) { - echo ""; - } - echo Sanitize::encodeStringForDisplay($poster[$child]); // This is the user's first and last name. - if (($isteacher || $allowmsg) && $ownerid[$child]!=0) { - echo ""; - } - if ($isteacher && $ownerid[$child]!=0 && $ownerid[$child]!=$userid) { - echo " [GB]"; - if ($base==0 && preg_match('/Question\s+about\s+#(\d+)\s+in\s+(.*)\s*$/',$subject[$child],$matches)) { - //DB $query = "SELECT ias.id FROM imas_assessment_sessions AS ias JOIN imas_assessments AS ia ON ia.id=ias.assessmentid "; - //DB $aname = addslashes($matches[2]); - //DB $query .= "WHERE ia.courseid='$cid' AND ia.name='$aname' AND ias.userid=".intval($ownerid[$child]); - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $r = mysql_fetch_row($result); - $query = "SELECT ias.id FROM imas_assessment_sessions AS ias JOIN imas_assessments AS ia ON ia.id=ias.assessmentid "; - $query .= "WHERE ia.courseid=:courseid AND (ia.name=:name OR ia.name=:name2) AND ias.userid=:ownerid"; - $stm = $DBH->prepare($query); - $stm->execute(array(':courseid'=>$cid, ':name'=>$matches[2], ':name2'=>htmlentities($matches[2]), ':ownerid'=>intval($ownerid[$child]))); - if ($stm->rowCount()>0) { - $qn = $matches[1]; - $r = $stm->fetch(PDO::FETCH_NUM); - echo " [assignment]"; - } - } - } - echo ', '; - echo tzdate("D, M j, Y, g:i a",$date[$child]); - - if ($date[$child]>$lastview) { - echo " New\n"; - } - echo '        '; - - if ($allowlikes) { - $icon = (in_array($child,$mylikes))?'liked':'likedgray'; - $likemsg = 'Liked by '; - $likecnt = 0; - $likeclass = ''; - if ($likes[$child][0]>0) { - $likeclass = ' liked'; - $likemsg .= $likes[$child][0].' ' . ($likes[$child][0]==1?'student':'students'); - $likecnt += $likes[$child][0]; - } - if ($likes[$child][1]>0 || $likes[$child][2]>0) { - $likeclass = ' likedt'; - $n = $likes[$child][1] + $likes[$child][2]; - if ($likes[$child][0]>0) { $likemsg .= ' and ';} - $likemsg .= $n.' '; - if ($likes[$child][2]>0) { - $likemsg .= ($n==1?'teacher':'teachers'); - if ($likes[$child][1]>0) { - $likemsg .= '/tutors/TAs'; - } - } else if ($likes[$child][1]>0) { - $likemsg .= ($n==1?'tutor/TA':'tutors/TAs'); - } - $likecnt += $n; - } - if ($likemsg=='Liked by ') { - $likemsg = ''; - } else { - $likemsg .= '.'; - } - if ($icon=='liked') { - $likemsg = 'You like this. '.$likemsg; - } else { - $likemsg = 'Click to like this post. '.$likemsg;; - } - - echo '
        '; - echo "\"Like\""; - echo " ".($likecnt>0?$likecnt:'').' '; - echo '
        '; - } - echo '
        '; - echo "
        \n"; - if ($view==2) { - echo "
        "; - } else { - echo "
        "; - } - if(isset($files[$child]) && $files[$child]!='') { - $fl = explode('@@',$files[$child]); - if (count($fl)>2) { - echo '

        Files: ';//

        ';} - echo '

        '; - } - echo filter($message[$child]); - if ($haspoints) { - if ($caneditscore && $ownerid[$child]!=$userid) { - echo '
        '; - echo "Score: "; - if ($rubric != 0) { - echo printrubriclink($rubric,$pointsposs,"scorebox$child", "feedback$child"); - } - echo " Private Feedback: "; - if ($sessiondata['useed']==0) { - echo ""; - } else { - echo '
        '; - if ($feedback[$child]!==null) { - echo Sanitize::outgoingHtml($feedback[$child]); - } - echo '
        '; - } - } else if (($ownerid[$child]==$userid || $canviewscore) && $points[$child]!==null) { - echo ''; - } - } - - - echo "
        \n"; - echo '
        '; - if (isset($children[$child])) { //if has children - printchildren($child, ($posttype[$child]==3 && !$isteacher)); - } - echo "
        \n"; - //} - } -} -if ($caneditscore && $haspoints) { - echo ""; -} -printchildren(0); -if ($caneditscore && $haspoints) { - echo '
        '; - if ($prevth!='' && $page!=-3) { - echo ''; - echo ''; - } - if ($nextth!='' && $page!=-3) { - echo ''; - echo ''; - } - echo ""; -} -echo "\"Expand\""; -echo "\"Collapse\""; - -} -if (empty($_GET['embed'])) { - echo "
        Back to Forum Topics
        \n"; -} else { - echo '
        '; -} -require("../footer.php"); +Home Page and enroll\n"; + require("../footer.php"); + exit; +} +if (isset($teacherid)) { + $isteacher = true; +} else { + $isteacher = false; +} + +$cid = Sanitize::courseId($_GET['cid']); +$forumid = Sanitize::onlyInt($_GET['forum']); +$threadid = Sanitize::onlyInt($_GET['thread']); +$page = Sanitize::onlyInt($_GET['page']); +if (!empty($_GET['embed'])) { + $flexwidth = true; + $nologo = true; +} + +//special "page"s +//-1 new posts from forum page +//-2 tagged posts from forum page +//-3 new posts from newthreads page +//-4 forum search +//-5 tagged posts page + +if ($page==-4) { + $redirecturl = $GLOBALS['basesiteurl'] . "/forums/forums.php?cid=$cid"; +} else if ($page==-3) { + $redirecturl = $GLOBALS['basesiteurl'] . "/forums/newthreads.php?cid=$cid"; +} else if ($page==-5) { + $redirecturl = $GLOBALS['basesiteurl'] . "/forums/flaggedthreads.php?cid=$cid"; +} else { + $redirecturl = $GLOBALS['basesiteurl'] . "/forums/thread.php?cid=$cid&forum=$forumid&page=$page"; +} +if (isset($_GET['markunread'])) { + $stm = $DBH->prepare("DELETE FROM imas_forum_views WHERE userid=:userid AND threadid=:threadid"); + $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid)); + header('Location: ' . $redirecturl . "&r=" . Sanitize::randomQueryStringParam()); + exit; +} +if (isset($_GET['marktagged'])) { + $stm = $DBH->prepare("UPDATE imas_forum_views SET tagged=1 WHERE userid=:userid AND threadid=:threadid"); + $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid)); + header('Location: ' . $redirecturl . "&r=" . Sanitize::randomQueryStringParam()); + exit; +} else if (isset($_GET['markuntagged'])) { + $stm = $DBH->prepare("UPDATE imas_forum_views SET tagged=0 WHERE userid=:userid AND threadid=:threadid"); + $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid)); + header('Location: ' . $redirecturl . "&r=" . Sanitize::randomQueryStringParam()); + exit; +} +$stm = $DBH->prepare("SELECT settings,replyby,defdisplay,name,points,groupsetid,postby,rubric,tutoredit,enddate,avail,allowlate FROM imas_forums WHERE id=:id"); +$stm->execute(array(':id'=>$forumid)); +list($forumsettings, $replyby, $defdisplay, $forumname, $pointsposs, $groupset, $postby, $rubric, $tutoredit, $enddate, $avail, $allowlate) = $stm->fetch(PDO::FETCH_NUM); +if (($postby>0 && $postby<2000000000) || ($replyby>0 && $replyby<2000000000)) { + $stm = $DBH->prepare("SELECT startdate,enddate,islatepass,waivereqscore,itemtype FROM imas_exceptions WHERE assessmentid=:assessmentid AND userid=:userid AND (itemtype='F' OR itemtype='P' OR itemtype='R')"); + $stm->execute(array(':assessmentid'=>$forumid, ':userid'=>$userid)); + if ($stm->rowCount()>0) { + $exception = $stm->fetch(PDO::FETCH_NUM); + } else { + $exception = null; + } + require_once("../includes/exceptionfuncs.php"); + if (isset($studentid) && !isset($sessiondata['stuview'])) { + $exceptionfuncs = new ExceptionFuncs($userid, $cid, true, $studentinfo['latepasses'], $latepasshrs); + } else { + $exceptionfuncs = new ExceptionFuncs($userid, $cid, false); + } + $infoline = array('replyby'=>$replyby, 'postby'=>$postby, 'enddate'=>$enddate, 'allowlate'=>$allowlate); + list($canundolatepassP, $canundolatepassR, $canundolatepass, $canuselatepassP, $canuselatepassR, $postby, $replyby, $enddate) = $exceptionfuncs->getCanUseLatePassForums($exception, $infoline); +} +if (isset($studentid) && ($avail==0 || ($avail==1 && time()>$enddate))) { + require("../header.php"); + echo '

        This forum is closed. Return to the course page

        '; + require("../footer.php"); + exit; +} + +$allowreply = ($isteacher || (time()<$replyby)); +$allowanon = (($forumsettings&1)==1); +$allowmod = ($isteacher || (($forumsettings&2)==2)); +$allowdel = ($isteacher || (($forumsettings&4)==4)); +$allowlikes = (($forumsettings&8)==8); +$postbeforeview = (($forumsettings&16)==16); +$haspoints = ($pointsposs > 0); +$groupid = 0; + +$canviewall = (isset($teacherid) || isset($tutorid)); +$caneditscore = (isset($teacherid) || (isset($tutorid) && $tutoredit==1)); +$canviewscore = (isset($teacherid) || (isset($tutorid) && $tutoredit<2)); + +if ($groupset>0) { + if (!isset($_GET['grp'])) { + if (!$canviewall) { + $query = 'SELECT i_sg.id FROM imas_stugroups AS i_sg JOIN imas_stugroupmembers as i_sgm ON i_sgm.stugroupid=i_sg.id '; + $query .= "WHERE i_sgm.userid=:userid AND i_sg.groupsetid=:groupsetid"; + $stm = $DBH->prepare($query); + $stm->execute(array(':userid'=>$userid, ':groupsetid'=>$groupset)); + if ($stm->rowCount()>0) { + $groupid = $stm->fetchColumn(0); + } else { + $groupid=0; + } + } else { + $groupid = -1; + } + } else { + if (!$canviewall) { + $groupid = intval($_GET['grp']); + $stm = $DBH->prepare("SELECT id FROM imas_stugroupmembers WHERE stugroupid=:stugroupid AND userid=:userid"); + $stm->execute(array(':stugroupid'=>$groupid, ':userid'=>$userid)); + if ($stm->rowCount()==0) { + echo 'Invalid group - try again'; + exit; + } + } else { + $groupid = intval($_GET['grp']); + } + } +} +$placeinhead = ''; +if ($haspoints && $caneditscore && $rubric != 0) { + $placeinhead .= ''; + require("../includes/rubric.php"); +} + + +if (isset($_GET['view'])) { + $view = $_GET['view']; +} else { + $view = $defdisplay; //0: expanded, 1: collapsed, 2: condensed +} + +$caller = "posts"; +include("posthandler.php"); + +$pagetitle = "Posts"; +$placeinhead .= ''; +$placeinhead .= ''; +//$placeinhead = "\n"; +if ($caneditscore && $sessiondata['useed']!=0) { + $useeditor = "noinit"; + $placeinhead .= ''; +} +require("../header.php"); + +if ($haspoints && $caneditscore && $rubric != 0) { + $stm = $DBH->prepare("SELECT id,rubrictype,rubric FROM imas_rubrics WHERE id=:id"); + $stm->execute(array(':id'=>$rubric)); + if ($stm->rowCount()>0) { + $row = $stm->fetch(PDO::FETCH_NUM); + // $row data is sanitized by printrubrics(). + echo printrubrics(array($row)); + } +} + +$allowmsg = false; +if (!$canviewall) { + $stm = $DBH->prepare("SELECT msgset FROM imas_courses WHERE id=:id"); + $stm->execute(array(':id'=>$cid)); + if (($stm->fetchColumn(0)%5)==0) { + $allowmsg = true; + } +} +if ($postbeforeview && !$canviewall) { + $stm = $DBH->prepare("SELECT id FROM imas_forum_posts WHERE forumid=:forumid AND parent=0 AND userid=:userid LIMIT 1"); + $stm->execute(array(':forumid'=>$forumid, ':userid'=>$userid)); + $oktoshow = ($stm->rowCount()>0); + if (!$oktoshow) { + $stm = $DBH->prepare("SELECT posttype FROM imas_forum_posts WHERE id=:id"); + $stm->execute(array(':id'=>$threadid)); + $oktoshow = ($stm->fetchColumn(0)>0); + } +} else { + $oktoshow = true; +} + +if ($oktoshow) { + if ($haspoints) { + $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg,imas_grades.score,imas_grades.feedback,imas_students.section FROM "; + $query .= "imas_forum_posts JOIN imas_users ON imas_forum_posts.userid=imas_users.id "; + $query .= "LEFT JOIN imas_students ON imas_students.userid=imas_forum_posts.userid AND imas_students.courseid=:courseid "; + $query .= "LEFT JOIN imas_grades ON imas_grades.gradetype='forum' AND imas_grades.refid=imas_forum_posts.id "; + $query .= "WHERE (imas_forum_posts.id=:id OR imas_forum_posts.threadid=:threadid) ORDER BY imas_forum_posts.id"; + } else { + $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg,imas_students.section FROM "; + $query .= "imas_forum_posts JOIN imas_users ON imas_forum_posts.userid=imas_users.id "; + $query .= "LEFT JOIN imas_students ON imas_students.userid=imas_forum_posts.userid AND imas_students.courseid=:courseid "; + $query .= "WHERE (imas_forum_posts.id=:id OR imas_forum_posts.threadid=:threadid) ORDER BY imas_forum_posts.id"; + //$query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg from imas_forum_posts,imas_users "; + //$query .= "WHERE imas_forum_posts.userid=imas_users.id AND (imas_forum_posts.id='$threadid' OR imas_forum_posts.threadid='$threadid') ORDER BY imas_forum_posts.id"; + } + $stm = $DBH->prepare($query); + $stm->execute(array(':courseid'=>$cid, ':id'=>$threadid, ':threadid'=>$threadid)); + // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); + $children = array(); $date = array(); $subject = array(); $re = array(); $message = array(); $posttype = array(); $likes = array(); $mylikes = array(); + $ownerid = array(); $files = array(); $points= array(); $feedback= array(); $poster= array(); $email= array(); $hasuserimg = array(); $section = array(); + while ($line = $stm->fetch(PDO::FETCH_ASSOC)) { + if ($line['parent']==0) { + if ($line['replyby']!=null) { + $allowreply = ($canviewall || (time()<$line['replyby'])); + } + } + + if ($line['id']==$threadid) { + $newviews = $line['views']+1; + } + $children[$line['parent']][] = $line['id']; + $date[$line['id']] = $line['postdate']; + $n = 0; + while (strpos($line['subject'],'Re: ')===0) { + $line['subject'] = substr($line['subject'],4); + $n++; + } + if ($n==1) { + $re[$line['id']] = _('Re').': '; + } else if ($n>1) { + $re[$line['id']] = _('Re')."$n: "; + } else { + $re[$line['id']] = ''; + } + + $subject[$line['id']] = $line['subject']; + if ($sessiondata['graphdisp']==0) { + $line['message'] = preg_replace('/]*alt="([^"]*)"[^>]*>/',"[$1]", $line['message']); + } + $message[$line['id']] = $line['message']; + $posttype[$line['id']] = $line['posttype']; + $ownerid[$line['id']] = $line['userid']; + $hasuserimg[$line['id']] = $line['hasuserimg']; + + if ($line['files']!='') { + $files[$line['id']] = $line['files']; + } + if ($haspoints && $line['score']!==null) { + $points[$line['id']] = 1*$line['score']; + $feedback[$line['id']] = $line['feedback']; + } else { + $points[$line['id']] = $line['score']; + $feedback[$line['id']] = null; + } + if ($line['isanon']==1) { + $poster[$line['id']] = "Anonymous"; + $ownerid[$line['id']] = 0; + } else { + $poster[$line['id']] = $line['FirstName'] . ' ' . $line['LastName']; + $section[$line['id']] = $line['section']; + $email[$line['id']] = $line['email']; + } + $likes[$line['id']] = array(0,0,0); + + } + + if ($allowlikes) { + //get likes + $query = "SELECT postid,type,count(*) FROM imas_forum_likes WHERE threadid=:threadid "; + $query .= "GROUP BY postid,type"; + $stm = $DBH->prepare($query); + $stm->execute(array(':threadid'=>$threadid)); + while ($row = $stm->fetch(PDO::FETCH_NUM)) { + $likes[$row[0]][$row[1]] = $row[2]; + } + $stm = $DBH->prepare("SELECT postid FROM imas_forum_likes WHERE threadid=:threadid AND userid=:userid"); + $stm->execute(array(':threadid'=>$threadid, ':userid'=>$userid)); + while ($row = $stm->fetch(PDO::FETCH_NUM)) { + $mylikes[] = $row[0]; + } + } + + if (count($files)>0) { + require_once('../includes/filehandler.php'); + } + //update view count + $stm = $DBH->prepare("UPDATE imas_forum_posts SET views=:views WHERE id=:id"); + $stm->execute(array(':views'=>$newviews, ':id'=>$threadid)); + $stm = $DBH->prepare("UPDATE imas_forum_threads SET views=views+1 WHERE id=:id"); + $stm->execute(array(':id'=>$threadid)); + + //mark as read + $stm = $DBH->prepare("SELECT lastview,tagged FROM imas_forum_views WHERE userid=:userid AND threadid=:threadid"); + $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid)); + $now = time(); + if ($stm->rowCount()>0) { + list($lastview, $tagged) = $stm->fetch(PDO::FETCH_NUM); + $stm = $DBH->prepare("UPDATE imas_forum_views SET lastview=:lastview WHERE userid=:userid AND threadid=:threadid"); + $stm->execute(array(':lastview'=>$now, ':userid'=>$userid, ':threadid'=>$threadid)); + } else { + $lastview = 0; + $tagged = 0; + $stm = $DBH->prepare("INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES (:userid, :threadid, :lastview)"); + $stm->execute(array(':userid'=>$userid, ':threadid'=>$threadid, ':lastview'=>$now)); + } +} +if (empty($_GET['embed'])) { + echo "
        $breadcrumbbase ".Sanitize::encodeStringForDisplay($coursename)." > "; + if ($page==-4) { + echo "Forum Search "; + } else if ($page==-3) { + echo "New Threads "; + } else if ($page==-5) { + echo "Flagged Threads "; + } else { + echo "".Sanitize::encodeStringForDisplay($forumname)." "; + } + echo "> Posts
        \n"; +} + +if (!$oktoshow) { + echo '

        This post is blocked. In this forum, you must post your own thread before you can read those posted by others.

        '; +} else { + echo '

        Forum: '.Sanitize::encodeStringForDisplay($forumname).'

        '; + echo ""._('Post').': '. $re[$threadid] . Sanitize::encodeStringForDisplay($subject[$threadid]) . "
        \n"; + $query = "SELECT id FROM imas_forum_threads WHERE forumid=:forumid AND id<:threadid AND lastposttime<:now "; + $array = array(':forumid'=>$forumid, ':threadid'=>$threadid, ':now'=>$now); + if ($groupset>0 && $groupid!=-1) { + $query .= "AND (stugroupid=:stugroupid OR stugroupid=0) "; + $array[':stugroupid']=$groupid; + } + $query .= "ORDER BY id DESC LIMIT 1"; + //$query = "SELECT id FROM imas_forum_posts WHERE forumid='$forumid' AND threadid<'$threadid' AND parent=0 ORDER BY threadid DESC LIMIT 1"; + $stm = $DBH->prepare($query); + $stm->execute($array); + // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); + $prevth = ''; + if ($stm->rowCount()>0) { + $prevth = $stm->fetchColumn(0); + echo "Prev "; + } else { + echo "Prev "; + } + $query ="SELECT id FROM imas_forum_threads WHERE forumid=:forumid AND id>:threadid AND lastposttime<:now "; + $array = array(':forumid'=>$forumid, ':threadid'=>$threadid, ':now'=>$now); + if ($groupset>0 && $groupid!=-1) { + $query .= "AND (stugroupid=:stugroupid OR stugroupid=0) "; + $array[':stugroupid']=$groupid; + } + $query .= "ORDER BY id LIMIT 1"; + $stm = $DBH->prepare($query); + $stm->execute($array); + //$query = "SELECT id FROM imas_forum_posts WHERE forumid='$forumid' AND threadid>'$threadid' AND parent=0 ORDER BY threadid LIMIT 1"; + // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); + $nextth = ''; + if ($stm->rowCount()>0) { + $nextth = $stm->fetchColumn(0); + echo "Next"; + } else { + echo "Next"; + } + echo " | Mark Unread"; + if ($tagged) { + echo "| \"Flagged\" "; + } else { + echo "| \"Not "; + } + + echo '| '; + echo ' | '; + echo ''; + echo ''; + + + /*if ($view==2) { + echo "View Expanded"; +} else { +echo "View Condensed"; +}*/ + +function printchildren($base,$restricttoowner=false) { + $curdir = rtrim(dirname(__FILE__), '/\\'); + global $DBH,$children,$date,$subject,$re,$message,$poster,$email,$forumid,$threadid,$isteacher,$cid,$userid,$ownerid,$points; + global $feedback,$posttype,$lastview,$myrights,$allowreply,$allowmod,$allowdel,$allowlikes,$view,$page,$allowmsg; + global $haspoints,$imasroot,$postby,$replyby,$files,$CFG,$rubric,$pointsposs,$hasuserimg,$urlmode,$likes,$mylikes,$section; + global $canviewall, $caneditscore, $canviewscore, $sessiondata; + if (!isset($CFG['CPS']['itemicons'])) { + $itemicons = array('web'=>'web.png', 'doc'=>'doc.png', 'wiki'=>'wiki.png', + 'html'=>'html.png', 'forum'=>'forum.png', 'pdf'=>'pdf.png', + 'ppt'=>'ppt.png', 'zip'=>'zip.png', 'png'=>'image.png', 'xls'=>'xls.png', + 'gif'=>'image.png', 'jpg'=>'image.png', 'bmp'=>'image.png', + 'mp3'=>'sound.png', 'wav'=>'sound.png', 'wma'=>'sound.png', + 'swf'=>'video.png', 'avi'=>'video.png', 'mpg'=>'video.png', + 'nb'=>'mathnb.png', 'mws'=>'maple.png', 'mw'=>'maple.png'); + } else { + $itemicons = $CFG['CPS']['itemicons']; + } + foreach($children[$base] as $child) { + if ($restricttoowner && $ownerid[$child] != $userid) { + continue; + } + echo "
        "; + echo ''; + if (isset($children[$child])) { + if ($view==1) { + $lbl = '+'; + $img = "expand"; + } else { + $lbl = '-'; + $img = "collapse"; + } + echo "\"Expand/Collapse\"/ "; + } + if ($hasuserimg[$child]==1) { + if(isset($GLOBALS['CFG']['GEN']['AWSforcoursefiles']) && $GLOBALS['CFG']['GEN']['AWSforcoursefiles'] == true) { + echo "\"User"; + } else { + echo "\"User"; + } + } + echo ''; + echo ""; + + if ($view==2) { + echo "\n"; + } else { + echo "\n"; + } + if ($posttype[$child]!=2 && $myrights > 5 && $allowreply) { + $embedstr = isset($_GET['embed'])?'&embed=true':''; + echo "Reply "; + } + if ($isteacher || ($ownerid[$child]==$userid && $allowmod && (($base==0 && time()<$postby) || ($base>0 && time()<$replyby))) || ($allowdel && $ownerid[$child]==$userid && !isset($children[$child]))) { + echo ''; + echo ''; + echo ''; + } + + echo "\n"; + echo ''; + echo "".$re[$child]. Sanitize::encodeStringForDisplay($subject[$child]) . "
        "._('Posted by').": "; + //if ($isteacher && $ownerid[$child]!=0) { + // echo ""; + //} else if ($allowmsg && $ownerid[$child]!=0) { + if (($isteacher || $allowmsg) && $ownerid[$child]!=0) { + echo ""; + } + echo Sanitize::encodeStringForDisplay($poster[$child]); // This is the user's first and last name. + if (($isteacher || $allowmsg) && $ownerid[$child]!=0) { + echo ""; + } + if ($isteacher && $ownerid[$child]!=0 && $ownerid[$child]!=$userid) { + echo " [GB]"; + if ($base==0 && preg_match('/Question\s+about\s+#(\d+)\s+in\s+(.*)\s*$/',$subject[$child],$matches)) { + $query = "SELECT ias.id FROM imas_assessment_sessions AS ias JOIN imas_assessments AS ia ON ia.id=ias.assessmentid "; + $query .= "WHERE ia.courseid=:courseid AND (ia.name=:name OR ia.name=:name2) AND ias.userid=:ownerid"; + $stm = $DBH->prepare($query); + $stm->execute(array(':courseid'=>$cid, ':name'=>$matches[2], ':name2'=>htmlentities($matches[2]), ':ownerid'=>intval($ownerid[$child]))); + if ($stm->rowCount()>0) { + $qn = $matches[1]; + $r = $stm->fetch(PDO::FETCH_NUM); + echo " [assignment]"; + } + } + } + echo ', '; + echo tzdate("D, M j, Y, g:i a",$date[$child]); + + if ($date[$child]>$lastview) { + echo " New\n"; + } + echo '        '; + + if ($allowlikes) { + $icon = (in_array($child,$mylikes))?'liked':'likedgray'; + $likemsg = 'Liked by '; + $likecnt = 0; + $likeclass = ''; + if ($likes[$child][0]>0) { + $likeclass = ' liked'; + $likemsg .= $likes[$child][0].' ' . ($likes[$child][0]==1?'student':'students'); + $likecnt += $likes[$child][0]; + } + if ($likes[$child][1]>0 || $likes[$child][2]>0) { + $likeclass = ' likedt'; + $n = $likes[$child][1] + $likes[$child][2]; + if ($likes[$child][0]>0) { $likemsg .= ' and ';} + $likemsg .= $n.' '; + if ($likes[$child][2]>0) { + $likemsg .= ($n==1?'teacher':'teachers'); + if ($likes[$child][1]>0) { + $likemsg .= '/tutors/TAs'; + } + } else if ($likes[$child][1]>0) { + $likemsg .= ($n==1?'tutor/TA':'tutors/TAs'); + } + $likecnt += $n; + } + if ($likemsg=='Liked by ') { + $likemsg = ''; + } else { + $likemsg .= '.'; + } + if ($icon=='liked') { + $likemsg = 'You like this. '.$likemsg; + } else { + $likemsg = 'Click to like this post. '.$likemsg;; + } + + echo '
        '; + echo "\"Like\""; + echo " ".($likecnt>0?$likecnt:'').' '; + echo '
        '; + } + echo '
        '; + echo "
        \n"; + if ($view==2) { + echo "
        "; + } else { + echo "
        "; + } + if(isset($files[$child]) && $files[$child]!='') { + $fl = explode('@@',$files[$child]); + if (count($fl)>2) { + echo '

        Files: ';//

        ';} + echo '

        '; + } + echo filter($message[$child]); + if ($haspoints) { + if ($caneditscore && $ownerid[$child]!=$userid) { + echo '
        '; + echo "Score: "; + if ($rubric != 0) { + echo printrubriclink($rubric,$pointsposs,"scorebox$child", "feedback$child"); + } + echo " Private Feedback: "; + if ($sessiondata['useed']==0) { + echo ""; + } else { + echo '
        '; + if ($feedback[$child]!==null) { + echo Sanitize::outgoingHtml($feedback[$child]); + } + echo '
        '; + } + } else if (($ownerid[$child]==$userid || $canviewscore) && $points[$child]!==null) { + echo ''; + } + } + + + echo "
        \n"; + echo '
        '; + if (isset($children[$child])) { //if has children + printchildren($child, ($posttype[$child]==3 && !$isteacher)); + } + echo "
        \n"; + //} + } +} +if ($caneditscore && $haspoints) { + echo "
        "; +} +printchildren(0); +if ($caneditscore && $haspoints) { + echo '
        '; + if ($prevth!='' && $page!=-3) { + echo ''; + echo ''; + } + if ($nextth!='' && $page!=-3) { + echo ''; + echo ''; + } + echo ""; +} +echo "\"Expand\""; +echo "\"Collapse\""; + +} +if (empty($_GET['embed'])) { + echo "
        Back to Forum Topics
        \n"; +} else { + echo '
        '; +} +require("../footer.php"); ?> diff --git a/forums/postsbyname.php b/forums/postsbyname.php index 644be257c9..ddff2d16a7 100644 --- a/forums/postsbyname.php +++ b/forums/postsbyname.php @@ -21,36 +21,22 @@ $cid = Sanitize::courseId($_GET['cid']); if (isset($_GET['markallread'])) { - //DB $query = "SELECT DISTINCT threadid FROM imas_forum_posts WHERE forumid='$forumid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("SELECT DISTINCT threadid FROM imas_forum_posts WHERE forumid=:forumid"); $stm->execute(array(':forumid'=>$forumid)); $now = time(); - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { - //DB $query = "SELECT id FROM imas_forum_views WHERE userid='$userid' AND threadid='{$row[0]}'"; - //DB $r2 = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($r2)>0) { - //DB $r2id = mysql_result($r2,0,0); $stm2 = $DBH->prepare("SELECT id FROM imas_forum_views WHERE userid=:userid AND threadid=:threadid"); $stm2->execute(array(':userid'=>$userid, ':threadid'=>$row[0])); if ($stm2->rowCount()>0) { $r2id = $stm2->fetchColumn(0); - //DB $query = "UPDATE imas_forum_views SET lastview=$now WHERE id='$r2id'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm2 = $DBH->prepare("UPDATE imas_forum_views SET lastview=:lastview WHERE id=:id"); $stm2->execute(array(':lastview'=>$now, ':id'=>$r2id)); } else{ - //DB $query = "INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES ('$userid','{$row[0]}',$now)"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm2 = $DBH->prepare("INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES (:userid, :threadid, :lastview)"); $stm2->execute(array(':userid'=>$userid, ':threadid'=>$row[0], ':lastview'=>$now)); } } } - //DB $query = "SELECT settings,replyby,defdisplay,name,points,rubric,tutoredit, groupsetid FROM imas_forums WHERE id='$forumid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB list($forumsettings, $replyby, $defdisplay, $forumname, $pointspos, $rubric, $tutoredit, $groupsetid) = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT settings,replyby,defdisplay,name,points,rubric,tutoredit, groupsetid FROM imas_forums WHERE id=:id"); $stm->execute(array(':id'=>$forumid)); list($forumsettings, $replyby, $defdisplay, $forumname, $pointspos, $rubric, $tutoredit, $groupsetid) = $stm->fetch(PDO::FETCH_NUM); @@ -84,9 +70,6 @@ echo "

        Posts by Name - ".Sanitize::encodeStringForDisplay($forumname)."

        \n"; echo '
        '; if (!$canviewall && $postbeforeview) { - //DB $query = "SELECT id FROM imas_forum_posts WHERE forumid='$forumid' AND parent=0 AND userid='$userid' LIMIT 1"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)==0) { $stm = $DBH->prepare("SELECT id FROM imas_forum_posts WHERE forumid=:forumid AND parent=0 AND userid=:userid LIMIT 1"); $stm->execute(array(':forumid'=>$forumid, ':userid'=>$userid)); if ($stm->rowCount()==0) { @@ -211,10 +194,6 @@ function GBdoReply(threadid,postid) { 0) { - //DB $row = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT id,rubrictype,rubric FROM imas_rubrics WHERE id=:id"); $stm->execute(array(':id'=>$rubric)); if ($stm->rowCount()>0) { @@ -227,9 +206,6 @@ function GBdoReply(threadid,postid) { $scores = array(); $feedback = array(); if ($haspoints) { - //DB $query = "SELECT refid,score,feedback FROM imas_grades WHERE gradetype='forum' AND gradetypeid='$forumid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT refid,score,feedback FROM imas_grades WHERE gradetype='forum' AND gradetypeid=:gradetypeid"); $stm->execute(array(':gradetypeid'=>$forumid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { @@ -239,11 +215,6 @@ function GBdoReply(threadid,postid) { } $dofilter = false; if (!$canviewall && $groupsetid>0) { - //DB $query = 'SELECT i_sg.id FROM imas_stugroups AS i_sg JOIN imas_stugroupmembers as i_sgm ON i_sgm.stugroupid=i_sg.id '; - //DB $query .= "WHERE i_sgm.userid='$userid' AND i_sg.groupsetid='$groupsetid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $groupid = mysql_result($result,0,0); $query = 'SELECT i_sg.id FROM imas_stugroups AS i_sg JOIN imas_stugroupmembers as i_sgm ON i_sgm.stugroupid=i_sg.id '; $query .= "WHERE i_sgm.userid=:userid AND i_sg.groupsetid=:groupsetid"; $stm = $DBH->prepare($query); @@ -264,10 +235,6 @@ function GBdoReply(threadid,postid) { $blockreplythreads[] = $row[0]; } } - - //DB $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg,ifv.lastview from imas_forum_posts JOIN imas_users "; - //DB $query .= "ON imas_forum_posts.userid=imas_users.id LEFT JOIN (SELECT DISTINCT threadid,lastview FROM imas_forum_views WHERE userid='$userid') AS ifv ON "; - //DB $query .= "ifv.threadid=imas_forum_posts.threadid WHERE imas_forum_posts.forumid='$forumid' AND imas_forum_posts.isanon=0 "; $query = "SELECT imas_forum_posts.*,imas_users.FirstName,imas_users.LastName,imas_users.email,imas_users.hasuserimg,ifv.lastview FROM imas_forum_posts JOIN "; $query .= "imas_forum_threads AS ift ON ift.id=imas_forum_posts.threadid AND ift.lastposttime<:now JOIN imas_users "; $query .= "ON imas_forum_posts.userid=imas_users.id LEFT JOIN (SELECT DISTINCT threadid,lastview FROM imas_forum_views WHERE userid=:userid) AS ifv ON "; @@ -308,7 +275,6 @@ function printuserposts($name, $uid, $content, $postcnt, $replycnt) { echo '
        '.$content.'
        '; } $content = ''; $postcnt = 0; $replycnt = 0; $lastname = ''; - //DB while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { while ($line = $stm->fetch(PDO::FETCH_ASSOC)) { if ($line['userid']!=$laststu) { if ($laststu!=-1) { diff --git a/forums/recordlikes.php b/forums/recordlikes.php index 1cac2b5136..a8b0286e13 100644 --- a/forums/recordlikes.php +++ b/forums/recordlikes.php @@ -20,33 +20,19 @@ $like = intval($_GET['like']); if ($like==0) { - //DB $query = "DELETE FROM imas_forum_likes WHERE postid=$postid AND userid='$userid'"; - //DB $result = mysql_query($query); - //DB $aff = mysql_affected_rows(); $stm = $DBH->prepare("DELETE FROM imas_forum_likes WHERE postid=:postid AND userid=:userid"); $stm->execute(array(':postid'=>$postid, ':userid'=>$userid)); $aff = $stm->rowCount(); } else { - //DB $query = "SELECT id FROM imas_forum_likes WHERE postid=$postid AND userid='$userid'"; - //DB $result = mysql_query($query); - //DB if (mysql_num_rows($result)>0) { $stm = $DBH->prepare("SELECT id FROM imas_forum_likes WHERE postid=:postid AND userid=:userid"); $stm->execute(array(':postid'=>$postid, ':userid'=>$userid)); if ($stm->rowCount()>0) { $aff = 0; } else { - //DB $query = "SELECT threadid FROM imas_forum_posts WHERE id=$postid"; - //DB $result = mysql_query($query); - //DB if (mysql_num_rows($result)==0) {echo "fail";exit;} - //DB $threadid = mysql_result($result,0,0); $stm = $DBH->prepare("SELECT threadid FROM imas_forum_posts WHERE id=:id"); $stm->execute(array(':id'=>$postid)); if ($stm->rowCount()==0) {echo "fail";exit;} $threadid = $stm->fetchColumn(0); - - //DB $query = "INSERT INTO imas_forum_likes (userid,threadid,postid,type) VALUES "; - //DB $query .= "('$userid',$threadid,$postid,$isteacher)"; - //DB mysql_query($query); $query = "INSERT INTO imas_forum_likes (userid,threadid,postid,type) VALUES "; $query .= "(:userid, :threadid, :postid, :type)"; $stm = $DBH->prepare($query); @@ -56,10 +42,6 @@ } $likes = array(0,0,0); -//DB $query = "SELECT type,count(*) FROM imas_forum_likes WHERE postid='$postid'"; -//DB $query .= "GROUP BY type"; -//DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); -//DB while ($row = mysql_fetch_row($result)) { $stm = $DBH->prepare("SELECT type,count(*) FROM imas_forum_likes WHERE postid=:postid GROUP BY type"); $stm->execute(array(':postid'=>$postid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { diff --git a/forums/savetagged.php b/forums/savetagged.php index 459fcdaa3c..73ec82f404 100644 --- a/forums/savetagged.php +++ b/forums/savetagged.php @@ -9,10 +9,6 @@ } $ischanged = false; - -//DB $query = "UPDATE imas_forum_views SET tagged='{$_GET['tagged']}' WHERE userid='$userid' AND threadid='{$_GET['threadid']}'"; -//DB mysql_query($query) or die("Query failed : $query " . mysql_error()); -//DB if (mysql_affected_rows()>0) { $stm = $DBH->prepare("UPDATE imas_forum_views SET tagged=:tagged WHERE userid=:userid AND threadid=:threadid"); $stm->execute(array(':tagged'=>$_GET['tagged'], ':userid'=>$userid, ':threadid'=>$_GET['threadid'])); if ($stm->rowCount()>0) { @@ -20,10 +16,6 @@ $ischanged = true; } if (!$ischanged) { - //DB $query = "INSERT INTO imas_forum_views (userid,threadid,lastview,tagged) "; - //DB $query .= "VALUES ('$userid','{$_GET['threadid']}',0,'{$_GET['tagged']}')"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_affected_rows()>0) { $query = "INSERT INTO imas_forum_views (userid,threadid,lastview,tagged) "; $query .= "VALUES (:userid, :threadid, :lastview, :tagged)"; $stm = $DBH->prepare($query); diff --git a/forums/thread.php b/forums/thread.php index d40d5958f2..eedb5c8c4b 100644 --- a/forums/thread.php +++ b/forums/thread.php @@ -27,9 +27,6 @@ if (($isteacher || isset($tutorid)) && isset($_POST['score'])) { if (isset($tutorid)) { - //DB $query = "SELECT tutoredit FROM imas_forums WHERE id='$forumid'"; - //DB $res = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $row = mysql_fetch_row($res); $stm = $DBH->prepare("SELECT tutoredit FROM imas_forums WHERE id=:id"); $stm->execute(array(':id'=>$forumid)); $row = $stm->fetch(PDO::FETCH_NUM); @@ -39,21 +36,13 @@ } } $existingscores = array(); - //DB $query = "SELECT refid,id FROM imas_grades WHERE gradetype='forum' AND gradetypeid='$forumid'"; - //DB $res = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($res)) { - //DB $existingscores[$row[0]] = $row[1]; $stm = $DBH->prepare("SELECT refid,id FROM imas_grades WHERE gradetype='forum' AND gradetypeid=:gradetypeid"); $stm->execute(array(':gradetypeid'=>$forumid)); while ($row = $stm->fetch(PDO::FETCH_NUM)) { $existingscores[$row[0]] = $row[1]; } $postuserids = array(); - //DB $refids = "'".implode("','",array_keys($_POST['score']))."'"; $refids = implode(',', array_map('intval', array_keys($_POST['score']))); - //DB $query = "SELECT id,userid FROM imas_forum_posts WHERE id IN ($refids)"; - //DB $res = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($res)) { $stm = $DBH->query("SELECT id,userid FROM imas_forum_posts WHERE id IN ($refids)"); while ($row = $stm->fetch(PDO::FETCH_NUM)) { $postuserids[$row[0]] = $row[1]; @@ -66,22 +55,16 @@ } if (is_numeric($v)) { if (isset($existingscores[$k])) { - //DB $query = "UPDATE imas_grades SET score='$v',feedback='$feedback' WHERE id='{$existingscores[$k]}'"; $stm = $DBH->prepare("UPDATE imas_grades SET score=:score,feedback=:feedback WHERE id=:id"); $stm->execute(array(':score'=>$v, ':feedback'=>$feedback, ':id'=>$existingscores[$k])); } else { - //DB $query = "INSERT INTO imas_grades (gradetype,gradetypeid,userid,refid,score,feedback) VALUES "; - //DB $query .= "('forum','$forumid','{$postuserids[$k]}','$k','$v','$feedback')"; $query = "INSERT INTO imas_grades (gradetype,gradetypeid,userid,refid,score,feedback) VALUES "; $query .= "(:gradetype, :gradetypeid, :userid, :refid, :score, :feedback)"; $stm = $DBH->prepare($query); $stm->execute(array(':gradetype'=>'forum', ':gradetypeid'=>$forumid, ':userid'=>$postuserids[$k], ':refid'=>$k, ':score'=>$v, ':feedback'=>$feedback)); } - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); } else { if (isset($existingscores[$k])) { - //DB $query = "DELETE FROM imas_grades WHERE id='{$existingscores[$k]}'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("DELETE FROM imas_grades WHERE id=:id"); $stm->execute(array(':id'=>$existingscores[$k])); } @@ -140,9 +123,6 @@ } exit; } -//DB $query = "SELECT name,postby,replyby,settings,groupsetid,sortby,taglist,enddate,avail,postinstr,replyinstr,allowlate FROM imas_forums WHERE id='$forumid'"; -//DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); -//DB list($forumname, $postby, $replyby, $forumsettings, $groupsetid, $sortby, $taglist, $enddate, $avail, $postinstr,$replyinstr, $allowlate) = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT name,postby,replyby,settings,groupsetid,sortby,taglist,enddate,avail,postinstr,replyinstr,allowlate FROM imas_forums WHERE id=:id"); $stm->execute(array(':id'=>$forumid)); list($forumname, $postby, $replyby, $forumsettings, $groupsetid, $sortby, $taglist, $enddate, $avail, $postinstr,$replyinstr, $allowlate) = $stm->fetch(PDO::FETCH_NUM); @@ -152,10 +132,6 @@ $exception = null; $latepasses = 0; require_once("../includes/exceptionfuncs.php"); if (isset($studentid) && !isset($sessiondata['stuview'])) { - //DB $query = "SELECT startdate,enddate,islatepass,waivereqscore,itemtype FROM imas_exceptions WHERE assessmentid='$forumid' AND userid='$userid' AND (itemtype='F' OR itemtype='P' OR itemtype='R')"; - //DB $result = mysql_query($query) or die("Query failed : $query" . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB $exception = mysql_fetch_row($result); $stm = $DBH->prepare("SELECT startdate,enddate,islatepass,waivereqscore,itemtype FROM imas_exceptions WHERE assessmentid=:assessmentid AND userid=:userid AND (itemtype='F' OR itemtype='P' OR itemtype='R')"); $stm->execute(array(':assessmentid'=>$forumid, ':userid'=>$userid)); if ($stm->rowCount()>0) { @@ -217,11 +193,6 @@ writesessiondata(); } if (!$isteacher) { - //DB $query = 'SELECT i_sg.id,i_sg.name FROM imas_stugroups AS i_sg JOIN imas_stugroupmembers as i_sgm ON i_sgm.stugroupid=i_sg.id '; - //DB $query .= "WHERE i_sgm.userid='$userid' AND i_sg.groupsetid='$groupsetid'"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB if (mysql_num_rows($result)>0) { - //DB list($groupid,$groupname) = mysql_fetch_row($result); $query = 'SELECT i_sg.id,i_sg.name FROM imas_stugroups AS i_sg JOIN imas_stugroupmembers as i_sgm ON i_sgm.stugroupid=i_sg.id '; $query .= "WHERE i_sgm.userid=:userid AND i_sg.groupsetid=:groupsetid"; $stm = $DBH->prepare($query); @@ -244,16 +215,12 @@ if ($dofilter) { $limthreads = array(); if ($isteacher || $groupid==0) { - //DB $query = "SELECT id FROM imas_forum_threads WHERE stugroupid='$groupid' AND forumid='$forumid'"; $stm = $DBH->prepare("SELECT id FROM imas_forum_threads WHERE stugroupid=:stugroupid AND forumid=:forumid AND lastposttime<:now"); $stm->execute(array(':stugroupid'=>$groupid, ':forumid'=>$forumid, ':now'=>$isteacher?2000000000:$now)); } else { - //DB $query = "SELECT id FROM imas_forum_threads WHERE (stugroupid=0 OR stugroupid='$groupid') AND forumid='$forumid'"; $stm = $DBH->prepare("SELECT id FROM imas_forum_threads WHERE (stugroupid=0 OR stugroupid=:stugroupid) AND forumid=:forumid AND lastposttime<:now"); $stm->execute(array(':stugroupid'=>$groupid, ':forumid'=>$forumid, ':now'=>$now)); } - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { // This will always be a row ID (an integer). No need to sanitize. $limthreads[] = $row[0]; @@ -278,16 +245,13 @@ $tagfilter = ''; } if ($tagfilter != '') { - //DB $query = "SELECT threadid FROM imas_forum_posts WHERE tag='".addslashes($tagfilter)."'"; $query = "SELECT threadid FROM imas_forum_posts WHERE tag=:tagfilter"; if ($dofilter) { $query .= " AND threadid IN ($limthreads)"; } $stm = $DBH->prepare($query); $stm->execute(array(':tagfilter'=>$tagfilter)); - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $limthreads = array(); - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $limthreads[] = $row[0]; } @@ -312,9 +276,6 @@ echo "

        Forum Search Results

        "; if (!isset($_GET['allforums']) && $postbeforeview && !$canviewall) { - //DB $query = "SELECT id FROM imas_forum_posts WHERE forumid='$forumid' AND parent=0 AND userid='$userid' LIMIT 1"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $oktoshow = (mysql_num_rows($result)>0); $stm = $DBH->prepare("SELECT id FROM imas_forum_posts WHERE forumid=:forumid AND parent=0 AND userid=:userid LIMIT 1"); $stm->execute(array(':forumid'=>$forumid, ':userid'=>$userid)); $oktoshow = ($stm->rowCount()>0); @@ -328,31 +289,20 @@ $safesearch = $_GET['search']; $safesearch = trim(str_replace(' and ', ' ',$safesearch)); $searchterms = explode(" ",$safesearch); - //DB $searchlikes = "(imas_forum_posts.message LIKE '%".implode("%' AND imas_forum_posts.message LIKE '%",$searchterms)."%')"; - //DB $searchlikes2 = "(imas_forum_posts.subject LIKE '%".implode("%' AND imas_forum_posts.subject LIKE '%",$searchterms)."%')"; - //DB $searchlikes3 = "(imas_users.LastName LIKE '%".implode("%' AND imas_users.LastName LIKE '%",$searchterms)."%')"; if (isset($_GET['allforums'])) { - //DB $query = "SELECT imas_forums.id,imas_forum_posts.threadid,imas_forum_posts.subject,imas_forum_posts.message,imas_users.FirstName,imas_users.LastName,imas_forum_posts.postdate,imas_forums.name,imas_forum_posts.isanon FROM imas_forum_posts,imas_forums,imas_users "; - //DB $query .= "WHERE imas_forum_posts.forumid=imas_forums.id "; $query = "SELECT imas_forums.id,imas_forum_posts.threadid,imas_forum_posts.subject,imas_forum_posts.message,imas_users.FirstName,imas_users.LastName,imas_forum_posts.postdate,imas_forums.name,imas_forum_posts.isanon FROM imas_forum_posts,imas_forums,imas_users "; $query .= "WHERE imas_forum_posts.forumid=imas_forums.id "; $array = array(); if (!$canviewall) { - //DB $query .= "AND (imas_forums.avail=2 OR (imas_forums.avail=1 AND imas_forums.startdate<$now AND imas_forums.enddate>$now)) AND (imas_forums.settings&16)=0 "; $query .= "AND (imas_forums.avail=2 OR (imas_forums.avail=1 AND imas_forums.startdate<$now AND imas_forums.enddate>$now)) AND (imas_forums.settings&16)=0 "; } $query .= "AND imas_users.id=imas_forum_posts.userid AND imas_forums.courseid=? "; $array[] = $cid; } else { - //DB $query = "SELECT imas_forum_posts.forumid,imas_forum_posts.threadid,imas_forum_posts.subject,imas_forum_posts.message,imas_users.FirstName,imas_users.LastName,imas_forum_posts.postdate "; - //DB $query .= "FROM imas_forum_posts,imas_users WHERE imas_forum_posts.forumid='$forumid' AND imas_users.id=imas_forum_posts.userid AND ($searchlikes OR $searchlikes2 OR $searchlikes3)"; $query = "SELECT imas_forum_posts.forumid,imas_forum_posts.threadid,imas_forum_posts.subject,imas_forum_posts.message,imas_users.FirstName,imas_users.LastName,imas_forum_posts.postdate "; $query .= "FROM imas_forum_posts,imas_users WHERE imas_forum_posts.forumid=? AND imas_users.id=imas_forum_posts.userid "; $array = array($forumid); } - //DB $query .= "AND imas_users.id=imas_forum_posts.userid AND imas_forums.courseid='$cid' AND ($searchlikes OR $searchlikes2 OR $searchlikes3)"; - //DB $query .= "AND imas_users.id=imas_forum_posts.userid AND imas_forums.courseid=:courseid AND (:searchlikes OR :searchlikes2 OR :searchlikes3)"; - //DB array_merge($array,[':courseid'=>$cid, ':searchlikes'=>$searchlikes, ':searchlikes2'=>$searchlikes2, ':searchlikes3'=>$searchlikes3]); $searchlikesarr = array(); foreach ($searchterms as $t) { $searchlikesarr[] = '(imas_forum_posts.message LIKE ? OR imas_forum_posts.subject LIKE ? OR imas_users.LastName LIKE ?)'; @@ -361,7 +311,6 @@ $searchlikes = implode(' AND ', $searchlikesarr); $query .= "AND ($searchlikes) "; if ($dofilter) { - //DB $query .= " AND imas_forum_posts.threadid IN ($limthreads)"; $query .= " AND imas_forum_posts.threadid IN ($limthreads)"; } @@ -370,7 +319,6 @@ $stm->execute($array); // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { echo "
        "; echo "".Sanitize::encodeStringForDisplay($row[2]).""; @@ -396,33 +344,22 @@ } if (isset($_GET['markallread'])) { - //DB $query = "SELECT DISTINCT threadid FROM imas_forum_posts WHERE forumid='$forumid'"; $query = "SELECT DISTINCT threadid FROM imas_forum_posts WHERE forumid=:forumid"; if ($dofilter) { - //DB $query .= " AND threadid IN ($limthreads)"; $query .= " AND threadid IN ($limthreads)"; } $stm= $DBH->prepare($query); $stm->execute(array(':forumid'=>$forumid)); // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $now = time(); - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { - //DB $query = "SELECT id FROM imas_forum_views WHERE userid='$userid' AND threadid='{$row[0]}'"; - //DB $r2 = mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm2 = $DBH->prepare("SELECT id FROM imas_forum_views WHERE userid=:userid AND threadid=:threadid"); $stm2->execute(array(':userid'=>$userid, ':threadid'=>$row[0])); - //DB if (mysql_num_rows($r2)>0) { if ($stm2->rowCount()>0) { - //DB $r2id = mysql_result($r2,0,0); - //DB $query = "UPDATE imas_forum_views SET lastview=$now WHERE id='$r2id'"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $r2id = $stm2->fetchColumn(0); $stm2 = $DBH->prepare("UPDATE imas_forum_views SET lastview=:lastview WHERE id=:id"); $stm2->execute(array(':lastview'=>$now, ':id'=>$r2id)); } else{ - //DB $query = "INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES ('$userid','{$row[0]}',$now)"; - //DB mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm2 = $DBH->prepare("INSERT INTO imas_forum_views (userid,threadid,lastview) VALUES (:userid, :threadid, :lastview)"); $stm2->execute(array(':userid'=>$userid, ':threadid'=>$row[0], ':lastview'=>$now)); } @@ -470,9 +407,6 @@ } echo '

        '; } - -//DB $query = "SELECT threadid,COUNT(id) AS postcount,MAX(postdate) AS maxdate FROM imas_forum_posts "; -//DB $query .= "WHERE forumid='$forumid' "; $query = "SELECT threadid,COUNT(id) AS postcount,MAX(postdate) AS maxdate FROM imas_forum_posts "; $query .= "WHERE forumid=:forumid "; if ($dofilter) { @@ -481,17 +415,12 @@ $query .= "GROUP BY threadid"; $stm = $DBH->prepare($query); $stm->execute(array(':forumid'=>$forumid)); -//DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $postcount = array(); $maxdate = array(); - -//DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $postcount[$row[0]] = $row[1] -1; $maxdate[$row[0]] = $row[2]; } - -//DB $query = "SELECT threadid,lastview,tagged FROM imas_forum_views WHERE userid='$userid'"; $query= "SELECT threadid,lastview,tagged FROM imas_forum_views WHERE userid=:userid"; if ($dofilter) { $query .= " AND threadid IN ($limthreads)"; @@ -501,7 +430,6 @@ // $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $lastview = array(); $flags = array(); -//DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { $lastview[$row[0]] = $row[1]; if ($row[2]==1) { @@ -530,8 +458,6 @@ } $stm = $DBH->prepare($query); $stm->execute(array(':forumid'=>$forumid)); - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); - //DB $numpages = ceil(mysql_result($result,0,0)/$threadsperpage); $numpages = ceil($stm->fetchColumn(0)/$threadsperpage); if ($numpages > 1) { @@ -598,12 +524,9 @@ $groupnames = array(); $groupnames[0] = "Non-group-specific"; - //DB $query = "SELECT id,name FROM imas_stugroups WHERE groupsetid='$groupsetid' ORDER BY id"; - //DB $result = mysql_query($query) or die("Query failed : " . mysql_error()); $stm = $DBH->prepare("SELECT id,name FROM imas_stugroups WHERE groupsetid=:groupsetid ORDER BY id"); $stm->execute(array(':groupsetid'=>$groupsetid)); $grpnums = 1; - //DB while ($row = mysql_fetch_row($result)) { while ($row = $stm->fetch(PDO::FETCH_NUM)) { if ($row[1] == 'Unnamed group') { $row[1] .= " $grpnums"; @@ -612,9 +535,6 @@ $groupnames[$row[0]] = $row[1]; } natsort($groupnames); - - //DB $query = "SELECT id,name FROM imas_stugroups WHERE groupsetid='$groupsetid' ORDER BY id"; - //DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error()); $stm = $DBH->prepare("SELECT id,name FROM imas_stugroups WHERE groupsetid=:groupsetid ORDER BY id"); $stm->execute(array(':groupsetid'=>$groupsetid)); /*echo "
        TopicStarted ByForumLast Post Date