Merge branch 'master' into EC.fixes1

admin/unittests.php

@@ -0,0 +1,53 @@
+<?php
+//Unit tests for specific functions
+//(c) 2018 IMathAS
+
+require("../init.php");
+
+if ($myrights<100) {
+	echo "Unauthorized";
+	exit;
+}
+
+
+//each test is [string to look at, requiretimes, expected result]
+$reqtimestests = [
+	['3x^2+4x', 'x,=2,3,>0', 1],
+	['3x+30x^2+4', '3,=2', 1],
+	['3x+30x^2+4', '#3,=1', 1],
+];
+
+//each test is [string to test, answerformat, expected result]
+$ansformattests = [
+                ['4/6',  'fraction', true],
+                ['4/6', 'reducedfraction', false]
+];
+
+require("../assessment/displayq2.php");
+
+foreach ($reqtimestests as $test) {
+	echo "Testing ".Sanitize::encodeStringForDisplay($test[0]);
+	echo " against ".Sanitize::encodeStringForDisplay($test[1]);
+	echo ": ";
+	if (checkreqtimes($test[0], $test[1])==$test[2]) {
+		echo '<span style="color:green">Pass</span>';
+	} else {
+		echo '<span style="color:red">Fail</span>';
+	}
+	echo '<br/>';
+}
+
+foreach ($ansformattests as $test) {
+	echo "Testing ".Sanitize::encodeStringForDisplay($test[0]);
+	echo " with ".Sanitize::encodeStringForDisplay($test[1]);
+	echo ": ";
+	if (checkanswerformat($test[0], $test[1])==$test[2]) {
+		echo '<span style="color:green">Pass</span>';
+	} else {
+		echo '<span style="color:red">Fail</span>';
+	}
+	echo '<br/>';
+}
+
+
+

assessment/displayq2.php

@@ -7003,6 +7003,12 @@ function checkreqtimes($tocheck,$rtimes) {
 			foreach ($grouptocheck as $lookfor) {
 				if ($lookfor=='#') {
 					$nummatch = preg_match_all('/[\d\.]+/',$cleanans,$m);
+				} else if ($lookfor[0]=='#') {
+					if (!isset($all_numbers)) {
+						preg_match_all('/[\d\.]+/',$cleanans,$matches);
+						$all_numbers = $matches[0];
+					}
+					$nummatch = count(array_keys($all_numbers,str_replace(array('-', ' '),'',substr($lookfor,1))));
 				} else if (strlen($lookfor)>6 && substr($lookfor,0,6)=='regex:') {
 					$regex = str_replace('/','\\/',substr($lookfor,6));
 					$nummatch = preg_match_all('/'.$regex.'/'.($ignore_case?'i':''),$cleanans,$m);

assessment/libs/stats.php

@@ -100,6 +100,8 @@ function Nplus1percentile($a,$p) {
 	$l = round(($p/100)*(count($a)+1),2);
 	if (floor($l)==$l) {
 		return ($a[$l-1]);
+	} else if ($l>count($a)) {
+		return $a[floor($l)-1];
 	} else {
 		return (($a[floor($l)-1]+$a[ceil($l)-1])/2);
 	}

assessment/macros.php

@@ -2312,23 +2312,23 @@ function decimaltofraction($d,$format="fraction",$maxden = 5000) {
 	} else {
 		return $sign.$numerators[$i].'/'.$denominators[$i];
 	}
-}
+}                                
 
 function makenumberrequiretimes($arr) {
 	if (!is_array($arr)) {
-		$arrlist = $arr;
 		$arr = explode(',',$arr);
-	} else {
-		$arrlist = implode(',',$arr);
-	}
+	} 
 	if (count($arr)==0) {
 		return "";
 	}
+	foreach ($arr as $k=>$num) {
+		$arr[$k] = str_replace(array('-', ' '),'',$num);
+	}
+	$uniq = array_unique($arr);
 	$out = array();
-	foreach ($arr as $num) {
-		$num = abs($num);
-		$nummatch = substr_count($arrlist,$num);
-		$out[] = "$num,=$nummatch";
+	foreach ($uniq as $num) {
+		$nummatch = count(array_keys($arr,$num));
+		$out[] = "#$num,=$nummatch";
 	}
 	return implode(',',$out);
 }

assessment/mathphp2.php

@@ -225,7 +225,7 @@ function mathphptokenize($str,$vars,$ignorestrings) {
 				$c = $str{$i};
 			} while ($c>="a" && $c<="z" || $c>="A" && $c<="Z" || $c>='0' && $c<='9' || $c=='_');
 			//check if it's a special word
-			if ($out=='e') {
+			if ($out=='e' && !in_array($out,$vars)) {
 				$out = "exp(1)";
 				$intype = 3;
 			} else if ($out=='pi') {

course/gb-itemanalysis.php

@@ -322,15 +322,11 @@
 					$avgtota = round($timeontask[$qid]/($tcnt[$qid]),2);
 					if ($avgtot==0) {
 						$avgtot = 'N/A';
-					} else if ($avgtot<60) {
-						$avgtot .= ' sec';
 					} else {
 						$avgtot = round($avgtot/60,2) . ' min';
 					}
 					if ($avgtota==0) {
 						$avgtot = 'N/A';
-					} else if ($avgtota<60) {
-						$avgtota .= ' sec';
 					} else {
 						$avgtota = round($avgtota/60,2) . ' min';
 					}

course/gbtable2.php

@@ -152,9 +152,14 @@ function getpts($sc) {
 
 ****/
 function flattenitems($items,&$addto) {
+	$now = time();
 	foreach ($items as $item) {
 		if (is_array($item)) {
-			if (!isset($item['avail']) || $item['avail']>0) {
+			if (!isset($item['avail'])) { //backwards compat
+				$item['avail'] = 1;
+			}
+			$ishidden = ($item['avail']==0 || ($item['avail']==1 && $item['SH'][0]=='H' && $item['startdate']>$now));
+			if (!$ishidden) {
 				flattenitems($item['items'],$addto);
 			}
 		} else {

course/gradebook.php

@@ -274,7 +274,7 @@
 	"showpics": '.Sanitize::onlyInt($showpics).'};
 </script>';
 if ($canviewall) {
-	$placeinhead .= '<script type="text/javascript" src="../javascript/gradebook.js?v=040218"></script>';
+	$placeinhead .= '<script type="text/javascript" src="../javascript/gradebook.js?v=041218"></script>';
 }
 
 if (isset($studentid) || $stu!=0) { //show student view

course/moddataset.php

@@ -901,7 +901,7 @@ function getvideoid($url) {
 	$placeinhead .= '
 	   var controlEditor;
 	   var qEditor;
-
+	
 	  function toggleeditor(el) {
 	     var qtextbox =  document.getElementById(el);
 	     if ((el=="qtext" && editoron==0) || (el=="solution" && seditoron==0)) {
@@ -926,28 +926,32 @@ function toggleeditor(el) {
 		qtextbox.rows -= 3;
 		qtextbox.value = qtextbox.value.replace(/<span\s+class="AM"[^>]*>(.*?)<\\/span>/g,"$1");
 		if (el=="qtext") {setupQtextEditor();}
-	     }
+	     }    
 	     if (el.match(/qtext/)) {
 	     	editoron = 1 - editoron;
-	     	document.cookie = "qeditoron="+editoron;
+	     	//document.cookie = "qeditoron="+editoron;
 	     } else if (el.match(/solution/)) {
 	     	seditoron = 1 - seditoron;
-	     	document.cookie = "seditoron="+seditoron;
+	     	//document.cookie = "seditoron="+seditoron;
 	     }
 	   }
 	   function initsolneditor() {
+	   	/*
 	   	if (document.cookie.match(/seditoron=1/)) {
 	   		var val = document.getElementById("solution").value;
 	   		if (val.length<3 || val.match(/<.*?>/)) {toggleeditor("solution");}
 	   	}
+	   	*/
 	   }
 
-	   addLoadEvent(function(){if (document.cookie.match(/qeditoron=1/)) {
+	   addLoadEvent(function(){setupQtextEditor();});
+	   /*
+	   if (document.cookie.match(/qeditoron=1/)) {
 	   	var val = document.getElementById("qtext").value;
 	   	if (val.length<3 || val.match(/<.*?>/)) {toggleeditor("qtext");}
 	   	else {setupQtextEditor();}
 	   }else {setupQtextEditor();}});
-
+	   */
 
 	   function setupQtextEditor() {
 	   	var qtextbox = document.getElementById("qtext");

forums/forums.php

@@ -439,11 +439,17 @@ function flattenitems($items,&$addto) {
 	//DB $query = "SELECT imas_forums.id,COUNT(imas_forum_posts.id) FROM imas_forums LEFT JOIN imas_forum_posts ON ";
 	//DB $query .= "imas_forums.id=imas_forum_posts.forumid WHERE imas_forum_posts.parent=0 AND imas_forums.courseid='$cid' GROUP BY imas_forum_posts.forumid ORDER BY imas_forums.id";
 	//DB $result = mysql_query($query) or die("Query failed : $query " . mysql_error());
-  $query = "SELECT imas_forums.id,COUNT(imas_forum_threads.id) FROM imas_forums LEFT JOIN imas_forum_threads ON ";
+	$query = "SELECT imas_forums.id,COUNT(imas_forum_threads.id) FROM imas_forums LEFT JOIN imas_forum_threads ON ";
 	$query .= "imas_forums.id=imas_forum_threads.forumid AND imas_forum_threads.lastposttime<:now ";
-	$query .= "WHERE imas_forums.courseid=:courseid GROUP BY imas_forum_threads.forumid ORDER BY imas_forums.id";
+	$query .= "WHERE imas_forums.courseid=:courseid ";
+	$qarr = array(':now'=>$now, ':courseid'=>$cid);
+	if (!isset($teacherid)) {
+		$query .= "AND (imas_forum_threads.stugroupid=0 OR imas_forum_threads.stugroupid IN (SELECT stugroupid FROM imas_stugroupmembers WHERE userid=:userid )) ";
+		$qarr[':userid']=$userid;
+	}
+	$query .= "GROUP BY imas_forum_threads.forumid ORDER BY imas_forums.id";
 	$stm = $DBH->prepare($query);
-	$stm->execute(array(':now'=>$now, ':courseid'=>$cid));
+	$stm->execute($qarr);
 	$result=$stm->fetchALL(PDO::FETCH_NUM);
 	foreach ($result as $row) {
 		$threadcount[$row[0]] = $row[1];
@@ -459,9 +465,19 @@ function flattenitems($items,&$addto) {
 	// 	$maxdate[$row[0]] = $row[2];
 	//NOT WORKING
 	$query = "SELECT imas_forums.id,COUNT(imas_forum_posts.id) AS postcount,MAX(imas_forum_posts.postdate) AS maxdate FROM imas_forums LEFT JOIN imas_forum_posts ON ";
-	$query .= "imas_forums.id=imas_forum_posts.forumid WHERE imas_forums.courseid=:courseid GROUP BY imas_forum_posts.forumid ORDER BY imas_forums.id";
+	$query .= "imas_forums.id=imas_forum_posts.forumid ";
+	if (!isset($teacherid)) {
+		$query .= "JOIN imas_forum_threads ON imas_forum_posts.threadid=imas_forum_threads.id ";
+	}
+	$query .= "WHERE imas_forums.courseid=:courseid ";
+	$qarr = array(':courseid'=> $cid);
+	if (!isset($teacherid)) {
+		$query .= "AND (imas_forum_threads.stugroupid=0 OR imas_forum_threads.stugroupid IN (SELECT stugroupid FROM imas_stugroupmembers WHERE userid=:userid )) ";
+		$qarr[':userid']=$userid;
+	}
+	$query .= "GROUP BY imas_forum_posts.forumid ORDER BY imas_forums.id";
 	$stm = $DBH->prepare($query);
-	$stm->execute(array(':courseid'=> $cid));
+	$stm->execute($qarr);
 
 	// $result = mysql_query($query) or die("Query failed : $query " . mysql_error());
 	$result=$stm->fetchALL(PDO::FETCH_NUM);
@@ -489,8 +505,8 @@ function flattenitems($items,&$addto) {
 	$query .= "JOIN imas_forums ON imas_forum_threads.forumid=imas_forums.id AND imas_forums.courseid=:courseid ";
 	$query .= "LEFT JOIN imas_forum_views as mfv ON mfv.threadid=imas_forum_threads.id AND mfv.userid=:userid ";
 	$query .= "WHERE imas_forum_threads.lastposttime<:now  AND (imas_forum_threads.lastposttime>mfv.lastview OR (mfv.lastview IS NULL)) ";
-  $array = array(':now'=>$now, ':courseid'=>$cid, ':userid'=>$userid);
-if (!isset($teacherid)) {
+	$array = array(':now'=>$now, ':courseid'=>$cid, ':userid'=>$userid);
+	if (!isset($teacherid)) {
 		$query .= "AND (imas_forum_threads.stugroupid=0 OR imas_forum_threads.stugroupid IN (SELECT stugroupid FROM imas_stugroupmembers WHERE userid=:userid )) ";
 		$array[':userid']=$userid;
 	}

forums/thread.php

@@ -839,7 +839,7 @@
 				printf("<td>%s</td>\n", Sanitize::encodeStringForDisplay($name));
 
 				if ($isteacher && $groupsetid>0 && !$dofilter) {
-					echo '<td class=c>'.Sanitize::onlyInt($groupnames[$line['stugroupid']]).'</td>';
+					echo '<td class=c>'.Sanitize::encodeStringForDisplay($groupnames[$line['stugroupid']]).'</td>';
 				}
 
 				echo "<td class=c>".Sanitize::encodeStringForDisplay($posts)."</td>";

help.html

@@ -1531,6 +1531,10 @@ <h2><a name="basiccontrolsyntax">Basic Control Syntax</a></h2>
 </pre>
 </p>
 
+<p><b>Comments</b></p>
+<p>You can insert comments in your code by starting the comment with two forward slashes: //this is a comment.  
+Typically it's best to put comments on their own line, but they can also be placed after a line of code.</p>
+
 <h4><a name="conditionals">Conditionals</a></h4>
 
 Any assignment line can be followed by one of two conditional:  &quot;where&quot; or &quot;if&quot;.
@@ -2327,7 +2331,10 @@ <h3><a name="calculated">Calculated</a></h3>
 	<dd>Adds format checking to the student's answer.  The list can include multiple checks, which come in pairs.  The
 	first is the symbol to look for.  The second describes what is acceptable.  For example, in the string shown above,
 	the symbol "^" would be required to show up exactly 3 times, and "cos" would be required to show up less than 2 times. <br/>
-	You can	use "#" in the symbol location to match any number (including decimal values); 3.2^5 would match twice.<br/>
+	Be aware that if you search for "5,=1", it will match both 5 and 15 and 2.5, since all three strings contain a 5.  When 
+	searching for numbers, you can avoid this by putting a "#" before the number, like "#5,=1", which would match the 5 but not 15 or 0.5.
+	Beware this type of search ignores signs.<br/>
+	You can	use just "#" in the symbol location to match any number (including decimal values); 3.2^5 would match twice.<br/>
 	You can match either of two symbols by putting || between them, like ".5||1/2,>0"<br/>
 	You can use a regular expression by putting in the symbol location "regex:expression"<br/>
 	You can put "ignore_commas,true" at the beginning of the $requiretimes to ignore commas in the answer<br/>

includes/userpics.php

@@ -26,6 +26,7 @@ function processImage( $image, $imageId, $thumbWidth, $thumbHeight )
 	    //invalid image type
 	    return FALSE;
     }
+
     $createFunc = 'imagecreatefrom' . $type;
 
     $im = @$createFunc( $image[ 'tmp_name' ] );
@@ -64,7 +65,25 @@ function processImage( $image, $imageId, $thumbWidth, $thumbHeight )
 	$imT = imagecreatetruecolor( $tmpw, $th );
 	imagecopyresampled( $imT, $im, 0, 0, 0, 0, $tmpw, $th, $w, $h ); // resize to width
     }
-
+    if ($type=='jpeg') {
+    	$exif = exif_read_data($image[ 'tmp_name' ]);	  
+    	if (isset($exif['Orientation']) && $exif['Orientation']>1) {
+		switch($exif['Orientation']) {
+			case 3:
+			    $imT = imagerotate($imT, 180, 0);
+			    $changed = true;
+			    break;
+			case 6:
+			    $imT = imagerotate($imT, -90, 0);
+			    $changed = true;
+			    break;
+			case 8:
+			    $imT = imagerotate($imT, 90, 0);
+			    $changed = true;
+			    break;
+		}
+	}
+    }
     // save the image
    imagejpeg( $imT, $galleryPath . 'userimg_'.$imageId . '.jpg', 100 );
    relocatecoursefileifneeded($galleryPath . 'userimg_'.$imageId . '.jpg', 'userimg_'.$imageId . '.jpg');

javascript/gradebook.js

@@ -107,7 +107,7 @@ function conditionalColor(table,type,low,high) {
 		var ths = tbl.getElementsByTagName("thead")[0].getElementsByTagName("th");
 		for (var i=0;i<ths.length;i++) {
 			if (k = ths[i].innerHTML.match(/(\d+)(&nbsp;|\u00a0)pts/)) {
-				poss[i] = k[1]*1;
+				poss[i] = parseFloat(k[1]);
 				if (poss[i]==0) {poss[i]=.0000001;}
 			} else {
 				poss[i] = 100;
@@ -133,12 +133,12 @@ function conditionalColor(table,type,low,high) {
 						var v = tds[i].textContent;
 					}
 					if (k = v.match(/\(([\d\.]+)%\)/)) {
-						var perc = k[1];
+						var perc = parseFloat(k[1]);
 					} else if (k = v.match(/([\d\.]+)\/(\d+)/)) {
-						if (k[2]==0) { var perc = 0;} else { var perc= Math.round(1000*k[1]/k[2])/10;}
+						if (k[2]==0) { var perc = 0;} else { var perc= Math.round(1000*parseFloat(k[1])/parseFloat(k[2]))/10;}
 					} else {
 						v = v.replace(/[^\d\.]/g,"");
-						var perc = Math.round(1000*v/poss[i])/10;
+						var perc = Math.round(1000*parseFloat(v)/poss[i])/10;
 					}
 
 					if (perc<low) {

validate.php

@@ -278,15 +278,27 @@
 		 }
 
 		 if (!empty($_SERVER['QUERY_STRING'])) {
-       $querys = '?' . Sanitize::fullQueryString($_SERVER['QUERY_STRING']) . (isset($addtoquerystring) ? '&' . Sanitize::fullQueryString($addtoquerystring) : '');
+		 	 $querys = '?' . Sanitize::fullQueryString($_SERVER['QUERY_STRING']) . (isset($addtoquerystring) ? '&' . Sanitize::fullQueryString($addtoquerystring) : '');
 		 } else {
 			 $querys = (!empty($addtoquerystring) ? '?' . Sanitize::fullQueryString($addtoquerystring) : '');
 		 }
-		 //$now = time();
-		 //DB //$query = "INSERT INTO imas_log (time,log) VALUES ($now,'$userid from IP: {$_SERVER['REMOTE_ADDR']}')";
-		 //DB //mysql_query($query) or die("Query failed : " . mysql_error());
 
-		 header('Location: ' . $GLOBALS['basesiteurl'] . substr($_SERVER['SCRIPT_NAME'],strlen($imasroot)) . $querys);
+		 $needToForcePasswordReset = false;
+		 if (isset($CFG['acct']['passwordMinlength']) && strlen($_POST['password'])<$CFG['acct']['passwordMinlength']) {
+		 	 $needToForcePasswordReset = true;
+		 } else if (isset($CFG['acct']['passwordFormat'])) {
+		 	 require_once("includes/newusercommon.php");
+		 	 if (!checkFormatAgainstRegex($_POST['password'], $CFG['acct']['passwordFormat'])) {
+		 	 	 $needToForcePasswordReset = true;
+		 	 }
+		 } 
+
+		 if ($needToForcePasswordReset) {
+		 	 header('Location: ' . $GLOBALS['basesiteurl'] . '/forms.php?action=forcechgpwd');
+		 } else {
+		 	 header('Location: ' . $GLOBALS['basesiteurl'] . substr($_SERVER['SCRIPT_NAME'],strlen($imasroot)) . $querys);
+		 }
+		 exit;
 	 } else {
 		 if (empty($_SESSION['challenge'])) {
 			 $badsession = true;