Merge branch '1.10.x' of github.com:chamilo/chamilo-lms into 1.10.x

Author: ywarnier

main/auth/set_temp_password.php

@@ -38,7 +38,7 @@
 
 if ($form->validate()) {
     $form_values = $form->exportValues();
-    if ($form_values['course_password'] === $course_info['registration_code']) {
+    if (sha1($form_values['course_password']) === $course_info['registration_code']) {
         Session::write('course_password_'.$course_info['real_id'], true);
         header('Location: '.api_get_course_url($course_info['code'], $session_id));
         exit;

main/course_info/infocours.php

@@ -195,7 +195,7 @@ function is_settings_editable()
                             . '<img id="previewImage" >'
                         . '</div>'
                         . '<div>'
-                            . '<button class="btn btn-primary hidden" name="cropButton" id="cropButton"><em class="fa fa-crop"></em> '.get_lang('CropYourPicture').'</button>'
+                            . '<button class="btn btn-primary hidden" type="button" name="cropButton" id="cropButton"><em class="fa fa-crop"></em> '.get_lang('CropYourPicture').'</button>'
                         . '</div>'
                     . '</div>'
             . '</div>'

main/forum/editpost.php

@@ -32,10 +32,14 @@
 
 $nameTools = get_lang('ToolForum');
 
+// Unset the formElements in session before the includes function works
+unset($_SESSION['formelements']);
+
 /* Including necessary files */
 require_once 'forumconfig.inc.php';
 require_once 'forumfunction.inc.php';
 
+// Are we in a lp ?
 $origin = '';
 if (isset($_GET['origin'])) {
     $origin = Security::remove_XSS($_GET['origin']);
@@ -111,12 +115,6 @@
     </script>
 JS;
 
-// Are we in a lp ?
-$origin = '';
-if (isset($_GET['origin'])) {
-    $origin = Security::remove_XSS($_GET['origin']);
-}
-
 if ($origin == 'learnpath') {
     Display::display_reduced_header();
 } else {
@@ -215,41 +213,6 @@
 
 if (!empty($values) and isset($_POST['SubmitPost'])) {
     store_edit_post($values);
-
-    $option_chek = isset($values['thread_qualify_gradebook']) ? $values['thread_qualify_gradebook'] : null; // values 1 or 0
-    if (1 == $option_chek) {
-        $id = $values['thread_id'];
-        $title_gradebook = Security::remove_XSS(stripslashes($values['calification_notebook_title']));
-        $value_calification = $values['numeric_calification'];
-        $weight_calification = $values['weight_calification'];
-        $description = '';
-        $session_id = api_get_session_id();
-
-        $link_info = GradebookUtils::is_resource_in_course_gradebook(
-            api_get_course_id(),
-            5,
-            $id,
-            $session_id
-        );
-        $link_id = $link_info['id'];
-
-        if (!$link_info) {
-            GradebookUtils::add_resource_to_course_gradebook(
-                $values['category_id'],
-                api_get_course_id(),
-                5,
-                $id,
-                $title_gradebook,
-                $weight_calification,
-                $value_calification,
-                $description,
-                1,
-                api_get_session_id()
-            );
-        } else {
-            Database::query('UPDATE '.$table_link.' SET weight='.$weight_calification.' WHERE id='.$link_id.'');
-        }
-    }
 }
 
 // Footer

main/forum/editthread.php

@@ -0,0 +1,185 @@
+<?php
+/* For licensing terms, see /license.txt */
+
+/**
+ * Edit a Forum Thread
+ * @Author José Loguercio <[email protected]>
+ *
+ * @package chamilo.forum
+ */
+
+use ChamiloSession as Session;
+
+// Including the global initialization file.
+require_once '../inc/global.inc.php';
+
+// The section (tabs).
+$this_section = SECTION_COURSES;
+// Notification for unauthorized people.
+api_protect_course_script(true);
+
+$cidreq = api_get_cidreq();
+
+$nameTools = get_lang('ToolForum');
+
+/* Including necessary files */
+
+require_once 'forumconfig.inc.php';
+require_once 'forumfunction.inc.php';
+
+// Are we in a lp ?
+$origin = '';
+if (isset($_GET['origin'])) {
+    $origin = Security::remove_XSS($_GET['origin']);
+}
+
+/* MAIN DISPLAY SECTION */
+$currentForum = get_forum_information($_GET['forum']);
+$currentForumCategory = get_forumcategory_information($currentForum['forum_category']);
+
+// the variable $forum_settings is declared in forumconfig.inc.php
+$forumSettings = $forum_setting;
+
+/* Breadcrumbs */
+
+if (isset($_SESSION['gradebook'])) {
+    $gradebook = Security::remove_XSS($_SESSION['gradebook']);
+}
+
+if (!empty($gradebook) && $gradebook == 'view') {
+    $interbreadcrumb[] = array (
+        'url' => '../gradebook/'.Security::remove_XSS($_SESSION['gradebook_dest']),
+        'name' => get_lang('ToolGradebook')
+    );
+}
+
+if (!empty($_GET['gidReq'])) {
+    $toolgroup = intval($_GET['gidReq']);
+    Session::write('toolgroup',$toolgroup);
+}
+
+$threadId = isset($_GET['thread']) ? intval($_GET['thread']) : 0;
+$courseInfo = isset($_GET['cidReq']) ? api_get_course_info($_GET['cidReq']) : 0;
+$cId = isset($courseInfo['real_id']) ? intval($courseInfo['real_id']) : 0; 
+
+/* Is the user allowed here? */
+
+// The user is not allowed here if:
+
+// 1. the forumcategory or forum is invisible (visibility==0) and the user is not a course manager
+if (!api_is_allowed_to_edit(false, true) &&
+    (($currentForumCategory['visibility'] && $currentForumCategory['visibility'] == 0) || $currentForum['visibility'] == 0)
+) {
+    api_not_allowed();
+}
+
+// 2. the forumcategory or forum is locked (locked <>0) and the user is not a course manager
+if (!api_is_allowed_to_edit(false, true) &&
+    (($currentForumCategory['visibility'] && $currentForumCategory['locked'] <> 0) OR $currentForum['locked'] <> 0)
+) {
+    api_not_allowed();
+}
+
+// 3. new threads are not allowed and the user is not a course manager
+if (!api_is_allowed_to_edit(false, true) &&
+    $currentForum['allow_new_threads'] <> 1
+) {
+    api_not_allowed();
+}
+// 4. anonymous posts are not allowed and the user is not logged in
+if (!$_user['user_id'] AND $currentForum['allow_anonymous'] <> 1) {
+    api_not_allowed();
+}
+
+// 5. Check user access
+if ($currentForum['forum_of_group'] != 0) {
+    $show_forum = GroupManager::user_has_access(
+        api_get_user_id(),
+        $currentForum['forum_of_group'],
+        GroupManager::GROUP_TOOL_FORUM
+    );
+    if (!$show_forum) {
+        api_not_allowed();
+    }
+}
+
+// 6. Invited users can't create new threads
+if (api_is_invitee()) {
+    api_not_allowed(true);
+}
+
+$groupId = api_get_group_id();
+if (!empty($groupId)) {
+    $groupProperties = GroupManager :: get_group_properties($groupId);
+    $interbreadcrumb[] = array('url' => '../group/group.php?'.$cidreq, 'name' => get_lang('Groups'));
+    $interbreadcrumb[] = array('url' => '../group/group_space.php?'.$cidreq, 'name' => get_lang('GroupSpace').' '.$groupProperties['name']);
+    $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $currentForum['forum_title']);
+    $interbreadcrumb[] = array('url' => 'newthread.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']),'name' => get_lang('EditThread'));
+} else {
+    $interbreadcrumb[] = array('url' => 'index.php?'.$cidreq, 'name' => $nameTools);
+    $interbreadcrumb[] = array('url' => 'viewforumcategory.php?'.$cidreq.'&forumcategory='.$currentForumCategory['cat_id'], 'name' => $currentForumCategory['cat_title']);
+    $interbreadcrumb[] = array('url' => 'viewforum.php?'.$cidreq.'&forum='.Security::remove_XSS($_GET['forum']), 'name' => $currentForum['forum_title']);
+    $interbreadcrumb[] = array('url' => '#', 'name' => get_lang('EditThread'));
+}
+
+$tableLink = Database :: get_main_table(TABLE_MAIN_GRADEBOOK_LINK);
+
+/* Header */
+
+$htmlHeadXtra[] = <<<JS
+    <script>
+    $(document).on('ready', function() {
+        
+        if ($('#thread_qualify_gradebook').is(':checked') == true) {
+            document.getElementById('options_field').style.display = 'block';
+        } else {
+            document.getElementById('options_field').style.display = 'none';
+        }
+        
+        $('#thread_qualify_gradebook').click(function() {
+            if ($('#thread_qualify_gradebook').is(':checked') == true) {
+                document.getElementById('options_field').style.display = 'block';
+            } else {
+                document.getElementById('options_field').style.display = 'none';
+                $("[name='numeric_calification']").val(0);
+                $("[name='calification_notebook_title']").val('');
+                $("[name='weight_calification']").val(0);
+                $("[name='thread_peer_qualify'][value='0']").prop('checked', true);
+            }
+        });
+    });
+    </script>
+JS;
+
+if ($origin == 'learnpath') {
+    Display::display_reduced_header();
+} else {
+    Display :: display_header(null);
+}
+
+handle_forum_and_forumcategories();
+
+// Action links
+echo '<div class="actions">';
+echo '<span style="float:right;">'.search_link().'</span>';
+echo '<a href="viewforum.php?forum='.intval($_GET['forum']).'&'.$cidreq.'">'.
+    Display::return_icon('back.png',get_lang('BackToForum'),'',ICON_SIZE_MEDIUM).'</a>';
+echo '</div>';
+
+$threadData = getThreadInfo($threadId, $cId);
+
+$values = showUpdateThreadForm(
+    $currentForum,
+    $forumSettings,
+    $threadData
+);
+
+if (!empty($values) && isset($values['SubmitPost'])) {
+    
+    // update thread in table forum_thread.
+    updateThread($values);
+}
+
+if (isset($origin) && $origin != 'learnpath') {
+    Display :: display_footer();
+}