-<?php // $Id: lib.php,v 1.1 22 Aug 2003
+<?php // $Id$
/*************************************************
ACTIONS handled are:
require_once("lib.php");
require_once("locallib.php");
- $id = required_param('id', PARAM_INT); // Course Module ID
+ $id = required_param('id', PARAM_INT); // Course Module ID
+ $action = required_param('action', PARAM_ALPHA);
+ $aid = optional_param('aid', 0, PARAM_INT);
+ $sid = optional_param('sid', 0, PARAM_INT);
+ $userid = optional_param('userid', 0, PARAM_INT);
// get some esential stuff...
if (! $cm = get_record("course_modules", "id", $id)) {
"", "", true);
//...get the action
- $action = required_param('action');
/******************* admin amend Grading Grade ************************************/
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
- }
- if (empty($_GET['aid'])) {
+ }
+ if (empty($aid)) {
error("Admin Amend Grading grade: assessment id missing");
- }
+ }
- if (!$assessment = get_record("exercise_assessments", "id", $_GET['aid'])) {
+ if (!$assessment = get_record("exercise_assessments", "id", $aid)) {
error("Amin Amend Grading grade: assessment not found");
}
print_heading(get_string("amend", "exercise")." ".get_string("gradeforstudentsassessment",
"exercise", $course->student));
echo "<form name=\"amendgrade\" method=\"post\" action=\"assessments.php\">\n";
- echo "<input type=\"hidden\" name=\"aid\" value=\"$_GET[aid]\" />\n";
+ echo "<input type=\"hidden\" name=\"aid\" value=\"$aid\" />\n";
echo "<input type=\"hidden\" name=\"action\" value=\"updategradinggrade\" />\n";
echo "<input type=\"hidden\" name=\"id\" value=\"$cm->id\" />\n";
echo "<table width=\"50%\" align=\"center\" border=\"1\" />\n";
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
- }
- if (empty($_GET['aid'])) {
+ }
+ if (empty($aid)) {
error("Admin confirm delete: assessment id missing");
- }
+ }
notice_yesno(get_string("confirmdeletionofthisitem","exercise", get_string("assessment", "exercise")),
- "assessments.php?action=admindelete&id=$cm->id&aid=$_GET[aid]",
+ "assessments.php?action=admindelete&id=$cm->id&aid=$aid",
"submissions.php?action=adminlist&id=$cm->id");
}
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
- }
- if (empty($_GET['aid'])) {
+ }
+ if (empty($aid)) {
error("Admin delete: submission id missing");
- }
+ }
print_string("deleting", "exercise");
// first delete all the associated records...
- delete_records("exercise_grades", "assessmentid", $_GET['aid']);
+ delete_records("exercise_grades", "assessmentid", $aid);
// ...now delete the assessment...
- delete_records("exercise_assessments", "id", $_GET['aid']);
+ delete_records("exercise_assessments", "id", $aid);
print_continue("submissions.php?id=$cm->id&action=adminlist");
}
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
- }
+ }
- if (empty($_GET['sid'])) {
+ if (empty($sid)) {
error ("exercise asssessments: adminlist called with no sid");
- }
- $submission = get_record("exercise_submissions", "id", $_GET['sid']);
+ }
+ $submission = get_record("exercise_submissions", "id", $sid);
exercise_print_assessments_for_admin($exercise, $submission);
print_continue("submissions.php?action=adminlist&id=$cm->id");
}
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
- }
+ }
- if (empty($_GET['userid'])) {
+ if (empty($userid)) {
error ("exercise asssessments: adminlistbystudent called with no userid");
- }
- $user = get_record("user", "id", $_GET['userid']);
+ }
+ $user = get_record("user", "id", $userid);
exercise_print_assessments_by_user_for_admin($exercise, $user);
print_continue("submissions.php?action=adminlist&id=$cm->id");
}
/****************** Assess resubmission (by teacher) ***************************/
elseif ($action == 'assessresubmission') {
- $sid = required_param('sid');
+ if (empty($sid)) {
+ error ("exercise asssessments: assessresubmission called with no sid");
+ }
if (! $submission = get_record("exercise_submissions", "id", $sid)) {
error("Assess submission is misconfigured - no submission record!");
/****************** Assess submission (by teacher or student) ***************************/
elseif ($action == 'assesssubmission') {
- $sid = required_param('sid');
+ if (empty($sid)) {
+ error ("exercise asssessments: assesssubmission called with no sid");
+ }
if (! $submission = get_record("exercise_submissions", "id", $sid)) {
error("Assess submission is misconfigured - no submission record!");
unset($element);
$element->description = $description;
$element->exerciseid = $exercise->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
if (!$element->id = insert_record("exercise_elements", $element)) {
error("Could not insert exercise element!");
}
unset($element);
$element->description = $description;
$element->exerciseid = $exercise->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
if (isset($form->scale[$key])) {
$element->scale = $form->scale[$key];
switch ($EXERCISE_SCALES[$form->scale[$key]]['type']) {
foreach ($form->maxscore as $key => $themaxscore) {
unset($element);
$element->exerciseid = $exercise->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->maxscore = $themaxscore;
if (isset($form->description[$key])) {
$element->description = $form->description[$key];
foreach ($form->description as $key => $description) {
unset($element);
$element->exerciseid = $exercise->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->description = $description;
$element->weight = $form->weight[$key];
for ($j=0;$j<5;$j++) {
error("Only teachers can look at this page");
}
- $aid = required_param('aid', PARAM_INT);
- $sid = required_param('sid', PARAM_INT);
+ if (empty($aid)) {
+ error("assessment id missing");
+ }
+ if (empty($sid)) {
+ error ("no sid");
+ }
if (!$assessment = get_record("exercise_assessments", "id", $aid)) {
error("Teacher assessment: User's assessment record not found");
}
$timenow = time();
$form = data_submitted();
- $aid = required_param('aid', PARAM_INT);
+ if (empty($aid)) {
+ error("assessment id missing");
+ }
if (! $assessment = get_record("exercise_assessments", "id", $aid)) {
error("exercise assessment is misconfigured");
}
unset($element);
$element->exerciseid = $exercise->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $thefeedback;
if (!$element->id = insert_record("exercise_grades", $element)) {
error("Could not insert exercise element!");
unset($element);
$element->exerciseid = $exercise->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $form->feedback[$key];
$element->grade = $thegrade;
if (!$element->id = insert_record("exercise_grades", $element)) {
unset($element);
$element->exerciseid = $exercise->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $form->feedback[$key];
$element->grade = $thegrade;
if (!$element->id = insert_record("exercise_grades", $element)) {
unset($element);
$element->exerciseid = $exercise->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $thefeedback;
if (!$element->id = insert_record("exercise_grades", $element)) {
error("Could not insert exercise element!");
unset($element);
$element->exerciseid = $exercise->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $form->feedback[$key];
$element->grade = $thegrade;
if (!$element->id = insert_record("exercise_grades", $element)) {
unset($element);
$element->exerciseid = $exercise->id;
$element->assessmentid = $assessment->id;
- $element->elementno = $key;
+ $element->elementno = clean_param($key, PARAM_INT);
$element->feedback = $form->feedback[$key];
$element->grade = $thegrade;
if (!$element->id = insert_record("exercise_grades", $element)) {
error("Only teachers can look at this page");
}
- $aid = required_param('aid', PARAM_INT);
+ if (empty($aid)) {
+ error("submission id missing");
+ }
// normalise gradinggrade
$gradinggrade = $_POST['gradinggrade'] * 100 / $exercise->gradinggrade;
if (!set_field("exercise_assessments", "gradinggrade", $gradinggrade, "id",
- $_POST['aid'])) {
+ $aid)) {
error("Update grading grade: asseesment not updated");
}
redirect("submissions.php?id=$cm->id&action=adminlist", get_string("savedok", "exercise"), 1);
/****************** user confirm delete ************************************/
elseif ($action == 'userconfirmdelete' ) {
- if (empty($_GET['aid'])) {
+ if (empty($aid)) {
error("User confirm delete: assessment id missing");
}
notice_yesno(get_string("confirmdeletionofthisitem","exercise", get_string("assessment", "exercise")),
- "assessments.php?action=userdelete&id=$cm->id&aid=$_GET[aid]", "view.php?id=$cm->id");
+ "assessments.php?action=userdelete&id=$cm->id&aid=$aid", "view.php?id=$cm->id");
}
/****************** user delete ************************************/
elseif ($action == 'userdelete' ) {
- if (empty($_GET['aid'])) {
+ if (empty($aid)) {
error("User delete: assessment id missing");
}
print_string("deleting", "exercise");
// first delete all the associated records...
- delete_records("exercise_grades", "assessmentid", $_GET['aid']);
+ delete_records("exercise_grades", "assessmentid", $aid);
// ...now delete the assessment...
- delete_records("exercise_assessments", "id", $_GET['aid']);
+ delete_records("exercise_assessments", "id", $aid);
print_continue("view.php?id=$cm->id");
}
/****************** view assessment ***********************/
elseif ($action == 'viewassessment') {
+ if (empty($aid)) {
+ error("assessment id missing");
+ }
+
// get the assessment record
- if (!$assessment = get_record("exercise_assessments", "id", $_GET['aid'])) {
+ if (!$assessment = get_record("exercise_assessments", "id", $aid)) {
error("Assessment record not found");
}
-<?php // $Id: submissions.php,v 1.0 22 Aug 2003
+<?php // $Id$
/*************************************************
ACTIONS handled are:
require_once("locallib.php");
require_once("version.php");
- $id = required_param('id', PARAM_INT); // Course Module ID
+ $id = required_param('id', PARAM_INT); // Course Module ID
+ $action = required_param('action', PARAM_ALPHA);
+ $aid = optional_param('aid', 0, PARAM_INT);
+ $sid = optional_param('sid', 0, PARAM_INT);
+ $title = optional_param('title', '', PARAM_CLEAN);
// get some essential stuff...
if (! $cm = get_record("course_modules", "id", $id)) {
<a href=\"view.php?id=$cm->id\">".format_string($exercise->name,true)."</a> -> $strsubmissions",
"", "", true);
- //...get the action!
- $action = required_param('action');
-
/******************* admin amend title ************************************/
if ($action == 'adminamendtitle' ) {
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
- }
- if (empty($_GET['sid'])) {
+ }
+ if (empty($sid)) {
error("Admin Amend Title: submission id missing");
- }
+ }
- $submission = get_record("exercise_submissions", "id", $_GET['sid']);
+ $submission = get_record("exercise_submissions", "id", $sid);
print_heading(get_string("amendtitle", "exercise"));
?>
<form name="amendtitleform" action="submissions.php" method="post">
<input type="hidden" name="action" value="adminupdatetitle" />
<input type="hidden" name="id" value="<?php echo $cm->id ?>" />
- <input type="hidden" name="sid" value="<?php echo $_REQUEST['sid'] ?>" />
+ <input type="hidden" name="sid" value="<?php echo $sid ?>" />
<center>
<table celpadding="5" border="1">
<?php
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
}
- if (empty($_GET['sid'])) {
+ if (empty($sid)) {
error("Admin clear late flag: submission id missing");
}
- if (!$submission = get_record("exercise_submissions", "id", $_GET['sid'])) {
+ if (!$submission = get_record("exercise_submissions", "id", $sid)) {
error("Admin clear late flag: can not get submission record");
}
- if (set_field("exercise_submissions", "late", 0, "id", $_GET['sid'])) {
+ if (set_field("exercise_submissions", "late", 0, "id", $sid)) {
print_heading(get_string("clearlateflag", "exercise")." ".get_string("ok"));
}
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
- }
- if (empty($_GET['sid'])) {
+ }
+ if (empty($sid)) {
error("Admin confirm delete: submission id missing");
- }
- if (!$submission = get_record("exercise_submissions", "id", $_GET['sid'])) {
+ }
+ if (!$submission = get_record("exercise_submissions", "id", $sid)) {
error("Admin delete: can not get submission record");
- }
+ }
if (isteacher($course->id, $submission->userid)) {
if (!isteacheredit($course->id)) {
}
}
notice_yesno(get_string("confirmdeletionofthisitem","exercise", get_string("submission", "exercise")),
- "submissions.php?action=admindelete&id=$cm->id&sid=$_GET[sid]", "submissions.php?id=$cm->id&action=adminlist");
+ "submissions.php?action=admindelete&id=$cm->id&sid=$sid", "submissions.php?id=$cm->id&action=adminlist");
}
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
}
- if (empty($_GET['sid'])) {
+ if (empty($sid)) {
error("Admin delete: submission id missing");
}
- if (!$submission = get_record("exercise_submissions", "id", $_GET['sid'])) {
+ if (!$submission = get_record("exercise_submissions", "id", $sid)) {
error("Admin delete: can not get submission record");
}
print_string("deleting", "exercise");
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
}
- if (empty($_GET['sid'])) {
+ if (empty($sid)) {
error("Admin confirm late flag: submission id missing");
}
- if (!$submission = get_record("exercise_submissions", "id", $_GET['sid'])) {
+ if (!$submission = get_record("exercise_submissions", "id", $sid)) {
error("Admin confirm late flag: can not get submission record");
}
notice_yesno(get_string("clearlateflag","exercise")."?",
- "submissions.php?action=adminclearlate&id=$cm->id&sid=$_GET[sid]",
+ "submissions.php?action=adminclearlate&id=$cm->id&sid=$sid",
"submissions.php?id=$cm->id&action=adminlist");
}
if (!isteacher($course->id)) {
error("Only teachers can look at this page");
}
- if (empty($_POST['sid'])) {
+ if (empty($sid)) {
error("Admin Update Title: submission id missing");
}
- if (set_field("exercise_submissions", "title", $_POST['title'], "id", $_POST['sid'])) {
+ if (set_field("exercise_submissions", "title", $title, "id", $sid)) {
print_heading(get_string("amendtitle", "exercise")." ".get_string("ok"));
}
redirect("submissions.php?id=$cm->id&action=adminlist");
/******************* user confirm delete ************************************/
elseif ($action == 'userconfirmdelete' ) {
- if (empty($_GET['sid'])) {
+ if (empty($sid)) {
error("User Confirm Delete: submission id missing");
}
notice_yesno(get_string("confirmdeletionofthisitem","exercise", get_string("submission", "exercise")),
- "submissions.php?action=userdelete&id=$cm->id&sid=$_GET[sid]", "view.php?id=$cm->id");
+ "submissions.php?action=userdelete&id=$cm->id&sid=$sid", "view.php?id=$cm->id");
}
/******************* user delete ************************************/
elseif ($action == 'userdelete' ) {
- if (empty($_GET['sid'])) {
+ if (empty($sid)) {
error("User Delete: submission id missing");
}
- if (!$submission = get_record("exercise_submissions", "id", $_GET['sid'])) {
+ if (!$submission = get_record("exercise_submissions", "id", $sid)) {
error("User Delete: can not get submission record");
}
print_string("deleting", "exercise");
projects / moodle.git / commitdiff