$sort = "firstname";
}
- $extrasql = $ufiltering->get_sql_filter();
- $users = get_users_listing($sort, $dir, $page*$perpage, $perpage, '', '', '', $extrasql);
+ list($extrasql, $params) = $ufiltering->get_sql_filter();
+ $users = get_users_listing($sort, $dir, $page*$perpage, $perpage, '', '', '', $extrasql, $params);
$usercount = get_users(false);
- $usersearchcount = get_users(false, '', true, "", "", '', '', '', '', '*', $extrasql);
+ $usersearchcount = get_users(false, '', true, null, "", '', '', '', '', '*', $extrasql, $params);
if ($extrasql !== '') {
print_heading("$usersearchcount / $usercount ".get_string('users'));
global $SESSION;
$guest = get_guest();
- $sqlwhere = $ufiltering->get_sql_filter("id<>{$guest->id} AND deleted <> 1");
+ $sqlwhere = $ufiltering->get_sql_filter("id<>:exguest AND deleted <> 1", array('exguest'=>$guest->id));
if ($rs = get_recordset_select('user', $sqlwhere, 'fullname', 'id,'.sql_fullname().' AS fullname')) {
while ($user = rs_fetch_next_record($rs)) {
}
function get_selection_data($ufiltering) {
- global $SESSION;
+ global $SESSION, $DB;
// get the SQL filter
$guest = get_guest();
- $sqlwhere = $ufiltering->get_sql_filter("id<>{$guest->id} AND deleted <> 1");
+ list($sqlwhere, $params) = $ufiltering->get_sql_filter("id<>:exguest AND deleted <> 1", array('exguest'=>$guest->id));
- $total = count_records_select('user', "id<>{$guest->id} AND deleted <> 1");
- $acount = count_records_select('user', $sqlwhere);
+ $total = $DB->count_records_select('user', "id<>:exguest AND deleted <> 1", array('exguest'=>$guest->id));
+ $acount = $DB->count_records_select('user', $sqlwhere, $params);
$scount = count($SESSION->bulk_users);
$userlist = array('acount'=>$acount, 'scount'=>$scount, 'ausers'=>false, 'susers'=>false, 'total'=>$total);
- $userlist['ausers'] = get_records_select_menu('user', $sqlwhere, 'fullname', 'id,'.sql_fullname().' AS fullname', 0, MAX_BULK_USERS);
+ $userlist['ausers'] = $DB->get_records_select_menu('user', $sqlwhere, $params, 'fullname', 'id,'.sql_fullname().' AS fullname', 0, MAX_BULK_USERS);
if ($scount) {
if ($scount < MAX_BULK_USERS) {
$bulkusers = array_slice($SESSION->bulk_users, 0, MAX_BULK_USERS, true);
$in = implode(',', $bulkusers);
}
- $userlist['susers'] = get_records_select_menu('user', "id IN ($in)", 'fullname', 'id,'.sql_fullname().' AS fullname');
+ $userlist['susers'] = $DB->get_records_select_menu('user', "id IN ($in)", null, 'fullname', 'id,'.sql_fullname().' AS fullname');
}
return $userlist;
// If looking at a different host, we're interested in all our site users
if ($hostid == $CFG->mnet_localhost_id && $course->id != SITEID) {
- if ($selectedgroup) { // If using a group, only get users in that group.
- $courseusers = get_group_users($selectedgroup, 'u.lastname ASC', '', 'u.id, u.firstname, u.lastname, u.idnumber');
- } else {
- $courseusers = get_course_users($course->id, '', '', 'u.id, u.firstname, u.lastname, u.idnumber');
- }
+ $courseusers = get_users_by_capability($context, 'moodle/course:view', '', 'lastname ASC, firstname ASC', '','u.id, u.firstname, u.lastname, u.idnumber',$selectedgroup,null, false);
} else {
$courseusers = get_site_users("u.lastaccess DESC", "u.id, u.firstname, u.lastname, u.idnumber");
}
$users = array();
if ($course->id != SITEID) {
- if ($selectedgroup) { // If using a group, only get users in that group.
- $courseusers = get_group_users($selectedgroup, 'u.lastname ASC', '', 'u.id, u.firstname, u.lastname, u.idnumber');
- } else {
- $courseusers = get_course_users($course->id, '', '', 'u.id, u.firstname, u.lastname, u.idnumber');
- }
+ $courseusers = get_users_by_capability($context, 'moodle/course:view', '', 'lastname ASC, firstname ASC', '','u.id, u.firstname, u.lastname, u.idnumber',$selectedgroup,null, false);
} else {
$courseusers = get_site_users("u.lastaccess DESC", "u.id, u.firstname, u.lastname, u.idnumber");
}
print_string("htmleditordisabledadmin");
} else if (!$USER->htmleditor) {
print_string("htmleditordisabled");
- } else if (!can_use_richtext_editor()) {
+ } else if (!can_use_html_editor()) {
print_string("htmleditordisabledbrowser");
} else {
print_string("htmleditoravailable");
* @return object
*/
function get_admins() {
-
- global $CFG;
+ global $DB;
$sql = "SELECT ra.userid, SUM(rc.permission) AS permission, MIN(ra.id) AS adminid
- FROM " . $CFG->prefix . "role_capabilities rc
- JOIN " . $CFG->prefix . "context ctx
- ON ctx.id=rc.contextid
- JOIN " . $CFG->prefix . "role_assignments ra
- ON ra.roleid=rc.roleid AND ra.contextid=ctx.id
- WHERE ctx.contextlevel=10
- AND rc.capability IN ('moodle/site:config',
- 'moodle/legacy:admin',
- 'moodle/site:doanything')
- GROUP BY ra.userid
+ FROM {role_capabilities} rc
+ JOIN {context} ctx ON ctx.id=rc.contextid
+ JOIN {role_assignments} ra ON ra.roleid=rc.roleid AND ra.contextid=ctx.id
+ WHERE ctx.contextlevel=10 AND rc.capability IN (?, ?, ?)
+ GROUP BY ra.userid
HAVING SUM(rc.permission) > 0";
+ $params = array('moodle/site:config', 'moodle/legacy:admin', 'moodle/site:doanything');
$sql = "SELECT u.*, ra.adminid
- FROM " . $CFG->prefix . "user u
- JOIN ($sql) ra
- ON u.id=ra.userid
- ORDER BY ra.adminid ASC";
+ FROM {user} u
+ JOIN ($sql) ra
+ ON u.id=ra.userid
+ ORDER BY ra.adminid ASC";
- return get_records_sql($sql);
+ return $DB->get_records_sql($sql, $params);
}
function get_courses_in_metacourse($metacourseid) {
- global $CFG;
+ global $DB;
- $sql = "SELECT c.id,c.shortname,c.fullname FROM {$CFG->prefix}course c, {$CFG->prefix}course_meta mc WHERE mc.parent_course = $metacourseid
- AND mc.child_course = c.id ORDER BY c.shortname";
+ $sql = "SELECT c.id, c.shortname, c.fullname
+ FROM {course} c, {course_meta} mc
+ WHERE mc.parent_course = ? AND mc.child_course = c.id
+ ORDER BY c.shortname";
+ $params = array($metacourseid);
- return get_records_sql($sql);
+ return $DB->get_records_sql($sql, $params);
}
-function get_courses_notin_metacourse($metacourseid,$count=false) {
+function get_courses_notin_metacourse($metacourseid) {
+ global $DB;
- global $CFG;
-
- if ($count) {
- $sql = "SELECT COUNT(c.id)";
+ if ($alreadycourses = get_courses_in_metacourse($metacourseid)) {
+ $alreadycourses = implode(',',array_keys($alreadycourses));
+ $alreadycourses = "AND c.id NOT IN ($alreadycourses)";
} else {
- $sql = "SELECT c.id,c.shortname,c.fullname";
+ $alreadycourses = "";
}
- $alreadycourses = get_courses_in_metacourse($metacourseid);
+ $sql = "SELECT c.id,c.shortname,c.fullname
+ FROM {course} c
+ WHERE c.id != ? and c.id != ".SITEID." and c.metacourse != 1
+ $alreadycourses
+ ORDER BY c.shortname";
+ $params = array($metacourseid);
- $sql .= " FROM {$CFG->prefix}course c WHERE ".((!empty($alreadycourses)) ? "c.id NOT IN (".implode(',',array_keys($alreadycourses)).")
- AND " : "")." c.id !=$metacourseid and c.id != ".SITEID." and c.metacourse != 1 ".((empty($count)) ? " ORDER BY c.shortname" : "");
-
- return get_records_sql($sql);
+ return $DB->get_records_sql($sql, $params);
}
function count_courses_notin_metacourse($metacourseid) {
- global $CFG;
-
- $alreadycourses = get_courses_in_metacourse($metacourseid);
-
- $sql = "SELECT COUNT(c.id) AS notin FROM {$CFG->prefix}course c
- WHERE ".((!empty($alreadycourses)) ? "c.id NOT IN (".implode(',',array_keys($alreadycourses)).")
- AND " : "")." c.id !=$metacourseid and c.id != ".SITEID." and c.metacourse != 1";
+ global $DB;
- if (!$count = get_record_sql($sql)) {
- return 0;
+ if ($alreadycourses = get_courses_in_metacourse($metacourseid)) {
+ $alreadycourses = implode(',',array_keys($alreadycourses));
+ $alreadycourses = "AND c.id NOT IN ($alreadycourses)";
+ } else {
+ $alreadycourses = "";
}
- return $count->notin;
+ $sql = "SELECT COUNT(c.id)
+ FROM {course} c
+ WHERE c.id != ? and c.id != ".SITEID." and c.metacourse != 1
+ $alreadycourses";
+ $params = array($metacourseid);
+
+ return $DB->count_records_sql($sql, $params);
}
/**
* If $coursid specifies the site course then this function searches
* through all undeleted and confirmed users
*
- * @uses $CFG
- * @uses SITEID
* @param int $courseid The course in question.
* @param int $groupid The group in question.
* @param string $searchtext ?
* @param string $sort ?
- * @param string $exceptions ?
+ * @param array $exceptions ?
* @return object
*/
-function search_users($courseid, $groupid, $searchtext, $sort='', $exceptions='') {
- global $CFG;
+function search_users($courseid, $groupid, $searchtext, $sort='', array $exceptions=null) {
+ global $DB;
$LIKE = sql_ilike();
$fullname = sql_fullname('u.firstname', 'u.lastname');
if (!empty($exceptions)) {
- $except = ' AND u.id NOT IN ('. $exceptions .') ';
+ list($exceptions, $params) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'ex0000', false);
+ $except = "AND u.id $exceptions";
} else {
- $except = '';
+ $except = "";
+ $params = array();
}
if (!empty($sort)) {
- $order = ' ORDER BY '. $sort;
+ $order = "ORDER BY $sort";
} else {
- $order = '';
+ $order = "";
}
- $select = 'u.deleted = \'0\' AND u.confirmed = \'1\'';
+ $select = "u.deleted = 0 AND u.confirmed = 1 AND ($fullname $LIKE :search1 OR u.email $LIKE :search2)";
+ $params['search1'] = "%$searchtext%";
+ $params['search2'] = "%$searchtext%";
if (!$courseid or $courseid == SITEID) {
- return get_records_sql("SELECT u.id, u.firstname, u.lastname, u.email
- FROM {$CFG->prefix}user u
- WHERE $select
- AND ($fullname $LIKE '%$searchtext%' OR u.email $LIKE '%$searchtext%')
- $except $order");
- } else {
+ $sql = "SELECT u.id, u.firstname, u.lastname, u.email
+ FROM {user} u
+ WHERE $select
+ $except
+ $order";
+ return $DB->get_records_sql($sql, $params);
+ } else {
if ($groupid) {
-//TODO:check. Remove group DB dependencies.
- return get_records_sql("SELECT u.id, u.firstname, u.lastname, u.email
- FROM {$CFG->prefix}user u,
- {$CFG->prefix}groups_members gm
- WHERE $select AND gm.groupid = '$groupid' AND gm.userid = u.id
- AND ($fullname $LIKE '%$searchtext%' OR u.email $LIKE '%$searchtext%')
- $except $order");
+ $sql = "SELECT u.id, u.firstname, u.lastname, u.email
+ FROM {user} u
+ JOIN {groups_members} gm ON gm.userid = u.id
+ WHERE $select AND gm.groupid = :groupid
+ $except
+ $order";
+ $params['groupid'] = $groupid;
+ return $DB->get_records_sql($sql, $params);
+
} else {
$context = get_context_instance(CONTEXT_COURSE, $courseid);
$contextlists = get_related_contexts_string($context);
- $users = get_records_sql("SELECT u.id, u.firstname, u.lastname, u.email
- FROM {$CFG->prefix}user u,
- {$CFG->prefix}role_assignments ra
- WHERE $select AND ra.contextid $contextlists AND ra.userid = u.id
- AND ($fullname $LIKE '%$searchtext%' OR u.email $LIKE '%$searchtext%')
- $except $order");
+
+ $sql = "SELECT u.id, u.firstname, u.lastname, u.email
+ FROM {user} u
+ JOIN {role_assignments} ra ON ra.userid = u.id
+ WHERE $select AND ra.contextid $contextlists
+ $except
+ $order";
+ return $DB->get_records_sql($sql, $params);
}
- return $users;
}
}
-
-/**
- * Returns a list of all site users
- * Obsolete, just calls get_course_users(SITEID)
- *
- * @uses SITEID
- * @deprecated Use {@link get_course_users()} instead.
- * @param string $fields A comma separated list of fields to be returned from the chosen table.
- * @return object|false {@link $USER} records or false if error.
- */
-function get_site_users($sort='u.lastaccess DESC', $fields='*', $exceptions='') {
-
- return get_course_users(SITEID, $sort, $exceptions, $fields);
-}
-
-
/**
* Returns a subset of users
*
* @param string $fields A comma separated list of fields to be returned from the chosen table.
* @return object|false|int {@link $USER} records unless get is false in which case the integer count of the records found is returned. False is returned if an error is encountered.
*/
-function get_users($get=true, $search='', $confirmed=false, $exceptions='', $sort='firstname ASC',
- $firstinitial='', $lastinitial='', $page='', $recordsperpage='', $fields='*', $extraselect='') {
-
- global $CFG;
+function get_users($get=true, $search='', $confirmed=false, array $exceptions=null, $sort='firstname ASC',
+ $firstinitial='', $lastinitial='', $page='', $recordsperpage='', $fields='*', $extraselect='', array $extraparams=null) {
+ global $DB;
if ($get && !$recordsperpage) {
debugging('Call to get_users with $get = true no $recordsperpage limit. ' .
$LIKE = sql_ilike();
$fullname = sql_fullname();
- $select = 'username <> \'guest\' AND deleted = 0';
+ $select = " username <> :guest AND deleted = 0";
+ $params = array('guest'=>'guest');
if (!empty($search)){
$search = trim($search);
- $select .= " AND ($fullname $LIKE '%$search%' OR email $LIKE '%$search%') ";
+ $select .= " AND ($fullname $LIKE :search1 OR email $LIKE :search2 OR username = :search3)";
+ $params['search1'] = "%$search%";
+ $params['search2'] = "%$search%";
+ $params['search3'] = "$search";
}
if ($confirmed) {
- $select .= ' AND confirmed = \'1\' ';
+ $select .= " AND confirmed = 1";
}
if ($exceptions) {
- $select .= ' AND id NOT IN ('. $exceptions .') ';
+ list($exceptions, $eparams) = $DB->get_in_or_equal($exceptions, SQL_PARAMS_NAMED, 'ex0000', false);
+ $params = $params + $eparams;
+ $except = " AND id $exceptions";
}
if ($firstinitial) {
- $select .= ' AND firstname '. $LIKE .' \''. $firstinitial .'%\'';
+ $select .= " AND firstname $LIKE :fni";
+ $params['fni'] = "$firstinitial%";
}
if ($lastinitial) {
- $select .= ' AND lastname '. $LIKE .' \''. $lastinitial .'%\'';
+ $select .= " AND lastname $LIKE :lni";
+ $params['lni'] = "$lastinitial%";
}
if ($extraselect) {
- $select .= " AND $extraselect ";
+ $select .= " AND $extraselect";
+ $params = $params + (array)$extraparams;
}
if ($get) {
- return get_records_select('user', $select, $sort, $fields, $page, $recordsperpage);
+ return $DB->get_records_select('user', $select, $params, $sort, $fields, $page, $recordsperpage);
} else {
- return count_records_select('user', $select);
+ return $DB->count_records_select('user', $select, $params);
}
}
*
* longdesc
*
- * @uses $CFG
* @param string $sort ?
* @param string $dir ?
* @param int $categoryid ?
*/
function get_users_listing($sort='lastaccess', $dir='ASC', $page=0, $recordsperpage=0,
- $search='', $firstinitial='', $lastinitial='', $extraselect='') {
-
- global $CFG;
+ $search='', $firstinitial='', $lastinitial='', $extraselect='', array $extraparams=null) {
+ global $DB;
$LIKE = sql_ilike();
$fullname = sql_fullname();
- $select = "deleted <> '1'";
+ $select = "deleted <> 1";
+ $params = array();
if (!empty($search)) {
$search = trim($search);
- $select .= " AND ($fullname $LIKE '%$search%' OR email $LIKE '%$search%' OR username='$search') ";
+ $select .= " AND ($fullname $LIKE :search1 OR email $LIKE :search2 OR username = :search3)";
+ $params['search1'] = "%$search%";
+ $params['search2'] = "%$search%";
+ $params['search3'] = "$search";
}
if ($firstinitial) {
- $select .= ' AND firstname '. $LIKE .' \''. $firstinitial .'%\' ';
+ $select .= " AND firstname $LIKE :fni";
+ $params['fni'] = "$firstinitial%";
}
-
if ($lastinitial) {
- $select .= ' AND lastname '. $LIKE .' \''. $lastinitial .'%\' ';
+ $select .= " AND lastname $LIKE :lni";
+ $params['lni'] = "$lastinitial%";
}
if ($extraselect) {
- $select .= " AND $extraselect ";
+ $select .= " AND $extraselect";
+ $params = $params + (array)$extraparams;
}
if ($sort) {
- $sort = ' ORDER BY '. $sort .' '. $dir;
+ $sort = " ORDER BY $sort $dir";
}
/// warning: will return UNCONFIRMED USERS
- return get_records_sql("SELECT id, username, email, firstname, lastname, city, country, lastaccess, confirmed, mnethostid
- FROM {$CFG->prefix}user
- WHERE $select $sort", $page, $recordsperpage);
+ return $DB->get_records_sql("SELECT id, username, email, firstname, lastname, city, country, lastaccess, confirmed, mnethostid
+ FROM {user}
+ WHERE $select
+ $sort", $params, $page, $recordsperpage);
}
/**
* Full list of users that have confirmed their accounts.
*
- * @uses $CFG
- * @return object
+ * @return array of unconfirmed users
*/
function get_users_confirmed() {
- global $CFG;
- return get_records_sql("SELECT *
- FROM {$CFG->prefix}user
- WHERE confirmed = 1
- AND deleted = 0
- AND username <> 'guest'");
+ global $DB;
+ return $DB->get_records_sql("SELECT *
+ FROM {user}
+ WHERE confirmed = 1 AND deleted = 0 AND username <> ?", array('guest'));
}
* @return course A {@link $COURSE} object for the site
*/
function get_site() {
-
- global $SITE;
+ global $SITE, $DB;
if (!empty($SITE->id)) { // We already have a global to use, so return that
return $SITE;
}
- if ($course = get_record('course', 'category', 0)) {
+ if ($course = $DB->get_record('course', array('category'=>0))) {
return $course;
} else {
return false;
}
}
return $visiblecourses;
-
-/*
- $teachertable = "";
- $visiblecourses = "";
- $sqland = "";
- if (!empty($categoryselect)) {
- $sqland = "AND ";
- }
- if (!empty($USER->id)) { // May need to check they are a teacher
- if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM))) {
- $visiblecourses = "$sqland ((c.visible > 0) OR t.userid = '$USER->id')";
- $teachertable = "LEFT JOIN {$CFG->prefix}user_teachers t ON t.course = c.id";
- }
- } else {
- $visiblecourses = "$sqland c.visible > 0";
- }
-
- if ($categoryselect or $visiblecourses) {
- $selectsql = "{$CFG->prefix}course c $teachertable WHERE $categoryselect $visiblecourses";
- } else {
- $selectsql = "{$CFG->prefix}course c $teachertable";
- }
-
- $extrafield = str_replace('ASC','',$sort);
- $extrafield = str_replace('DESC','',$extrafield);
- $extrafield = trim($extrafield);
- if (!empty($extrafield)) {
- $extrafield = ','.$extrafield;
- }
- return get_records_sql("SELECT ".((!empty($teachertable)) ? " DISTINCT " : "")." $fields $extrafield FROM $selectsql ".((!empty($sort)) ? "ORDER BY $sort" : ""));
- */
}
}
rs_close($rs);
return $visiblecourses;
-
-/**
-
- $categoryselect = "";
- if ($categoryid != "all" && is_numeric($categoryid)) {
- $categoryselect = "c.category = '$categoryid'";
- }
-
- $teachertable = "";
- $visiblecourses = "";
- $sqland = "";
- if (!empty($categoryselect)) {
- $sqland = "AND ";
- }
- if (!empty($USER) and !empty($USER->id)) { // May need to check they are a teacher
- if (!has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM))) {
- $visiblecourses = "$sqland ((c.visible > 0) OR t.userid = '$USER->id')";
- $teachertable = "LEFT JOIN {$CFG->prefix}user_teachers t ON t.course=c.id";
- }
- } else {
- $visiblecourses = "$sqland c.visible > 0";
- }
-
- if ($limitfrom !== "") {
- $limit = sql_paging_limit($limitfrom, $limitnum);
- } else {
- $limit = "";
- }
-
- $selectsql = "{$CFG->prefix}course c $teachertable WHERE $categoryselect $visiblecourses";
-
- $totalcount = count_records_sql("SELECT COUNT(DISTINCT c.id) FROM $selectsql");
-
- return get_records_sql("SELECT $fields FROM $selectsql ".((!empty($sort)) ? "ORDER BY $sort" : "")." $limit");
- */
}
-/*
+/**
* Retrieve course records with the course managers and other related records
* that we need for print_course(). This allows print_courses() to do its job
* in a constant number of DB queries, regardless of the number of courses,
echo '<pre class="notifytiny">' . htmlspecialchars(print_r($object,true)) . '</pre>';
}
-/*
+/**
* Check whether a course is visible through its parents
* path.
*
}
/**
- * get the list of categories the current user can create courses in
+ * Get the list of categories the current user can create courses in
* @return array
*/
function get_creatable_categories() {
return $creatablecats;
}
-// vim:autoindent:expandtab:shiftwidth=4:tabstop=4:tw=140:
?>
$group = optional_param('group',0,PARAM_INT); // change of group
$edit = optional_param('edit',-1,PARAM_BOOL); // Turn editing on and off
- if (! $forum = get_record("forum", "id", $id)) {
+ if (! $forum = $DB->get_record("forum", array("id"=>$id))) {
print_error("Forum ID is incorrect");
}
- if (! $course = get_record("course", "id", $forum->course)) {
+ if (! $course = $DB->get_record("course", array("id"=>$forum->course))) {
print_error("Could not find this course!");
}
add_to_log($course->id, "forum", "view subscribers", "subscribers.php?id=$forum->id", $forum->id, $cm->id);
- $strsubscribeall = get_string("subscribeall", "forum");
+ $strsubscribeall = get_string("subscribeall", "forum");
$strsubscribenone = get_string("subscribenone", "forum");
- $strsubscribers = get_string("subscribers", "forum");
- $strforums = get_string("forums", "forum");
+ $strsubscribers = get_string("subscribers", "forum");
+ $strforums = get_string("forums", "forum");
$navigation = build_navigation($strsubscribers, $cm);
}
$subscriberlist = implode(',', $subscriberarray);
- unset($subscriberarray);
-
/// Get search results excluding any users already subscribed
if (!empty($frm->searchtext) and $previoussearch) {
- $searchusers = search_users($course->id, $currentgroup, $frm->searchtext, 'firstname ASC, lastname ASC', $subscriberlist);
+ $searchusers = search_users($course->id, $currentgroup, $frm->searchtext, 'firstname ASC, lastname ASC', $subscriberarray);
}
/// If no search results then get potential subscribers for this forum excluding users already subscribed
if (empty($searchusers)) {
- if ($currentgroup) {
- $users = get_group_users($currentgroup, 'firstname ASC, lastname ASC', $subscriberlist);
- } else {
- $users = get_course_users($course->id, 'firstname ASC, lastname ASC', $subscriberlist);
- }
- if (!$users) {
- $users = array();
- }
-
+ $users = get_users_by_capability($context, 'moodle/course:view', '', 'firstname ASC, lastname ASC', '','',$currentgroup,$subscriberlist, false);
}
-
$searchtext = (isset($frm->searchtext)) ? $frm->searchtext : "";
$previoussearch = ($previoussearch) ? '1' : '0';
/**
* Returns the condition to be used with SQL where
* @param array $data filter settings
- * @return string the filtering condition or null if the filter is disabled
+ * @return array sql string and $params
*/
function get_sql_filter($data) {
global $CFG;
- $value = addslashes($data['value']);
- $roleid = $data['roleid'];
- $categoryid = $data['categoryid'];
+ static $counter = 0;
+ $name = 'ex_courserole'.$counter++;
+
+ $value = $data['value'];
+ $roleid = (int)$data['roleid'];
+ $categoryid = (int)$data['categoryid'];
+
+ $params = array();
if (empty($value) and empty($roleid) and empty($categoryid)) {
- return '';
+ return array('', $params);
}
$timenow = round(time(), 100); // rounding - enable sql caching
$where .= " AND c.category=$categoryid";
}
if ($value) {
- $where .= " AND c.shortname ".sql_ilike()." '$value'";
+ $where .= " AND c.shortname ".sql_ilike()." :$name";
+ $params[$name] = $value;
}
- return "id IN (SELECT userid
- FROM {$CFG->prefix}role_assignments a
- INNER JOIN {$CFG->prefix}context b ON a.contextid=b.id
- INNER JOIN {$CFG->prefix}course c ON b.instanceid=c.id
- WHERE $where)";
+ return array("id IN (SELECT userid
+ FROM {role_assignments} a
+ INNER JOIN {context} b ON a.contextid=b.id
+ INNER JOIN {course} c ON b.instanceid=c.id
+ WHERE $where)", $params);
}
/**
/**
* Returns the condition to be used with SQL where
* @param array $data filter settings
- * @return string the filtering condition or null if the filter is disabled
+ * @return array sql string and $params
*/
function get_sql_filter($data) {
- $after = $data['after'];
- $before = $data['before'];
+ $after = (int)$data['after'];
+ $before = (int)$data['before'];
$field = $this->_field;
if (empty($after) and empty($before)) {
- return '';
+ return array('', array());
}
$res = "$field > 0" ;
if ($before) {
$res .= " AND $field <= $before";
}
- return $res;
+ return array($res, array());
}
/**
/**
* Returns the condition to be used with SQL where
* @param array $data filter settings
- * @return string the filtering condition or null if the filter is disabled
+ * @return array sql string and $params
*/
function get_sql_filter($data) {
global $CFG;
- $value = $data['value'];
+ $value = (int)$data['value'];
$timenow = round(time(), 100);
- return "id IN (SELECT userid
+ $sql = "id IN (SELECT userid
FROM {$CFG->prefix}role_assignments a
WHERE a.contextid=".SYSCONTEXTID." AND a.roleid=$value AND a.timestart<$timenow
AND (a.timeend=0 OR a.timeend>$timenow))";
+ return array($sql, array());
}
/**
/**
* Returns sql where statement based on active user filters
* @param string $extra sql
- * @return string
+ * @param array named params (recommended prefix ex)
+ * @return array sql string and $params
*/
- function get_sql_filter($extra='') {
+ function get_sql_filter($extra='', array $params=null) {
global $SESSION;
$sqls = array();
if ($extra != '') {
$sqls[] = $extra;
}
+ $params = (array)$params;
if (!empty($SESSION->user_filtering)) {
foreach ($SESSION->user_filtering as $fname=>$datas) {
}
$field = $this->_fields[$fname];
foreach($datas as $i=>$data) {
- $sqls[] = $field->get_sql_filter($data);
+ list($s, $p) = $field->get_sql_filter($data);
+ $sqls[] = $s;
+ $params = $params + $p;
}
}
}
if (empty($sqls)) {
- return '';
+ return array('', array());
} else {
- return implode(' AND ', $sqls);
+ $sqls = implode(' AND ', $sqls);
+ return array($sqls, $params);
}
}
/**
* Returns the condition to be used with SQL where
* @param array $data filter settings
- * @return string the filtering condition or null if the filter is disabled
+ * @return array sql string and $params
*/
function get_sql_filter($data) {
global $CFG;
+ static $counter = 0;
+ $name = 'ex_profilefield'.$counter++;
$profile_fields = $this->get_profile_fields();
if (empty($profile_fields)) {
$profile = $data['profile'];
$operator = $data['operator'];
- $value = addslashes($data['value']);
+ $value = $data['value'];
+ $params = array();
if (!array_key_exists($profile, $profile_fields)) {
- return '';
+ return array('', array());
}
$where = "";
switch($operator) {
case 0: // contains
- $where = "data $ilike '%$value%'"; break;
+ $where = "data $ilike :$name";
+ $params[$name] = "%$value%";
+ break;
case 1: // does not contain
- $where = "data NOT $ilike '%$value%'"; break;
+ $where = "data NOT $ilike :$name";
+ $params[$name] = "%$value%";
+ break;
case 2: // equal to
- $where = "data $ilike '$value'"; break;
+ $where = "data $ilike :$name";
+ $params[$name] = "$value";
+ break;
case 3: // starts with
- $where = "data $ilike '$value%'"; break;
+ $where = "data $ilike :$name";
+ $params[$name] = "$value%";
+ break;
case 4: // ends with
- $where = "data $ilike '%$value'"; break;
+ $where = "data $ilike :$name";
+ $params[$name] = "%$value";
+ break;
case 5: // empty
- $where = "data=''"; break;
+ $where = "data=:$name";
+ $params[$name] = "";
+ break;
case 6: // is not defined
$op = " NOT IN "; break;
case 7: // is defined
if ($where !== '') {
$where = "WHERE $where";
}
- return "id $op (SELECT userid FROM {$CFG->prefix}user_info_data $where)";
+ return array("id $op (SELECT userid FROM {user_info_data} $where)", $params);
}
/**
/**
* Returns the condition to be used with SQL where
* @param array $data filter settings
- * @return string the filtering condition or null if the filter is disabled
+ * @return array sql string and $params
*/
function get_sql_filter($data) {
+ static $counter = 0;
+ $name = 'ex_select'.$counter++;
+
$operator = $data['operator'];
- $value = addslashes($data['value']);
+ $value = $data['value'];
$field = $this->_field;
+ $params = array();
+
switch($operator) {
case 1: // equal to
- $res = "='$value'"; break;
+ $res = "=:$name";
+ $params[$name] = $value;
+ break;
case 2: // not equal to
- $res = "<>'$value'"; break;
+ $res = "<>:$name";
+ $params[$name] = $value;
+ break;
default:
- return '';
+ return array('', array());
}
- return $field.$res;
+ return array($field.$res, $params);
}
/**
/**
* Returns the condition to be used with SQL where
* @param array $data filter settings
- * @return string the filtering condition or null if the filter is disabled
+ * @return array sql string and $params
*/
function get_sql_filter($data) {
- $value = addslashes($data['value']);
+ static $counter = 0;
+ $name = 'ex_simpleselect'.$counter++;
+
+ $value = $data['value'];
+ $params = array();
$field = $this->_field;
if ($value == '') {
return '';
}
- return "$field='$value'";
+ return array("$field=:$name", array($name=>$value));
}
/**
/**
* Returns the condition to be used with SQL where
* @param array $data filter settings
- * @return string the filtering condition or null if the filter is disabled
+ * @return array sql string and $params
*/
function get_sql_filter($data) {
+ static $counter = 0;
+ $name = 'ex_text'.$counter++;
+
$operator = $data['operator'];
- $value = addslashes($data['value']);
+ $value = $data['value'];
$field = $this->_field;
+ $params = array();
+
if ($operator != 5 and $value === '') {
return '';
}
switch($operator) {
case 0: // contains
- $res = "$ilike '%$value%'"; break;
+ $res = "$ilike :$name";
+ $params[$name] = "%$value%";
+ break;
case 1: // does not contain
- $res = "NOT $ilike '%$value%'"; break;
+ $res = "NOT $ilike :$name";
+ $params[$name] = "%$value%";
+ break;
case 2: // equal to
- $res = "$ilike '$value'"; break;
+ $res = "$ilike :$name";
+ $params[$name] = "$value";
+ break;
case 3: // starts with
- $res = "$ilike '$value%'"; break;
+ $res = "$ilike :$name";
+ $params[$name] = "$value%";
+ break;
case 4: // ends with
- $res = "$ilike '%$value'"; break;
+ $res = "$ilike :$name";
+ $params[$name] = "%$value";
+ break;
case 5: // empty
- $res = "=''"; break;
+ $res = "=:$name";
+ $params[$name] = "";
+ break;
default:
return '';
}
- return $field.' '.$res;
+ return array($field.' '.$res, $params);
}
/**
projects / moodle.git / commitdiff