Permalink
Browse files

MDL-23532 enrol - fixed up SQL indenting and added missing sesskey ca…

…lls that were removed after refactoring
  • Loading branch information...
1 parent d4c98cf commit 884faffda328e397c0950a0031650e846355462b Sam Hemelryk committed Apr 18, 2011
View
8 enrol/cohort/locallib.php
@@ -219,13 +219,13 @@ function enrol_cohort_enrol_all_users(course_enrolment_manager $manager, $cohort
return false;
}
$sql = "SELECT com.userid
- FROM {cohort_members} com
- LEFT JOIN (
+ FROM {cohort_members} com
+ LEFT JOIN (
SELECT *
FROM {user_enrolments} ue
WHERE ue.enrolid = :enrolid
- ) ue ON ue.userid=com.userid
- WHERE com.cohortid = :cohortid AND ue.id IS NULL";
+ ) ue ON ue.userid=com.userid
+ WHERE com.cohortid = :cohortid AND ue.id IS NULL";
$params = array('cohortid' => $cohortid, 'enrolid' => $instance->id);
$rs = $DB->get_recordset_sql($sql, $params);
$count = 0;
View
46 enrol/locallib.php
@@ -160,18 +160,17 @@ public function get_total_other_users() {
list($ctxcondition, $params) = $DB->get_in_or_equal(get_parent_contexts($this->context, true), SQL_PARAMS_NAMED, 'ctx');
$params['courseid'] = $this->course->id;
$sql = "SELECT COUNT(DISTINCT u.id)
- FROM {role_assignments} ra
- JOIN {user} u ON u.id = ra.userid
- JOIN {context} ctx ON ra.contextid = ctx.id
- LEFT JOIN (
- SELECT ue.id, ue.userid
- FROM {user_enrolments} ue
+ FROM {role_assignments} ra
+ JOIN {user} u ON u.id = ra.userid
+ JOIN {context} ctx ON ra.contextid = ctx.id
+ LEFT JOIN (
+ SELECT ue.id, ue.userid
+ FROM {user_enrolments} ue
LEFT JOIN {enrol} e ON e.id=ue.enrolid
- WHERE e.courseid = :courseid
- ) ue ON ue.userid=u.id
- WHERE
- ctx.id $ctxcondition AND
- ue.id IS NULL";
+ WHERE e.courseid = :courseid
+ ) ue ON ue.userid=u.id
+ WHERE ctx.id $ctxcondition AND
+ ue.id IS NULL";
$this->totalotherusers = (int)$DB->count_records_sql($sql, $params);
}
return $this->totalotherusers;
@@ -245,17 +244,16 @@ public function get_other_users($sort, $direction='ASC', $page=0, $perpage=25) {
FROM {role_assignments} ra
JOIN {user} u ON u.id = ra.userid
JOIN {context} ctx ON ra.contextid = ctx.id
- LEFT JOIN (
- SELECT ue.id, ue.userid, ul.timeaccess AS lastseen
- FROM {user_enrolments} ue
- LEFT JOIN {enrol} e ON e.id=ue.enrolid
- LEFT JOIN {user_lastaccess} ul ON (ul.courseid = e.courseid AND ul.userid = ue.userid)
+ LEFT JOIN (
+ SELECT ue.id, ue.userid, ul.timeaccess AS lastseen
+ FROM {user_enrolments} ue
+ LEFT JOIN {enrol} e ON e.id=ue.enrolid
+ LEFT JOIN {user_lastaccess} ul ON (ul.courseid = e.courseid AND ul.userid = ue.userid)
WHERE e.courseid = :courseid
- ) ue ON ue.userid=u.id
- WHERE
- ctx.id $ctxcondition AND
- ue.id IS NULL
- ORDER BY u.$sort $direction, ctx.depth DESC";
+ ) ue ON ue.userid=u.id
+ WHERE ctx.id $ctxcondition AND
+ ue.id IS NULL
+ ORDER BY u.$sort $direction, ctx.depth DESC";
$this->otherusers[$key] = $DB->get_records_sql($sql, $params, $page*$perpage, $perpage);
}
return $this->otherusers[$key];
@@ -351,11 +349,11 @@ public function search_other_users($search='', $searchanywhere=false, $page=0, $
$countfields = 'SELECT COUNT(u.id)';
$sql = " FROM {user} u
WHERE $wherecondition
- AND u.id NOT IN (
+ AND u.id NOT IN (
SELECT u.id
FROM {role_assignments} r, {user} u
- WHERE r.contextid = :contextid
- AND u.id = r.userid)";
+ WHERE r.contextid = :contextid AND
+ u.id = r.userid)";
$order = ' ORDER BY lastname ASC, firstname ASC';
$params['contextid'] = $this->context->id;
View
11 enrol/manual/editenrolment.php
@@ -84,9 +84,16 @@
$mform = new enrol_manual_user_enrolment_form($url, array('user'=>$user, 'course'=>$course, 'ue'=>$ue));
$mform->set_data($PAGE->url->params());
-$data = $mform->get_data();
-if ($mform->is_cancelled() || ($data && $manager->edit_enrolment($ue, $data))) {
+
+// Check the form hasn't been cancelled
+if ($mform->is_cancelled()) {
redirect($returnurl);
+} else if ($mform->is_submitted() && $mform->is_validated() && confirm_sesskey()) {
+ // The forms been submit, validated and the sesskey has been checked ... edit the enrolment.
+ $data = $mform->get_data();
+ if ($manager->edit_enrolment($ue, $data)) {
+ redirect($returnurl);
+ }
}
$fullname = fullname($user);
View
10 enrol/manual/locallib.php
@@ -53,11 +53,11 @@ public function find_users($search) {
$countfields = 'SELECT COUNT(1)';
$sql = " FROM {user} u
- WHERE $wherecondition
- AND u.id NOT IN (SELECT ue.userid
- FROM {user_enrolments} ue
- JOIN {enrol} e ON (e.id = ue.enrolid AND e.id = :enrolid))";
-
+ WHERE $wherecondition AND
+ u.id NOT IN (
+ SELECT ue.userid
+ FROM {user_enrolments} ue
+ JOIN {enrol} e ON (e.id = ue.enrolid AND e.id = :enrolid))";
$order = ' ORDER BY u.lastname ASC, u.firstname ASC';
if (!$this->is_validating()) {
View
3 enrol/manual/unenroluser.php
@@ -75,7 +75,8 @@
print_error('erroreditenrolment', 'enrol');
}
-if ($confirm && $manager->unenrol_user($ue)) {
+// If the unenrolment has been confirmed and the sesskey is valid unenrol the user.
+if ($confirm && confirm_sesskey() && $manager->unenrol_user($ue)) {
redirect($returnurl);
}
View
12 enrol/self/editenrolment.php
@@ -87,10 +87,16 @@
// Get the self enrolment edit form
$mform = new enrol_self_user_enrolment_form($url, array('user'=>$user, 'course'=>$course, 'ue'=>$ue));
$mform->set_data($PAGE->url->params());
-$data = $mform->get_data();
-// Process the form and edit the enrolment if required.
-if ($mform->is_cancelled() || ($data && $manager->edit_enrolment($ue, $data))) {
+
+// Check the form hasn't been cancelled
+if ($mform->is_cancelled()) {
redirect($returnurl);
+} else if ($mform->is_submitted() && $mform->is_validated() && confirm_sesskey()) {
+ // The forms been submit, validated and the sesskey has been checked ... edit the enrolment.
+ $data = $mform->get_data();
+ if ($manager->edit_enrolment($ue, $data)) {
+ redirect($returnurl);
+ }
}
$fullname = fullname($user);
View
3 enrol/self/unenroluser.php
@@ -80,7 +80,8 @@
print_error('erroreditenrolment', 'enrol');
}
-if ($confirm && $manager->unenrol_user($ue)) {
+// If the unenrolment has been confirmed and the sesskey is valid unenrol the user.
+if ($confirm && confirm_sesskey() && $manager->unenrol_user($ue)) {
redirect($returnurl);
}

0 comments on commit 884faff

Please sign in to comment.