File: group.php

package info (click to toggle)
moodle 1.6.3-2%2Betch3
  • links: PTS
  • area: main
  • in suites: etch
  • size: 37,172 kB
  • ctags: 51,688
  • sloc: php: 231,916; sql: 5,631; xml: 2,688; sh: 1,185; perl: 638; makefile: 48; pascal: 36
file content (81 lines) | stat: -rw-r--r-- 2,570 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
<?php // $Id: group.php,v 1.26 2006/04/14 08:02:32 skodak Exp $

/// Shows current group, and allows editing of the group 
/// icon and other settings related to that group

/// This script appears within a popup window

    require_once('../config.php');
    require_once('lib.php');

    $id    = required_param('id', PARAM_INT);          // Course id
    $group = optional_param('group', 0, PARAM_INT);    // Optionally look at other groups

    if (! $course = get_record('course', 'id', $id) ) {
        error("That's an invalid course id");
    }

    require_login($course->id);

    if (!isteacheredit($course->id)) {
        close_window();
    }

    if (! $group = get_record("groups", "id", $group, "courseid", $course->id)) {
        notice('Specified group could not be found!', "#");
        close_window_button();
    }


/// Print the headers of the page

    print_header(get_string('groupinfoedit').' : '.$group->name);


/// If data submitted, then process and store.

    if ($form = data_submitted() and confirm_sesskey()) { 

        if (empty($form->name)) {
            $err['name'] = get_string("missingname");

        } else {
            require_once($CFG->dirroot.'/lib/uploadlib.php');

            $um = new upload_manager('imagefile',false,false,null,false,0,true,true);
            if ($um->preprocess_files()) {
                require_once("$CFG->libdir/gdlib.php");
                
                if (save_profile_image($group->id, $um, 'groups')) {
                    $group->picture = 1;
                } 
            }

            // Setting a new object in order to avoid updating other columns for the record,
            // which could lead to SQL injection vulnerabilities.

            // Be VERY sure to sanitize all parameters that go into $dataobj!

            $dataobj = new stdClass;
            $dataobj->id          = $group->id;
            $dataobj->name        = clean_text($form->name);
            $dataobj->description = clean_text($form->description);
            $dataobj->hidepicture = empty($form->hidepicture) ? 0 : 1;
            $dataobj->password    = required_param('password', PARAM_ALPHANUM);
            $dataobj->picture = $group->picture;
            if (!update_record('groups', $dataobj)) {
                notify("A strange error occurred while trying to save");
            } else {
                notify(get_string('changessaved'));
            }
            close_window(3);
        }
    }


    $usehtmleditor = false;

    include('group-edit.html');

    echo "</body></html>";
?>