Incubating: Kopere Dashboard
Eduardo Kraus
Users online
This is the feature I've always wanted to develop and did it on Kopere Dashboard. It shows the users online in real time, which page they are accessing, whether the focus is on the page or not, the size of the Monitor, which browser they are using and if they are accessing a smartphone and which model of it.
All this in real time.
Click here and see more about Online Users
Import Users
A simple and complete system for importing users.
It is not necessary to send with fixed columns and after import it is just to link columns of the CSV with columns of Moodle.
Performace
Benchmark is the act of performing a set of operations in order to evaluate the relative performance of an object, usually running a series of tests and tests on it.
This part is an enhancement to the report_benchmark
Click here and see more about Performace
Static pages
Static pages are pages that you can create for a wide range of purposes. You can, for example, create a FAQ with the main information for the students or for those who access your moodle not being a student.
Click here and see more about static pages
Backup
System that generates complete bank backup and MoodleData in moodle easily and quickly.
Reports
Lots of useful reports.
Next versions will be developed system to be able to create new reports.
Useful links
Screenshots
Thanks for sharing this with us - it looks very interesting.
I've just a very quick look at this and noticed this line in the first file I opened:
https://github.com/EduardoKrausME/moodle-local-kopere_dashboard/blob/master/index.php#L33
$menu and $text vars are not validated well - and this might present a security issue which could allow an unauthenticated user to access any file on the server.
for example - what would happen if the $menu var contained something like '/../../../config.php/' - I'm pretty sure we could break the inclusion of the '.html' on the end somehow too.
Some of the validation checks run in the moodle.org plugins db can also be run automatically on github using the travis-ci integration.
More information on this is here:
https://moodle.org/mod/forum/discuss.php?d=323384
this will pick up a number of other things that we would normally notice in the review process.
Integrating with travis is optional and will not block approval in the plugins db, but it does make the review process a bit easier and usually provides a good way to ensure future compliance with coding guidelines etc.
Thanks for your patience with the plugin review process - there are quite a few other plugins in the queue currently waiting for review before yours but hopefully this will give you some initial feedback you can work on.
that's slightly better but quite hard to read and review your code to ensure it is safe - it would be better if you could do the cleaning in your optional_param call just above - swapping out PARAM_TEXT for PARAM_ALPHA or another supported PARAM type that doesn't allow directory traversals. (The more restrictive you can be the better - so if PARAM_ALPHA is all you need it's best to use that.)
I see you haven't looked at adding the travis checks yet - there are a number of other areas of your code that do not comply with our coding guidelines and will result in a failed review - many of these failures would be picked up by the local_codechecker plugin - or the travis integration checks.
for example - direct access to $_GET/$_POST is not allowed - you should be using optional/required_param functions with appropriate cleaning.
There still seems to be a lot of other places in your code where you take unvalidated data and pass it straight to file handling functions - here's another example:
https://github.com/EduardoKrausME/moodle-local-kopere_dashboard/blob/a6196d9cf3bd4df5034edf72ba01d32c00a0ef7a/assets/tinymce/filemanager/ajax_calls.php#L73
I would recommend that you also review this doc:
https://docs.moodle.org/dev/Security#Summary_of_the_guidelines
many of your files are missing login/capability checks allowing anonymous users to perform tasks they should not be able to - combine that with your use of file handling functions this results in some very significant security vulnerabilities for anyone with your code installed on their site.
For now we will flag this plugin as requiring more work - please use either the local_codechecker plugin or the travis integration to improve the quality of your code before we review this plugin again.
Hopefully you will be able to spend some time fixing the quality of this plugin up - it looks really interesting and I'm sure some people would like to use it - thanks!
https://github.com/EduardoKrausME/moodle-local-kopere_dashboard/blob/master/classes/Settings.php#L33-L34
Will leaving the code like this prevent the plugin from being approved in the plugins db? - it's not the worst of your existing code but it would really be nice to see better compliance with our standards.
I've given you some general feedback that covers a number of areas you should improve - please spend some time doing this rather than asking individual questions here. If you need help with development/general Moodle code, feel free to ask for help in the community forums.
Eduardo, please let me encourage you to follow the Moodle coding style as much as possible, even if it does not fit your personal style fully. There are good reasons for why we call for it. It helps to keep the Moodle code base in a reasonable consistent style, allowing other community members to review the code, spot potentially weak places and suggests improvements more easily.
In this particular case, there are no good reasons why you should blindly trust the incoming input, consider it as a plain text (with the support for multilang syntax) and store it in the database. It only makes the whole thing fuzzy and unreliable in general. You know what parameters are allowed, whether they are optional or required and what type they are.
Download and install it at moodle_path/local
I installed this plugin on our moodle 3.3.1. When downloading the reports, the downloaded files do not show the user name in any of the downloaded files. Also when downloaded "Progress with completion percentage", the file has the enrollment date displayed as deciphered numbers and shows empty data instead of %100 percent for those who completed all activities in the course. The users names are missing as well in this report. All reports are downloaded as xls instead of xlsx.
Is this how the plugin works? Or do I need to change my site configuration?
Can you please advice?
Em minha instalação o plugin sempre mostra "1/1" na caixa "Online/Última hora", mesmo eu tendo usuários acessando o ambiente.
Faltou ajustar algum parâmetro na configuração?
Ricardo
Obrigado pela sua contribuição com este plugin mágico e útil para o moodle.
Eu o instalei e tudo funciona bem, exceto quando tento gerar cartões de relatório em andamento. Ele permanece suspenso e esta é a mensagem de erro que vejo no console ao inspecionar:
...local/kopere_dashboard/node/app-v2.js 404 (Not Found)
...local/kopere_dashboard/node/socket.io.js 404 (Not Found)
Alguma solução?
Obrigado pelo seu tempo e saudações