## Incubating: sna sunyu

mod_sna
Maintained by Yu Sun
Social Network Analysis Tool can show the sociogram,density,outdegree,indegree,point centrality of the forum.
5
2
4

Social Network Analysis Tool can show the sociogram,density,outdegree,indegree,point centrality of the forum.

===REMARKS===
The implementation of this plugin is in its early stage and it may have problems when it is installed in your Moodle. It was tested in Moodle 2.5
And you must change the max_execution_time in the php.ini.The default number is 30,please change it to 10000 or more.

### Contributors

• Tue, Jul 1, 2014, 8:52 PM
Hi Yu. Thanks for sharing this plugin with the Moodle community.

Let me suggest to check the $plugin->release value for future versions of the plugin as it seems to contain a typo. Please avoid using the closing PHP tags in your files. They are known to cause troubles when plain HTTP headers are supposed to be sent (such as when redirecting the browser). The db/upgrade.php still uses the modify_database() call and the syntax will work on MySQL only. This function was deprecated in Moodle 1.7 (MDL-5919) already. Let me suggest to either drop support for upgrades from 1.x or rewrite that part to use the XMLDB. Also, there is no point of including other db/ files (such as install.php) if they are not performing any real action. I noticed that you create functions in the global PHP scope without the valid frankenstyle prefix (your snalib.php is included from lib.php which is in turn included at almost every page request, for example). This is strongly discouraged in order to prevent collisions with (current and/or future) core code or some other plugin. See http://docs.moodle.org/dev/Coding_style#Functions_and_Methods for details. You might want to encapsulate the snalib functions into methods of a class to prevent these issues. Or make sure they all have sna_ prefix. You should put them into locallib.php in either case and include it from your scripts only when needed to avoid unnecessary load. The direct access to superglobals like$_GET or $_POST is stronly discouraged in Moodle code as it represents potential security risks. Your code is currently vulnerable against SQL injection as you perform no parameters validation prior to passing$_POST data
into the query. Our policy does not allow to approve plugins with known security issues like this. Also, your code is currently
written so that it relies on mysql functions without using the DML API that Moodle provides. That's not allowed without a really
good reason.

It is encouraged to follow Moodle’s coding style as outlined in: http://docs.moodle.org/dev/Coding_style and
http://docs.moodle.org/dev/Coding The code checker plugin can be quite helpful in fine tuning your code and can be found at:
https://moodle.org/plugins/view.php?plugin=local_codechecker You may wish to consider using that tool to further improve your
plugin.

For now, I am going to mark this plugin as needing more work until we get these issues resolved. Thanks for your patience with the
review and approval process.
• Thu, Jul 3, 2014, 9:00 PM

Using print_r() is not what we use in Moodle for outputting strings. Also, there are quite a few hard-coded English strings in the
code that will make it impossible to localise your module. Let me kindly suggest to convert all the UI texts into proper English
strings displayed via get_string().

Have you actually tried to use your plugin with DEBUG_DEVELOPER on? You would see quite a few notices here and there that would give
you a good hint on code to be fixed.

You code produces invalid chart image URL such as /mod/sna/chart3.php?id=2&&type=2&&sid=2 so it does not really work well.

I'm sorry, I have to mark this as needing more work yet.
• Mon, Jul 7, 2014, 10:10 PM
Oh sorry, I did not notice all those mysql_* functions used in your code until now. Plugins are required to use the DML API (provided via the global $DB object). The snalib.php should really be updated. I am sorry for sending the plugin back for more fixes, but we really want to avoid upset users that are using other database systems. When converting your queries, please keep in mind the way how parameters are supposed to be passed to them. Expanding variables directly as in "SELECT * from$data_name where id=$id" has security related consequences and should be considered as stronly discouraged, if not prohibited. As already noted above, the closing ?> PHP tag at the end of file is discouraged as it does not have any benefit and may cause troubles. • Wed, Jul 9, 2014, 8:15 PM Thanks Yu for fixing the mysql issues promptly. Nice to see you are responding that well. We are definitely getting somewhere, but we're not there yet. I am still having troubles with getting your module work. Your code still generates wrong chart image URL as I commented above (having double && in it). The pChart library inclusion like include("/pChart/class/pData.class.php"); is apparently wrong as it relies on it being available in the root directory of the server. There should be __DIR__ or dirname() be involved, or maybe better$CFG->dirroot.'/mod/sna/'

The pChart library throws quite a lot of PHP notices which breaks the binary image data it produces (e.g. Notice: Undefined index: Type in .../mod/sna/pChart/class/pSpring.class.php on line 335). Are you sure you have debugging set to DEBUG_DEVELOPER when testing this module?

I will appreciate if you pay more attention to all these things as we want to avoid unhappy users who have certain expectations on the functionality of the plugins we publish here. Thanks for understanding. It might help if you promote your plugin in a separate channel first (such as announcing it at General plugins forum) to gather feedback from the community.