Issues in edit.php (master) - Issues in master - XoopsModules25x/efqdirectory - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1149)

edit.php (2 issues)

Labels

Severity

Minor 2

<?php
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright    {@link https://xoops.org/ XOOPS Project}
 * @license      {@link http://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
 * @package      efqdirectory
 * @since
 * @author       Martijn Hertog (aka wtravel)
 * @author       XOOPS Development Team,
 */

include __DIR__ . '/header.php';
$myts = MyTextSanitizer::getInstance(); // MyTextSanitizer object
require_once XOOPS_ROOT_PATH . '/class/xoopstree.php';
require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
require_once XOOPS_ROOT_PATH . '/include/xoopscodes.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
require_once __DIR__ . '/class/class.datafieldmanager.php';
require_once __DIR__ . '/class/class.formimage.php';
require_once __DIR__ . '/class/class.formdate.php';
require_once __DIR__ . '/class/class.image.php';
require_once __DIR__ . '/class/class.efqtree.php';
require_once __DIR__ . '/class/class.listing.php';

// Get module directory name;
$moddir = $xoopsModule->getVar('dirname');
// Prepare two tree classes;
$mytree            = new XoopsTree($xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat'), 'cid', 'pid');
$efqtree           = new efqTree($xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat'), 'cid', 'pid');
$efqListing        = new efqListing();
$efqListingHandler = new efqListingHandler();

$eh               = new ErrorHandler; //ErrorHandler object
$datafieldmanager = new efqDataFieldManager();

// If the user is not logged in and anonymous postings are
// not allowed, redirect and exit.
if (empty($xoopsUser) and !$xoopsModuleConfig['anonpost']) {
    redirect_header(XOOPS_URL . '/user.php', 2, _MD_MUSTREGFIRST);
    exit();
}

// Check if user has adminrights or not;
if ($xoopsUser && $xoopsUser->isAdmin($xoopsModule->mid())) {
    $isadmin = true;
} else {
    $isadmin = false;
}

// Get the user ID;
$userid = $xoopsUser->getVar('uid');

// If submit data was posted;
if (!empty($_POST['submit'])) {
    if (!empty($_POST['itemid'])) {
        $post_itemid = (int)$_POST['itemid'];
    } else {
        redirect_header('index.php', 2, _MD_NOVALIDITEM_IDMISSING);
        exit();
    }
    if (isset($_POST['op'])) {
        $op = $_POST['op'];
    } else {
        $op = '';
    }
    // If option is "submitforapproval" then submit and redirect;
    if ($op === 'submitforapproval') {
        if ($efqListingHandler->updateStatus($post_itemid, '1')) {
            redirect_header('index.php', 2, _MD_SUBMITTED_PUBLICATION);
        } else {
            redirect_header('index.php', 2, _MD_ERROR_NOT_SAVED);
        }
        exit();
    }
    if (!empty($_POST['dirid'])) {
        $post_dirid = (int)$_POST['dirid'];
    } else {
        $post_dirid = 0;
    }
    if (isset($_POST['itemtitle'])) {
        $p_title     = $myts->makeTboxData4Save($_POST['itemtitle']);
        $p_ini_title = $myts->makeTboxData4Save($_POST['ini_itemtitle']);
        // Start uploading up file;
        require_once XOOPS_ROOT_PATH . '/class/uploader.php';
        $uploader = new XoopsMediaUploader(XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads', array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png', 'image/jpg'), 300000, 250, 250);
        $uploader->setPrefix('logo');
        $err    = array();
        $ucount = count($_POST['xoops_upload_file']);
        for ($i = 0; $i < $ucount; ++$i) {
            if ($_POST['xoops_upload_file'][$i] !== '') {
                $medianame = $_POST['xoops_upload_file'][$i];
                if ($uploader->fetchMedia($_POST['xoops_upload_file'][$i])) {
                    if (!$uploader->upload()) {
                        $err[] = $uploader->getErrors();
                    } else {
                        $savedfilename = $uploader->getSavedFileName();
                        $ticket        = uniqid(mt_rand(), 1);
                        //Rename the uploaded file to the same name in a different location that does not have 777 rights or 755.
                        rename('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '', '' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/uploads/' . $savedfilename . '');
                        //Delete the uploaded file from the initial upload folder if it is still present in that folder.
                        if (file_exists('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '')) {
                            unlink('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '');
                        }
                    }
                    if ($p_title != $p_ini_title) {
                        $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET logourl = '" . $savedfilename . '\' WHERE itemid = \'' . $post_itemid . '\'';
                    } else {
                        $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET title = '" . $p_title . '\', logourl = \'' . $savedfilename . '\' WHERE itemid = \'' . $post_itemid . '\'';
                    }
                    $xoopsDB->query($sql) or $eh->show('0013');
                }
            } else {
                if ($p_title != $p_ini_title) {
                    $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET title = '" . $p_title . '\' WHERE itemid = \'' . $post_itemid . '\'';
                }
                $xoopsDB->query($sql) or $eh->show('0013');
            }
        }
    } else {
        redirect_header('index.php', 2, _MD_NOVALIDITEM_TITLEMISSING);
        exit();
    }
    if (isset($_POST['ini_description'])) {
        $p_ini_description = $myts->makeTareaData4Save($_POST['ini_description']);
    } else {
        $p_ini_description = null;
    }
    if (isset($_POST['description'])) {
        $p_description = $myts->makeTareaData4Save($_POST['description']);
    } else {
        $p_description = null;
    }
    if (isset($_POST['description_set'])) {
        if ($_POST['description_set'] == '1') {
            if ($p_ini_description != $p_description) {
                $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text') . " SET description = '$p_description' WHERE itemid = $post_itemid";
                $xoopsDB->query($sql) or $eh->show('0013');
            }
        } elseif ($p_description != null or $p_description !== '') {
            $sql = sprintf("INSERT INTO %s (itemid, description) VALUES (%u, '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text'), $post_itemid, $p_description);
            $xoopsDB->query($sql) or $eh->show('0013');
        }
    }

    $linkedcats = $efqListingHandler->getLinkedCatsArray($post_itemid, $post_dirid);

    $allcatsresult = $xoopsDB->query('SELECT cid FROM ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat') . " WHERE dirid='" . $post_dirid . '\' AND active=\'1\'');
    $numrows       = $xoopsDB->getRowsNum($allcatsresult);
    $count         = 0;
    if ($numrows > 0) {
        while (list($cid) = $xoopsDB->fetchRow($allcatsresult)) {
            if (isset($_POST['selected' . $cid . ''])) {
                if (!in_array($cid, $linkedcats)) {
                    $newid = $xoopsDB->genId($xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat') . '_xid_seq');
                    $sql   = sprintf("INSERT INTO %s (xid, cid, itemid, active, created) VALUES (%u, %u, %u, '%s', '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat'), $newid, $cid, $post_itemid, 1, time());
                    $xoopsDB->query($sql) or $eh->show('0013');
                }

                ++$count;
            } else {
                if (in_array($cid, $linkedcats)) {
                    $sql = sprintf('DELETE FROM %s WHERE cid=%u AND itemid=%u', $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat'), $cid, $post_itemid);
                    $xoopsDB->query($sql) or $eh->show('0013');
                }
            }
        }
        if ($count == 0) {
            redirect_header(XOOPS_URL . "/modules/$moddir/submit.php?dirid=" . $post_dirid . '', 2, _MD_NOCATEGORYMATCH);
            exit();
        }
    } else {
        redirect_header(XOOPS_URL . "/modules/$moddir/submit.php?dirid=" . $post_dirid . '', 2, _MD_NOCATEGORIESAVAILABLE);
        exit();
    }

    // Get all datatypes that can be associated with this listing.
    $sql         = 'SELECT DISTINCT t.dtypeid, t.title, t.section, f.typeid, f.fieldtype, f.ext, t.options, d.itemid, d.value, t.custom ';
    $sql         .= 'FROM '
                    . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat')
                    . ' ic, '
                    . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes_x_cat')
                    . ' xc, '
                    . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_fieldtypes')
                    . ' f, '
                    . $xoopsDB->prefix($module->getVar('dirname', 'n')
                                       . '_dtypes')
                    . ' t ';
    $sql         .= 'LEFT JOIN ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . ' d ON (t.dtypeid=d.dtypeid AND d.itemid=' . $post_itemid . ') ';
    $sql         .= "WHERE ic.cid=xc.cid AND ic.active='1' AND xc.dtypeid=t.dtypeid AND t.fieldtypeid=f.typeid AND t.activeyn='1' AND ic.itemid=" . $post_itemid . '';
    $data_result = $xoopsDB->query($sql) or $eh->show('0013');
    while (list($dtypeid, $title, $section, $ftypeid, $fieldtype, $ext, $options, $itemid, $value, $custom) = $xoopsDB->fetchRow($data_result)) {
        if (isset($_POST["$dtypeid"])) {
            if (is_array($_POST["$dtypeid"])) {
                $post_value_array       = $_POST["$dtypeid"];
                $post_value             = '';
                $options_arr            = explode('[|]', $options);
                $options_arr[]          = '-';
                $count_post_value_array = count($post_value_array);
                for ($i = 0; $i < $count_post_value_array; ++$i) {
                    // Check if posted value is in options.
                    if (in_array($post_value_array[$i], $options_arr)) {
                        if ($i == 0) {
                            $post_value = $post_value_array[$i];
                        } else {
                            $post_value .= '|' . $post_value_array[$i];
                        }
                    }
                }
            } else {
                $post_value = $myts->makeTboxData4Save($_POST["$dtypeid"]);
            }
        } else {
            $post_value = '';
        }
        if (isset($_POST['custom' . $dtypeid . ''])) {
            $post_customtitle = $myts->makeTboxData4Save($_POST['custom' . $dtypeid . '']);
        } else {
            $post_customtitle = '';
        }
        if (isset($_POST['url_title' . $dtypeid . ''])) {
            $post_urltitle = $myts->makeTboxData4Save($_POST['url_title' . $dtypeid . '']);
        } else {
            $post_urltitle = '';
        }
        if (isset($_POST['url_link' . $dtypeid . ''])) {
            $post_urllink = $myts->makeTboxData4Save($_POST['url_link' . $dtypeid . '']);
        } else {
            $post_urllink = '';
        }
        if ($post_urllink !== '') {
            $post_value = $post_urllink . '|' . $post_urltitle;
        }
        if ($itemid == null) {
            //That means there was not any value, so a new record should be added to the data table.
            $newid = $xoopsDB->genId($xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . '_dataid_seq');
            $sql   = sprintf("INSERT INTO %s (dataid, itemid, dtypeid, VALUE, created, customtitle) VALUES (%u, %u, %u, '%s', '%s', '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data'), $newid, $post_itemid, $dtypeid, $post_value, time(), $post_customtitle);
            $xoopsDB->query($sql) or $eh->show('0013');
        } else {
            if ($value != $post_value) {
                $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . " SET value = '$post_value', customtitle = '$post_customtitle' WHERE dtypeid = '$dtypeid' AND itemid = '$post_itemid'";
                $xoopsDB->query($sql) or $eh->show('0013');
            }
        }
    }
    redirect_header("edit.php?item=$post_itemid", 1, _MD_ITEM_UPDATED);
    exit();
} else {
    // Prepare page for showing listing edit form.
    if (!empty($_GET['item'])) {
        $get_itemid = (int)$_GET['item'];
        $get_dirid  = getDirIdFromItem($get_itemid);
    } else {
        redirect_header('index.php', 2, _MD_NOVALIDITEM_GET_IDMISSING);
        exit();
    }

    $GLOBALS['xoopsOption']['template_main'] = 'efqdiralpha1_editlisting.tpl';
    include XOOPS_ROOT_PATH . '/header.php';
    $xoopsTpl->assign('xoops_module_header', $xoops_module_header);
    $xoopsTpl->assign('lang_submit', _SUBMIT);
    $xoopsTpl->assign('lang_cancel', _CANCEL);

    $sql         = 'SELECT i.itemid, i.logourl, i.uid, i.status, i.created, i.title, i.typeid, t.description FROM '
                   . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items')
                   . ' i LEFT JOIN '
                   . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text')
                   . ' t ON (i.itemid=t.itemid) WHERE i.itemid='
                   . $get_itemid
                   . '';
    $item_result = $xoopsDB->query($sql);
    $numrows     = $xoopsDB->getRowsNum($item_result);

    while (list($itemid, $logourl, $submitter, $status, $created, $itemtitle, $typeid, $description) = $xoopsDB->fetchRow($item_result)) {
        $itemtitle = $myts->htmlSpecialChars($itemtitle);
        // Only the submitter or the admin are allowed edit a listing, so make sure
        // all other users are redirected elsewhere.
        if ($isadmin or $submitter == $userid) {
            if ($status == '0' and $submitter == $userid) {
                // Only the submitter can submit listing for approval when status = 0.
                $submit_for_approval_button = "<form action=\"edit.php\" method=\"post\"><input type=\"hidden\" name=\"op\" value=\"submitforapproval\"><input type=\"hidden\" name=\"user\" value=\"$userid\"><input type=\"hidden\" name=\"itemid\" value=\"$get_itemid\"><input type=\"submit\" name=\"submit\" class=\"formButton\" value=\""
                                              . _MD_PUBLISH_LISTING
                                              . '"></form><br>';
                $xoopsTpl->assign('submitview_button', $submit_for_approval_button);
            } elseif ($xoopsModuleConfig['autoapprove'] == 1) {
                // If status is not 0 and autoapprove is on, the submitter or
                // admin can edit the listing and with the button "view listing"
                // Go to the listing page in 'view' mode.
                $view_button = '<form action="listing.php" method="get"><input type="hidden" name="item" value="' . $itemid . '"><input type="submit" value="' . _MD_VIEWITEM . '"></input></form><br>';
                $xoopsTpl->assign('submitview_button', $view_button);
            } elseif (!$isadmin) {
                // Only admin is allowed to edit a listing after approval (status = 2)
                // in case autoapprove is off.
                redirect_header('listing.php?item=' . $itemid, 2, _MD_ONLYADMIN_ALLOWED_TO_EDIT);
                exit();
            }
            if ($logourl !== '') {
                $picture = "uploads/$logourl";
            } else {
                $picture = 'images/nopicture.gif';
            }
            $sql         = 'SELECT DISTINCT t.dtypeid, t.title, t.section, f.typeid, f.fieldtype, f.ext, t.options, d.itemid, d.value, d.customtitle, t.custom ';
            $sql         .= 'FROM '
                            . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat')
                            . ' ic, '
                            . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes_x_cat')
                            . ' xc, '
                            . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_fieldtypes')
                            . ' f, '
                            . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes')
                            . ' t ';
            $sql         .= 'LEFT JOIN ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . ' d ON (t.dtypeid=d.dtypeid AND d.itemid=' . $get_itemid . ') ';
            $sql         .= "WHERE ic.cid=xc.cid AND ic.active='1' AND xc.dtypeid=t.dtypeid AND t.fieldtypeid=f.typeid AND t.activeyn='1' AND ic.itemid=" . $get_itemid . '';
            $data_result = $xoopsDB->query($sql) or $eh->show('0013');
            $numrows     = $xoopsDB->getRowsNum($data_result);

            ob_start();
            $form = new XoopsThemeForm(_MD_EDITITEM_FORM, 'editform', 'edit.php');
            $form->setExtra('enctype="multipart/form-data"');
            $form->addElement(new XoopsFormText(_MD_TITLE, 'itemtitle', 50, 250, $itemtitle), true);
            //$categories = getCategoriesPaths($get_itemid);
            $categories = getCatSelectArea($get_itemid, $get_dirid);
            $form_cats  = new XoopsFormLabel(_MD_ITEMCATEGORIES, "$categories");
            $form->addElement($form_cats);
            $form->addElement(new XoopsFormDhtmlTextArea(_MD_DESCRIPTION, 'description', $description, 5, 50));
            $form->addElement(new XoopsFormFile(_MD_SELECT_PIC, 'image', 30000));
            $form->addElement(new XoopsFormImage(_MD_CURRENT_PIC, 'current_image', null, "$picture", '', ''));

            while (list($dtypeid, $title, $section, $ftypeid, $fieldtype, $ext, $options, $itemid, $value, $customtitle, $custom) = $xoopsDB->fetchRow($data_result)) {
                $field = $datafieldmanager->createField($title, $dtypeid, $fieldtype, $ext, $options, $value, $custom, $customtitle);
            }
            $form->addElement(new XoopsFormButton('', 'submit', _MD_SAVE, 'submit'));
            $form->addElement(new XoopsFormHidden('op', 'edit'));
            $form->addElement(new XoopsFormHidden('itemid', $get_itemid));
            $form->addElement(new XoopsFormHidden('dirid', $get_dirid));
            $form->addElement(new XoopsFormHidden('ini_itemtitle', $itemtitle));

            if ($description != null) {
                $form->addElement(new XoopsFormHidden('ini_description', $description));
            }
            $form->addElement(new XoopsFormHidden('uid', $userid));
            if ($description != null) {
                $form->addElement(new XoopsFormHidden('description_set', '1'));
            } else {
                $form->addElement(new XoopsFormHidden('description_set', '0'));
            }
            $form->display();
            $xoopsTpl->assign('dtypes_form', ob_get_contents());
            ob_end_clean();
        }
    }
}
include XOOPS_ROOT_PATH . '/footer.php';

/**
 * @param $locdestid
 * @return int
 */
function GetLevelid($locdestid)
{
    global $xoopsDB;
    $block        = array();
    $myts         = MyTextSanitizer::getInstance();
    $result2      = $xoopsDB->query('SELECT locid, levelid FROM ' . $xoopsDB->prefix('dst_loc') . ' WHERE locid = ' . $locdestid . '');
    $num_results2 = $GLOBALS['xoopsDB']->getRowsNum($result2);
    if (!$result2) {
        return 0;
    }
    for ($i = 0; $i < $num_results2; ++$i) {
        $row2    = $GLOBALS['xoopsDB']->fetchBoth($result2);
        $levelid = $row2['levelid'];
    }

    return $levelid;

}

/**
 * @param $locdestid
 * @return int
 */
function GetLocName($locdestid)
{
    global $xoopsDB;
    $block       = array();
    $myts        = MyTextSanitizer::getInstance();
    $result      = $xoopsDB->query('SELECT locid, name FROM ' . $xoopsDB->prefix('dst_loc') . ' WHERE locid = ' . $locdestid . '');
    $num_results = $GLOBALS['xoopsDB']->getRowsNum($result);
    if (!$result) {
        return 0;
    }
    for ($i = 0; $i < $num_results; ++$i) {
        $row     = $GLOBALS['xoopsDB']->fetchBoth($result);
        $locname = $myts->htmlSpecialChars($row['name']);
    }

    return $locname;

}

include XOOPS_ROOT_PATH . '/footer.php';


1		<?php
2		/*
3		* You may not change or alter any portion of this comment or credits
4		* of supporting developers from this source code or any supporting source code
5		* which is considered copyrighted (c) material of the original comment or credit authors.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10		*/
11
12		/**
13		* @copyright {@link https://xoops.org/ XOOPS Project}
14		* @license {@link http://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
15		* @package efqdirectory
16		* @since
17		* @author Martijn Hertog (aka wtravel)
18		* @author XOOPS Development Team,
19		*/
20
21		include __DIR__ . '/header.php';
22		$myts = MyTextSanitizer::getInstance(); // MyTextSanitizer object
23		require_once XOOPS_ROOT_PATH . '/class/xoopstree.php';
24		require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
25		require_once XOOPS_ROOT_PATH . '/include/xoopscodes.php';
26		require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
27		require_once __DIR__ . '/class/class.datafieldmanager.php';
28		require_once __DIR__ . '/class/class.formimage.php';
29		require_once __DIR__ . '/class/class.formdate.php';
30		require_once __DIR__ . '/class/class.image.php';
31		require_once __DIR__ . '/class/class.efqtree.php';
32		require_once __DIR__ . '/class/class.listing.php';
33
34		// Get module directory name;
35		$moddir = $xoopsModule->getVar('dirname');
36		// Prepare two tree classes;
37		$mytree = new XoopsTree($xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat'), 'cid', 'pid');
38		$efqtree = new efqTree($xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat'), 'cid', 'pid');
39		$efqListing = new efqListing();
40		$efqListingHandler = new efqListingHandler();
41
42		$eh = new ErrorHandler; //ErrorHandler object
43		$datafieldmanager = new efqDataFieldManager();
44
45		// If the user is not logged in and anonymous postings are
46		// not allowed, redirect and exit.
47	View Code Duplication	if (empty($xoopsUser) and !$xoopsModuleConfig['anonpost']) {
48		redirect_header(XOOPS_URL . '/user.php', 2, _MD_MUSTREGFIRST);
49		exit();
50		}
51
52		// Check if user has adminrights or not;
53	View Code Duplication	if ($xoopsUser && $xoopsUser->isAdmin($xoopsModule->mid())) {
54		$isadmin = true;
55		} else {
56		$isadmin = false;
57		}
58
59		// Get the user ID;
60		$userid = $xoopsUser->getVar('uid');
61
62		// If submit data was posted;
63		if (!empty($_POST['submit'])) {
64		if (!empty($_POST['itemid'])) {
65		$post_itemid = (int)$_POST['itemid'];
66		} else {
67		redirect_header('index.php', 2, _MD_NOVALIDITEM_IDMISSING);
68		exit();
69		}
70		if (isset($_POST['op'])) {
71		$op = $_POST['op'];
72		} else {
73		$op = '';
74		}
75		// If option is "submitforapproval" then submit and redirect;
76		if ($op === 'submitforapproval') {
77		if ($efqListingHandler->updateStatus($post_itemid, '1')) {
78		redirect_header('index.php', 2, _MD_SUBMITTED_PUBLICATION);
79		} else {
80		redirect_header('index.php', 2, _MD_ERROR_NOT_SAVED);
81		}
82		exit();
83		}
84	View Code Duplication	if (!empty($_POST['dirid'])) {
85		$post_dirid = (int)$_POST['dirid'];
86		} else {
87		$post_dirid = 0;
88		}
89		if (isset($_POST['itemtitle'])) {
90		$p_title = $myts->makeTboxData4Save($_POST['itemtitle']);
91		$p_ini_title = $myts->makeTboxData4Save($_POST['ini_itemtitle']);
92		// Start uploading up file;
93		require_once XOOPS_ROOT_PATH . '/class/uploader.php';
94		$uploader = new XoopsMediaUploader(XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads', array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png', 'image/jpg'), 300000, 250, 250);
95		$uploader->setPrefix('logo');
96		$err = array();
97		$ucount = count($_POST['xoops_upload_file']);
98		for ($i = 0; $i < $ucount; ++$i) {
99		if ($_POST['xoops_upload_file'][$i] !== '') {
100		$medianame = $_POST['xoops_upload_file'][$i];
101		if ($uploader->fetchMedia($_POST['xoops_upload_file'][$i])) {
102	View Code Duplication	if (!$uploader->upload()) {
103		$err[] = $uploader->getErrors();
104		} else {
105		$savedfilename = $uploader->getSavedFileName();
106		$ticket = uniqid(mt_rand(), 1);
107		//Rename the uploaded file to the same name in a different location that does not have 777 rights or 755.
108		rename('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '', '' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/uploads/' . $savedfilename . '');
109		//Delete the uploaded file from the initial upload folder if it is still present in that folder.
110		if (file_exists('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '')) {
111		unlink('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '');
112		}
113		}
114		if ($p_title != $p_ini_title) {
115		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET logourl = '" . $savedfilename . '\' WHERE itemid = \'' . $post_itemid . '\'';
116		} else {
117		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET title = '" . $p_title . '\', logourl = \'' . $savedfilename . '\' WHERE itemid = \'' . $post_itemid . '\'';
118		}
119		$xoopsDB->query($sql) or $eh->show('0013');
120		}
121	View Code Duplication	} else {
122		if ($p_title != $p_ini_title) {
123		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET title = '" . $p_title . '\' WHERE itemid = \'' . $post_itemid . '\'';
124		}
125		$xoopsDB->query($sql) or $eh->show('0013');
126		}
127		}
128		} else {
129		redirect_header('index.php', 2, _MD_NOVALIDITEM_TITLEMISSING);
130		exit();
131		}
132	View Code Duplication	if (isset($_POST['ini_description'])) {
133		$p_ini_description = $myts->makeTareaData4Save($_POST['ini_description']);
134		} else {
135		$p_ini_description = null;
136		}
137	View Code Duplication	if (isset($_POST['description'])) {
138		$p_description = $myts->makeTareaData4Save($_POST['description']);
139		} else {
140		$p_description = null;
141		}
142		if (isset($_POST['description_set'])) {
143		if ($_POST['description_set'] == '1') {
144		if ($p_ini_description != $p_description) {
145		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text') . " SET description = '$p_description' WHERE itemid = $post_itemid";
146		$xoopsDB->query($sql) or $eh->show('0013');
147		}
148		} elseif ($p_description != null or $p_description !== '') {
149		$sql = sprintf("INSERT INTO %s (itemid, description) VALUES (%u, '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text'), $post_itemid, $p_description);
150		$xoopsDB->query($sql) or $eh->show('0013');
151		}
152		}
153
154		$linkedcats = $efqListingHandler->getLinkedCatsArray($post_itemid, $post_dirid);
155
156		$allcatsresult = $xoopsDB->query('SELECT cid FROM ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat') . " WHERE dirid='" . $post_dirid . '\' AND active=\'1\'');
157		$numrows = $xoopsDB->getRowsNum($allcatsresult);
158		$count = 0;
159	View Code Duplication	if ($numrows > 0) {
160		while (list($cid) = $xoopsDB->fetchRow($allcatsresult)) {
161		if (isset($_POST['selected' . $cid . ''])) {
162		if (!in_array($cid, $linkedcats)) {
163		$newid = $xoopsDB->genId($xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat') . '_xid_seq');
164		$sql = sprintf("INSERT INTO %s (xid, cid, itemid, active, created) VALUES (%u, %u, %u, '%s', '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat'), $newid, $cid, $post_itemid, 1, time());
165		$xoopsDB->query($sql) or $eh->show('0013');
166		}
167
168		++$count;
169		} else {
170		if (in_array($cid, $linkedcats)) {
171		$sql = sprintf('DELETE FROM %s WHERE cid=%u AND itemid=%u', $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat'), $cid, $post_itemid);
172		$xoopsDB->query($sql) or $eh->show('0013');
173		}
174		}
175		}
176		if ($count == 0) {
177		redirect_header(XOOPS_URL . "/modules/$moddir/submit.php?dirid=" . $post_dirid . '', 2, _MD_NOCATEGORYMATCH);
178		exit();
179		}
180		} else {
181		redirect_header(XOOPS_URL . "/modules/$moddir/submit.php?dirid=" . $post_dirid . '', 2, _MD_NOCATEGORIESAVAILABLE);
182		exit();
183		}
184
185		// Get all datatypes that can be associated with this listing.
186		$sql = 'SELECT DISTINCT t.dtypeid, t.title, t.section, f.typeid, f.fieldtype, f.ext, t.options, d.itemid, d.value, t.custom ';
187		$sql .= 'FROM '
188		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat')
189		. ' ic, '
190		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes_x_cat')
191		. ' xc, '
192		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_fieldtypes')
193		. ' f, '
194		. $xoopsDB->prefix($module->getVar('dirname', 'n')
195		. '_dtypes')
196		. ' t ';
197		$sql .= 'LEFT JOIN ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . ' d ON (t.dtypeid=d.dtypeid AND d.itemid=' . $post_itemid . ') ';
198		$sql .= "WHERE ic.cid=xc.cid AND ic.active='1' AND xc.dtypeid=t.dtypeid AND t.fieldtypeid=f.typeid AND t.activeyn='1' AND ic.itemid=" . $post_itemid . '';
199		$data_result = $xoopsDB->query($sql) or $eh->show('0013');
200		while (list($dtypeid, $title, $section, $ftypeid, $fieldtype, $ext, $options, $itemid, $value, $custom) = $xoopsDB->fetchRow($data_result)) {
201		if (isset($_POST["$dtypeid"])) {
202		if (is_array($_POST["$dtypeid"])) {
203		$post_value_array = $_POST["$dtypeid"];
204		$post_value = '';
205		$options_arr = explode('[\|]', $options);
206		$options_arr[] = '-';
207		$count_post_value_array = count($post_value_array);
208		for ($i = 0; $i < $count_post_value_array; ++$i) {
209		// Check if posted value is in options.
210		if (in_array($post_value_array[$i], $options_arr)) {
211		if ($i == 0) {
212		$post_value = $post_value_array[$i];
213		} else {
214		$post_value .= '\|' . $post_value_array[$i];
215		}
216		}
217		}
218		} else {
219		$post_value = $myts->makeTboxData4Save($_POST["$dtypeid"]);
220		}
221		} else {
222		$post_value = '';
223		}
224	View Code Duplication	if (isset($_POST['custom' . $dtypeid . ''])) {
225		$post_customtitle = $myts->makeTboxData4Save($_POST['custom' . $dtypeid . '']);
226		} else {
227		$post_customtitle = '';
228		}
229	View Code Duplication	if (isset($_POST['url_title' . $dtypeid . ''])) {
230		$post_urltitle = $myts->makeTboxData4Save($_POST['url_title' . $dtypeid . '']);
231		} else {
232		$post_urltitle = '';
233		}
234	View Code Duplication	if (isset($_POST['url_link' . $dtypeid . ''])) {
235		$post_urllink = $myts->makeTboxData4Save($_POST['url_link' . $dtypeid . '']);
236		} else {
237		$post_urllink = '';
238		}
239		if ($post_urllink !== '') {
240		$post_value = $post_urllink . '\|' . $post_urltitle;
241		}
242	View Code Duplication	if ($itemid == null) {
243		//That means there was not any value, so a new record should be added to the data table.
244		$newid = $xoopsDB->genId($xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . '_dataid_seq');
245		$sql = sprintf("INSERT INTO %s (dataid, itemid, dtypeid, VALUE, created, customtitle) VALUES (%u, %u, %u, '%s', '%s', '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data'), $newid, $post_itemid, $dtypeid, $post_value, time(), $post_customtitle);
246		$xoopsDB->query($sql) or $eh->show('0013');
247		} else {
248		if ($value != $post_value) {
249		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . " SET value = '$post_value', customtitle = '$post_customtitle' WHERE dtypeid = '$dtypeid' AND itemid = '$post_itemid'";
250		$xoopsDB->query($sql) or $eh->show('0013');
251		}
252		}
253		}
254		redirect_header("edit.php?item=$post_itemid", 1, _MD_ITEM_UPDATED);
255		exit();
256		} else {
257		// Prepare page for showing listing edit form.
258		if (!empty($_GET['item'])) {
259		$get_itemid = (int)$_GET['item'];
260		$get_dirid = getDirIdFromItem($get_itemid);
261		} else {
262		redirect_header('index.php', 2, _MD_NOVALIDITEM_GET_IDMISSING);
263		exit();
264		}
265
266		$GLOBALS['xoopsOption']['template_main'] = 'efqdiralpha1_editlisting.tpl';
267		include XOOPS_ROOT_PATH . '/header.php';
268		$xoopsTpl->assign('xoops_module_header', $xoops_module_header);
269		$xoopsTpl->assign('lang_submit', _SUBMIT);
270		$xoopsTpl->assign('lang_cancel', _CANCEL);
271
272		$sql = 'SELECT i.itemid, i.logourl, i.uid, i.status, i.created, i.title, i.typeid, t.description FROM '
273		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items')
274		. ' i LEFT JOIN '
275		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text')
276		. ' t ON (i.itemid=t.itemid) WHERE i.itemid='
277		. $get_itemid
278		. '';
279		$item_result = $xoopsDB->query($sql);
280		$numrows = $xoopsDB->getRowsNum($item_result);
281
282		while (list($itemid, $logourl, $submitter, $status, $created, $itemtitle, $typeid, $description) = $xoopsDB->fetchRow($item_result)) {
283		$itemtitle = $myts->htmlSpecialChars($itemtitle);
284		// Only the submitter or the admin are allowed edit a listing, so make sure
285		// all other users are redirected elsewhere.
286		if ($isadmin or $submitter == $userid) {
287		if ($status == '0' and $submitter == $userid) {
288		// Only the submitter can submit listing for approval when status = 0.
289		$submit_for_approval_button = "<form action=\"edit.php\" method=\"post\"><input type=\"hidden\" name=\"op\" value=\"submitforapproval\"><input type=\"hidden\" name=\"user\" value=\"$userid\"><input type=\"hidden\" name=\"itemid\" value=\"$get_itemid\"><input type=\"submit\" name=\"submit\" class=\"formButton\" value=\""
290		. _MD_PUBLISH_LISTING
291		. '"></form><br>';
292		$xoopsTpl->assign('submitview_button', $submit_for_approval_button);
293		} elseif ($xoopsModuleConfig['autoapprove'] == 1) {
294		// If status is not 0 and autoapprove is on, the submitter or
295		// admin can edit the listing and with the button "view listing"
296		// Go to the listing page in 'view' mode.
297		$view_button = '<form action="listing.php" method="get"><input type="hidden" name="item" value="' . $itemid . '"><input type="submit" value="' . _MD_VIEWITEM . '"></input></form><br>';
298		$xoopsTpl->assign('submitview_button', $view_button);
299		} elseif (!$isadmin) {
300		// Only admin is allowed to edit a listing after approval (status = 2)
301		// in case autoapprove is off.
302		redirect_header('listing.php?item=' . $itemid, 2, _MD_ONLYADMIN_ALLOWED_TO_EDIT);
303		exit();
304		}
305		if ($logourl !== '') {
306		$picture = "uploads/$logourl";
307		} else {
308		$picture = 'images/nopicture.gif';
309		}
310		$sql = 'SELECT DISTINCT t.dtypeid, t.title, t.section, f.typeid, f.fieldtype, f.ext, t.options, d.itemid, d.value, d.customtitle, t.custom ';
311		$sql .= 'FROM '
312		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat')
313		. ' ic, '
314		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes_x_cat')
315		. ' xc, '
316		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_fieldtypes')
317		. ' f, '
318		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes')
319		. ' t ';
320		$sql .= 'LEFT JOIN ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . ' d ON (t.dtypeid=d.dtypeid AND d.itemid=' . $get_itemid . ') ';
321		$sql .= "WHERE ic.cid=xc.cid AND ic.active='1' AND xc.dtypeid=t.dtypeid AND t.fieldtypeid=f.typeid AND t.activeyn='1' AND ic.itemid=" . $get_itemid . '';
322		$data_result = $xoopsDB->query($sql) or $eh->show('0013');
323		$numrows = $xoopsDB->getRowsNum($data_result);
324
325		ob_start();
326		$form = new XoopsThemeForm(_MD_EDITITEM_FORM, 'editform', 'edit.php');
327		$form->setExtra('enctype="multipart/form-data"');
328		$form->addElement(new XoopsFormText(_MD_TITLE, 'itemtitle', 50, 250, $itemtitle), true);
329		//$categories = getCategoriesPaths($get_itemid);
330		$categories = getCatSelectArea($get_itemid, $get_dirid);
331		$form_cats = new XoopsFormLabel(_MD_ITEMCATEGORIES, "$categories");
332		$form->addElement($form_cats);
333		$form->addElement(new XoopsFormDhtmlTextArea(_MD_DESCRIPTION, 'description', $description, 5, 50));
334		$form->addElement(new XoopsFormFile(_MD_SELECT_PIC, 'image', 30000));
335		$form->addElement(new XoopsFormImage(_MD_CURRENT_PIC, 'current_image', null, "$picture", '', ''));
336
337	View Code Duplication	while (list($dtypeid, $title, $section, $ftypeid, $fieldtype, $ext, $options, $itemid, $value, $customtitle, $custom) = $xoopsDB->fetchRow($data_result)) {
338		$field = $datafieldmanager->createField($title, $dtypeid, $fieldtype, $ext, $options, $value, $custom, $customtitle);
339		}
340		$form->addElement(new XoopsFormButton('', 'submit', _MD_SAVE, 'submit'));
341		$form->addElement(new XoopsFormHidden('op', 'edit'));
342		$form->addElement(new XoopsFormHidden('itemid', $get_itemid));
343		$form->addElement(new XoopsFormHidden('dirid', $get_dirid));
344		$form->addElement(new XoopsFormHidden('ini_itemtitle', $itemtitle));
345
346		if ($description != null) {
347		$form->addElement(new XoopsFormHidden('ini_description', $description));
348		}
349		$form->addElement(new XoopsFormHidden('uid', $userid));
350	View Code Duplication	if ($description != null) {
351		$form->addElement(new XoopsFormHidden('description_set', '1'));
352		} else {
353		$form->addElement(new XoopsFormHidden('description_set', '0'));
354		}
355		$form->display();
356		$xoopsTpl->assign('dtypes_form', ob_get_contents());
357		ob_end_clean();
358		}
359		}
360		}
361		include XOOPS_ROOT_PATH . '/footer.php';
362
363		/**
364		* @param $locdestid
365		* @return int
366		*/
367	View Code Duplication	function GetLevelid($locdestid)
368		{
369		global $xoopsDB;
370		$block = array();
371		$myts = MyTextSanitizer::getInstance();
372		$result2 = $xoopsDB->query('SELECT locid, levelid FROM ' . $xoopsDB->prefix('dst_loc') . ' WHERE locid = ' . $locdestid . '');
373		$num_results2 = $GLOBALS['xoopsDB']->getRowsNum($result2);
374		if (!$result2) {
375		return 0;
376		}
377		for ($i = 0; $i < $num_results2; ++$i) {
378		$row2 = $GLOBALS['xoopsDB']->fetchBoth($result2);
379		$levelid = $row2['levelid'];
380		}
381
382		return $levelid;
		0 ignored issues – show Comprehensibility Best Practice introduced 2017-07-23 13:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$levelid` does not seem to be defined for all execution paths leading up to this point. Loading history...
383		}
384
385		/**
386		* @param $locdestid
387		* @return int
388		*/
389	View Code Duplication	function GetLocName($locdestid)
390		{
391		global $xoopsDB;
392		$block = array();
393		$myts = MyTextSanitizer::getInstance();
394		$result = $xoopsDB->query('SELECT locid, name FROM ' . $xoopsDB->prefix('dst_loc') . ' WHERE locid = ' . $locdestid . '');
395		$num_results = $GLOBALS['xoopsDB']->getRowsNum($result);
396		if (!$result) {
397		return 0;
398		}
399		for ($i = 0; $i < $num_results; ++$i) {
400		$row = $GLOBALS['xoopsDB']->fetchBoth($result);
401		$locname = $myts->htmlSpecialChars($row['name']);
402		}
403
404		return $locname;
		0 ignored issues – show Comprehensibility Best Practice introduced 2017-07-23 13:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$locname` does not seem to be defined for all execution paths leading up to this point. Loading history...
405		}
406
407		include XOOPS_ROOT_PATH . '/footer.php';
408

XoopsModules25x / efqdirectory

Issues (1149)

edit.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like