Issues in edit.php (master) - Issues in master - XoopsModules25x/efqdirectory - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1149)

edit.php (4 issues)

Labels

Severity

Minor 4

<?php
/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright    {@link https://xoops.org/ XOOPS Project}
 * @license      {@link http://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
 * @package      efqdirectory
 * @since
 * @author       Martijn Hertog (aka wtravel)
 * @author       XOOPS Development Team,
 */

include __DIR__ . '/header.php';
$myts = MyTextSanitizer::getInstance(); // MyTextSanitizer object
require_once XOOPS_ROOT_PATH . '/class/xoopstree.php';
require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
require_once XOOPS_ROOT_PATH . '/include/xoopscodes.php';
require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
require_once __DIR__ . '/class/class.datafieldmanager.php';
require_once __DIR__ . '/class/class.formimage.php';
require_once __DIR__ . '/class/class.formdate.php';
require_once __DIR__ . '/class/class.image.php';
require_once __DIR__ . '/class/class.efqtree.php';
require_once __DIR__ . '/class/class.listing.php';

// Get module directory name;
$moddir = $xoopsModule->getVar('dirname');
// Prepare two tree classes;
$mytree            = new XoopsTree($xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat'), 'cid', 'pid');
$efqtree           = new efqTree($xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat'), 'cid', 'pid');
$efqListing        = new efqListing();
$efqListingHandler = new efqListingHandler();

$eh               = new ErrorHandler; //ErrorHandler object
$datafieldmanager = new efqDataFieldManager();

// If the user is not logged in and anonymous postings are
// not allowed, redirect and exit.
if (empty($xoopsUser) and !$xoopsModuleConfig['anonpost']) {
    redirect_header(XOOPS_URL . '/user.php', 2, _MD_MUSTREGFIRST);
    exit();
}

// Check if user has adminrights or not;
if ($xoopsUser && $xoopsUser->isAdmin($xoopsModule->mid())) {
    $isadmin = true;
} else {
    $isadmin = false;
}

// Get the user ID;
$userid = $xoopsUser->getVar('uid');

// If submit data was posted;
if (!empty($_POST['submit'])) {
    if (!empty($_POST['itemid'])) {
        $post_itemid = (int)$_POST['itemid'];
    } else {
        redirect_header('index.php', 2, _MD_NOVALIDITEM_IDMISSING);
        exit();
    }
    if (isset($_POST['op'])) {
        $op = $_POST['op'];
    } else {
        $op = '';
    }
    // If option is "submitforapproval" then submit and redirect;
    if ($op === 'submitforapproval') {
        if ($efqListingHandler->updateStatus($post_itemid, '1')) {
            redirect_header('index.php', 2, _MD_SUBMITTED_PUBLICATION);
        } else {
            redirect_header('index.php', 2, _MD_ERROR_NOT_SAVED);
        }
        exit();
    }
    if (!empty($_POST['dirid'])) {
        $post_dirid = (int)$_POST['dirid'];
    } else {
        $post_dirid = 0;
    }
    if (isset($_POST['itemtitle'])) {
        $p_title     = $myts->makeTboxData4Save($_POST['itemtitle']);
        $p_ini_title = $myts->makeTboxData4Save($_POST['ini_itemtitle']);
        // Start uploading up file;
        require_once XOOPS_ROOT_PATH . '/class/uploader.php';
        $uploader = new XoopsMediaUploader(XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads', array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png', 'image/jpg'), 300000, 250, 250);
        $uploader->setPrefix('logo');
        $err    = array();
        $ucount = count($_POST['xoops_upload_file']);
        for ($i = 0; $i < $ucount; ++$i) {
            if ($_POST['xoops_upload_file'][$i] !== '') {
                $medianame = $_POST['xoops_upload_file'][$i];
                if ($uploader->fetchMedia($_POST['xoops_upload_file'][$i])) {
                    if (!$uploader->upload()) {
                        $err[] = $uploader->getErrors();
                    } else {
                        $savedfilename = $uploader->getSavedFileName();
                        $ticket        = uniqid(mt_rand(), 1);
                        //Rename the uploaded file to the same name in a different location that does not have 777 rights or 755.
                        rename('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '', '' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/uploads/' . $savedfilename . '');
                        //Delete the uploaded file from the initial upload folder if it is still present in that folder.
                        if (file_exists('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '')) {
                            unlink('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '');
                        }
                    }
                    if ($p_title != $p_ini_title) {
                        $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET logourl = '" . $savedfilename . '\' WHERE itemid = \'' . $post_itemid . '\'';
                    } else {
                        $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET title = '" . $p_title . '\', logourl = \'' . $savedfilename . '\' WHERE itemid = \'' . $post_itemid . '\'';
                    }
                    $xoopsDB->query($sql) or $eh->show('0013');
                }
            } else {
                if ($p_title != $p_ini_title) {
                    $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET title = '" . $p_title . '\' WHERE itemid = \'' . $post_itemid . '\'';
                }
                $xoopsDB->query($sql) or $eh->show('0013');
            }
        }
    } else {
        redirect_header('index.php', 2, _MD_NOVALIDITEM_TITLEMISSING);
        exit();
    }
    if (isset($_POST['ini_description'])) {
        $p_ini_description = $myts->makeTareaData4Save($_POST['ini_description']);
    } else {
        $p_ini_description = null;
    }
    if (isset($_POST['description'])) {
        $p_description = $myts->makeTareaData4Save($_POST['description']);
    } else {
        $p_description = null;
    }
    if (isset($_POST['description_set'])) {
        if ($_POST['description_set'] == '1') {
            if ($p_ini_description != $p_description) {
                $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text') . " SET description = '$p_description' WHERE itemid = $post_itemid";
                $xoopsDB->query($sql) or $eh->show('0013');
            }
        } elseif ($p_description != null or $p_description !== '') {
            $sql = sprintf("INSERT INTO %s (itemid, description) VALUES (%u, '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text'), $post_itemid, $p_description);
            $xoopsDB->query($sql) or $eh->show('0013');
        }
    }

    $linkedcats = $efqListingHandler->getLinkedCatsArray($post_itemid, $post_dirid);

    $allcatsresult = $xoopsDB->query('SELECT cid FROM ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat') . " WHERE dirid='" . $post_dirid . '\' AND active=\'1\'');
    $numrows       = $xoopsDB->getRowsNum($allcatsresult);
    $count         = 0;
    if ($numrows > 0) {
        while (list($cid) = $xoopsDB->fetchRow($allcatsresult)) {
            if (isset($_POST['selected' . $cid . ''])) {
                if (!in_array($cid, $linkedcats)) {
                    $newid = $xoopsDB->genId($xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat') . '_xid_seq');
                    $sql   = sprintf("INSERT INTO %s (xid, cid, itemid, active, created) VALUES (%u, %u, %u, '%s', '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat'), $newid, $cid, $post_itemid, 1, time());
                    $xoopsDB->query($sql) or $eh->show('0013');
                }

                ++$count;
            } else {
                if (in_array($cid, $linkedcats)) {
                    $sql = sprintf('DELETE FROM %s WHERE cid=%u AND itemid=%u', $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat'), $cid, $post_itemid);
                    $xoopsDB->query($sql) or $eh->show('0013');
                }
            }
        }
        if ($count == 0) {
            redirect_header(XOOPS_URL . "/modules/$moddir/submit.php?dirid=" . $post_dirid . '', 2, _MD_NOCATEGORYMATCH);
            exit();
        }
    } else {
        redirect_header(XOOPS_URL . "/modules/$moddir/submit.php?dirid=" . $post_dirid . '', 2, _MD_NOCATEGORIESAVAILABLE);
        exit();
    }

    // Get all datatypes that can be associated with this listing.
    $sql         = 'SELECT DISTINCT t.dtypeid, t.title, t.section, f.typeid, f.fieldtype, f.ext, t.options, d.itemid, d.value, t.custom ';
    $sql         .= 'FROM '
                    . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat')
                    . ' ic, '
                    . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes_x_cat')
                    . ' xc, '
                    . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_fieldtypes')
                    . ' f, '
                    . $xoopsDB->prefix($module->getVar('dirname', 'n')
                                       . '_dtypes')
                    . ' t ';
    $sql         .= 'LEFT JOIN ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . ' d ON (t.dtypeid=d.dtypeid AND d.itemid=' . $post_itemid . ') ';
    $sql         .= "WHERE ic.cid=xc.cid AND ic.active='1' AND xc.dtypeid=t.dtypeid AND t.fieldtypeid=f.typeid AND t.activeyn='1' AND ic.itemid=" . $post_itemid . '';
    $data_result = $xoopsDB->query($sql) or $eh->show('0013');
    while (list($dtypeid, $title, $section, $ftypeid, $fieldtype, $ext, $options, $itemid, $value, $custom) = $xoopsDB->fetchRow($data_result)) {
        if (isset($_POST["$dtypeid"])) {
            if (is_array($_POST["$dtypeid"])) {
                $post_value_array       = $_POST["$dtypeid"];
                $post_value             = '';
                $options_arr            = explode('[|]', $options);
                $options_arr[]          = '-';
                $count_post_value_array = count($post_value_array);
                for ($i = 0; $i < $count_post_value_array; ++$i) {
                    // Check if posted value is in options.
                    if (in_array($post_value_array[$i], $options_arr)) {
                        if ($i == 0) {
                            $post_value = $post_value_array[$i];
                        } else {
                            $post_value .= '|' . $post_value_array[$i];
                        }
                    }
                }
            } else {
                $post_value = $myts->makeTboxData4Save($_POST["$dtypeid"]);
            }
        } else {
            $post_value = '';
        }
        if (isset($_POST['custom' . $dtypeid . ''])) {
            $post_customtitle = $myts->makeTboxData4Save($_POST['custom' . $dtypeid . '']);
        } else {
            $post_customtitle = '';
        }
        if (isset($_POST['url_title' . $dtypeid . ''])) {
            $post_urltitle = $myts->makeTboxData4Save($_POST['url_title' . $dtypeid . '']);
        } else {
            $post_urltitle = '';
        }
        if (isset($_POST['url_link' . $dtypeid . ''])) {
            $post_urllink = $myts->makeTboxData4Save($_POST['url_link' . $dtypeid . '']);
        } else {
            $post_urllink = '';
        }
        if ($post_urllink !== '') {
            $post_value = $post_urllink . '|' . $post_urltitle;
        }
        if ($itemid == null) {
            //That means there was not any value, so a new record should be added to the data table.
            $newid = $xoopsDB->genId($xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . '_dataid_seq');
            $sql   = sprintf("INSERT INTO %s (dataid, itemid, dtypeid, VALUE, created, customtitle) VALUES (%u, %u, %u, '%s', '%s', '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data'), $newid, $post_itemid, $dtypeid, $post_value, time(), $post_customtitle);
            $xoopsDB->query($sql) or $eh->show('0013');
        } else {
            if ($value != $post_value) {
                $sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . " SET value = '$post_value', customtitle = '$post_customtitle' WHERE dtypeid = '$dtypeid' AND itemid = '$post_itemid'";
                $xoopsDB->query($sql) or $eh->show('0013');
            }
        }
    }
    redirect_header("edit.php?item=$post_itemid", 1, _MD_ITEM_UPDATED);
    exit();
} else {
    // Prepare page for showing listing edit form.
    if (!empty($_GET['item'])) {
        $get_itemid = (int)$_GET['item'];
        $get_dirid  = getDirIdFromItem($get_itemid);
    } else {
        redirect_header('index.php', 2, _MD_NOVALIDITEM_GET_IDMISSING);
        exit();
    }

    $GLOBALS['xoopsOption']['template_main'] = 'efqdiralpha1_editlisting.tpl';
    include XOOPS_ROOT_PATH . '/header.php';
    $xoopsTpl->assign('xoops_module_header', $xoops_module_header);
    $xoopsTpl->assign('lang_submit', _SUBMIT);
    $xoopsTpl->assign('lang_cancel', _CANCEL);

    $sql         = 'SELECT i.itemid, i.logourl, i.uid, i.status, i.created, i.title, i.typeid, t.description FROM '
                   . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items')
                   . ' i LEFT JOIN '
                   . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text')
                   . ' t ON (i.itemid=t.itemid) WHERE i.itemid='
                   . $get_itemid
                   . '';
    $item_result = $xoopsDB->query($sql);
    $numrows     = $xoopsDB->getRowsNum($item_result);

    while (list($itemid, $logourl, $submitter, $status, $created, $itemtitle, $typeid, $description) = $xoopsDB->fetchRow($item_result)) {
        $itemtitle = $myts->htmlSpecialChars($itemtitle);
        // Only the submitter or the admin are allowed edit a listing, so make sure
        // all other users are redirected elsewhere.
        if ($isadmin or $submitter == $userid) {
            if ($status == '0' and $submitter == $userid) {
                // Only the submitter can submit listing for approval when status = 0.
                $submit_for_approval_button = "<form action=\"edit.php\" method=\"post\"><input type=\"hidden\" name=\"op\" value=\"submitforapproval\"><input type=\"hidden\" name=\"user\" value=\"$userid\"><input type=\"hidden\" name=\"itemid\" value=\"$get_itemid\"><input type=\"submit\" name=\"submit\" class=\"formButton\" value=\""
                                              . _MD_PUBLISH_LISTING
                                              . '"></form><br>';
                $xoopsTpl->assign('submitview_button', $submit_for_approval_button);
            } elseif ($xoopsModuleConfig['autoapprove'] == 1) {
                // If status is not 0 and autoapprove is on, the submitter or
                // admin can edit the listing and with the button "view listing"
                // Go to the listing page in 'view' mode.
                $view_button = '<form action="listing.php" method="get"><input type="hidden" name="item" value="' . $itemid . '"><input type="submit" value="' . _MD_VIEWITEM . '"></input></form><br>';
                $xoopsTpl->assign('submitview_button', $view_button);
            } elseif (!$isadmin) {
                // Only admin is allowed to edit a listing after approval (status = 2)
                // in case autoapprove is off.
                redirect_header('listing.php?item=' . $itemid, 2, _MD_ONLYADMIN_ALLOWED_TO_EDIT);
                exit();
            }
            if ($logourl !== '') {
                $picture = "uploads/$logourl";
            } else {
                $picture = 'images/nopicture.gif';
            }
            $sql         = 'SELECT DISTINCT t.dtypeid, t.title, t.section, f.typeid, f.fieldtype, f.ext, t.options, d.itemid, d.value, d.customtitle, t.custom ';
            $sql         .= 'FROM '
                            . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat')
                            . ' ic, '
                            . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes_x_cat')
                            . ' xc, '
                            . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_fieldtypes')
                            . ' f, '
                            . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes')
                            . ' t ';
            $sql         .= 'LEFT JOIN ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . ' d ON (t.dtypeid=d.dtypeid AND d.itemid=' . $get_itemid . ') ';
            $sql         .= "WHERE ic.cid=xc.cid AND ic.active='1' AND xc.dtypeid=t.dtypeid AND t.fieldtypeid=f.typeid AND t.activeyn='1' AND ic.itemid=" . $get_itemid . '';
            $data_result = $xoopsDB->query($sql) or $eh->show('0013');
            $numrows     = $xoopsDB->getRowsNum($data_result);

            ob_start();
            $form = new XoopsThemeForm(_MD_EDITITEM_FORM, 'editform', 'edit.php');
            $form->setExtra('enctype="multipart/form-data"');
            $form->addElement(new XoopsFormText(_MD_TITLE, 'itemtitle', 50, 250, $itemtitle), true);
            //$categories = getCategoriesPaths($get_itemid);

            $categories = getCatSelectArea($get_itemid, $get_dirid);
            $form_cats  = new XoopsFormLabel(_MD_ITEMCATEGORIES, "$categories");
            $form->addElement($form_cats);
            $form->addElement(new XoopsFormDhtmlTextArea(_MD_DESCRIPTION, 'description', $description, 5, 50));
            $form->addElement(new XoopsFormFile(_MD_SELECT_PIC, 'image', 30000));
            $form->addElement(new XoopsFormImage(_MD_CURRENT_PIC, 'current_image', null, "$picture", '', ''));

            while (list($dtypeid, $title, $section, $ftypeid, $fieldtype, $ext, $options, $itemid, $value, $customtitle, $custom) = $xoopsDB->fetchRow($data_result)) {
                $field = $datafieldmanager->createField($title, $dtypeid, $fieldtype, $ext, $options, $value, $custom, $customtitle);
            }
            $form->addElement(new XoopsFormButton('', 'submit', _MD_SAVE, 'submit'));
            $form->addElement(new XoopsFormHidden('op', 'edit'));
            $form->addElement(new XoopsFormHidden('itemid', $get_itemid));
            $form->addElement(new XoopsFormHidden('dirid', $get_dirid));
            $form->addElement(new XoopsFormHidden('ini_itemtitle', $itemtitle));

            if ($description != null) {
                $form->addElement(new XoopsFormHidden('ini_description', $description));
            }
            $form->addElement(new XoopsFormHidden('uid', $userid));
            if ($description != null) {
                $form->addElement(new XoopsFormHidden('description_set', '1'));
            } else {
                $form->addElement(new XoopsFormHidden('description_set', '0'));
            }
            $form->display();
            $xoopsTpl->assign('dtypes_form', ob_get_contents());
            ob_end_clean();
        }
    }
}
include XOOPS_ROOT_PATH . '/footer.php';

/**
 * @param $locdestid
 * @return int
 */
function GetLevelid($locdestid)
{
    global $xoopsDB;
    $block        = array();

    $myts         = MyTextSanitizer::getInstance();

    $result2      = $xoopsDB->query('SELECT locid, levelid FROM ' . $xoopsDB->prefix('dst_loc') . ' WHERE locid = ' . $locdestid . '');
    $num_results2 = $GLOBALS['xoopsDB']->getRowsNum($result2);
    if (!$result2) {
        return 0;
    }
    for ($i = 0; $i < $num_results2; ++$i) {
        $row2    = $GLOBALS['xoopsDB']->fetchBoth($result2);
        $levelid = $row2['levelid'];
    }

    return $levelid;
}

/**
 * @param $locdestid
 * @return int
 */
function GetLocName($locdestid)
{
    global $xoopsDB;
    $block       = array();

    $myts        = MyTextSanitizer::getInstance();
    $result      = $xoopsDB->query('SELECT locid, name FROM ' . $xoopsDB->prefix('dst_loc') . ' WHERE locid = ' . $locdestid . '');
    $num_results = $GLOBALS['xoopsDB']->getRowsNum($result);
    if (!$result) {
        return 0;
    }
    for ($i = 0; $i < $num_results; ++$i) {
        $row     = $GLOBALS['xoopsDB']->fetchBoth($result);
        $locname = $myts->htmlSpecialChars($row['name']);
    }

    return $locname;
}

include XOOPS_ROOT_PATH . '/footer.php';


1		<?php
2		/*
3		* You may not change or alter any portion of this comment or credits
4		* of supporting developers from this source code or any supporting source code
5		* which is considered copyrighted (c) material of the original comment or credit authors.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10		*/
11
12		/**
13		* @copyright {@link https://xoops.org/ XOOPS Project}
14		* @license {@link http://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
15		* @package efqdirectory
16		* @since
17		* @author Martijn Hertog (aka wtravel)
18		* @author XOOPS Development Team,
19		*/
20
21		include __DIR__ . '/header.php';
22		$myts = MyTextSanitizer::getInstance(); // MyTextSanitizer object
23		require_once XOOPS_ROOT_PATH . '/class/xoopstree.php';
24		require_once XOOPS_ROOT_PATH . '/class/module.errorhandler.php';
25		require_once XOOPS_ROOT_PATH . '/include/xoopscodes.php';
26		require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
27		require_once __DIR__ . '/class/class.datafieldmanager.php';
28		require_once __DIR__ . '/class/class.formimage.php';
29		require_once __DIR__ . '/class/class.formdate.php';
30		require_once __DIR__ . '/class/class.image.php';
31		require_once __DIR__ . '/class/class.efqtree.php';
32		require_once __DIR__ . '/class/class.listing.php';
33
34		// Get module directory name;
35		$moddir = $xoopsModule->getVar('dirname');
36		// Prepare two tree classes;
37		$mytree = new XoopsTree($xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat'), 'cid', 'pid');
38		$efqtree = new efqTree($xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat'), 'cid', 'pid');
39		$efqListing = new efqListing();
40		$efqListingHandler = new efqListingHandler();
41
42		$eh = new ErrorHandler; //ErrorHandler object
43		$datafieldmanager = new efqDataFieldManager();
44
45		// If the user is not logged in and anonymous postings are
46		// not allowed, redirect and exit.
47	View Code Duplication	if (empty($xoopsUser) and !$xoopsModuleConfig['anonpost']) {
48		redirect_header(XOOPS_URL . '/user.php', 2, _MD_MUSTREGFIRST);
49		exit();
50		}
51
52		// Check if user has adminrights or not;
53	View Code Duplication	if ($xoopsUser && $xoopsUser->isAdmin($xoopsModule->mid())) {
54		$isadmin = true;
55		} else {
56		$isadmin = false;
57		}
58
59		// Get the user ID;
60		$userid = $xoopsUser->getVar('uid');
61
62		// If submit data was posted;
63		if (!empty($_POST['submit'])) {
64		if (!empty($_POST['itemid'])) {
65		$post_itemid = (int)$_POST['itemid'];
66		} else {
67		redirect_header('index.php', 2, _MD_NOVALIDITEM_IDMISSING);
68		exit();
69		}
70		if (isset($_POST['op'])) {
71		$op = $_POST['op'];
72		} else {
73		$op = '';
74		}
75		// If option is "submitforapproval" then submit and redirect;
76		if ($op === 'submitforapproval') {
77		if ($efqListingHandler->updateStatus($post_itemid, '1')) {
78		redirect_header('index.php', 2, _MD_SUBMITTED_PUBLICATION);
79		} else {
80		redirect_header('index.php', 2, _MD_ERROR_NOT_SAVED);
81		}
82		exit();
83		}
84	View Code Duplication	if (!empty($_POST['dirid'])) {
85		$post_dirid = (int)$_POST['dirid'];
86		} else {
87		$post_dirid = 0;
88		}
89		if (isset($_POST['itemtitle'])) {
90		$p_title = $myts->makeTboxData4Save($_POST['itemtitle']);
91		$p_ini_title = $myts->makeTboxData4Save($_POST['ini_itemtitle']);
92		// Start uploading up file;
93		require_once XOOPS_ROOT_PATH . '/class/uploader.php';
94		$uploader = new XoopsMediaUploader(XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads', array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png', 'image/jpg'), 300000, 250, 250);
95		$uploader->setPrefix('logo');
96		$err = array();
97		$ucount = count($_POST['xoops_upload_file']);
98		for ($i = 0; $i < $ucount; ++$i) {
99		if ($_POST['xoops_upload_file'][$i] !== '') {
100		$medianame = $_POST['xoops_upload_file'][$i];
101		if ($uploader->fetchMedia($_POST['xoops_upload_file'][$i])) {
102	View Code Duplication	if (!$uploader->upload()) {
103		$err[] = $uploader->getErrors();
104		} else {
105		$savedfilename = $uploader->getSavedFileName();
106		$ticket = uniqid(mt_rand(), 1);
107		//Rename the uploaded file to the same name in a different location that does not have 777 rights or 755.
108		rename('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '', '' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/uploads/' . $savedfilename . '');
109		//Delete the uploaded file from the initial upload folder if it is still present in that folder.
110		if (file_exists('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '')) {
111		unlink('' . XOOPS_ROOT_PATH . '/modules/' . $moddir . '/init_uploads/' . $savedfilename . '');
112		}
113		}
114		if ($p_title != $p_ini_title) {
115		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET logourl = '" . $savedfilename . '\' WHERE itemid = \'' . $post_itemid . '\'';
116		} else {
117		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET title = '" . $p_title . '\', logourl = \'' . $savedfilename . '\' WHERE itemid = \'' . $post_itemid . '\'';
118		}
119		$xoopsDB->query($sql) or $eh->show('0013');
120		}
121	View Code Duplication	} else {
122		if ($p_title != $p_ini_title) {
123		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items') . " SET title = '" . $p_title . '\' WHERE itemid = \'' . $post_itemid . '\'';
124		}
125		$xoopsDB->query($sql) or $eh->show('0013');
126		}
127		}
128		} else {
129		redirect_header('index.php', 2, _MD_NOVALIDITEM_TITLEMISSING);
130		exit();
131		}
132	View Code Duplication	if (isset($_POST['ini_description'])) {
133		$p_ini_description = $myts->makeTareaData4Save($_POST['ini_description']);
134		} else {
135		$p_ini_description = null;
136		}
137	View Code Duplication	if (isset($_POST['description'])) {
138		$p_description = $myts->makeTareaData4Save($_POST['description']);
139		} else {
140		$p_description = null;
141		}
142		if (isset($_POST['description_set'])) {
143		if ($_POST['description_set'] == '1') {
144		if ($p_ini_description != $p_description) {
145		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text') . " SET description = '$p_description' WHERE itemid = $post_itemid";
146		$xoopsDB->query($sql) or $eh->show('0013');
147		}
148		} elseif ($p_description != null or $p_description !== '') {
149		$sql = sprintf("INSERT INTO %s (itemid, description) VALUES (%u, '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text'), $post_itemid, $p_description);
150		$xoopsDB->query($sql) or $eh->show('0013');
151		}
152		}
153
154		$linkedcats = $efqListingHandler->getLinkedCatsArray($post_itemid, $post_dirid);
155
156		$allcatsresult = $xoopsDB->query('SELECT cid FROM ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_cat') . " WHERE dirid='" . $post_dirid . '\' AND active=\'1\'');
157		$numrows = $xoopsDB->getRowsNum($allcatsresult);
158		$count = 0;
159	View Code Duplication	if ($numrows > 0) {
160		while (list($cid) = $xoopsDB->fetchRow($allcatsresult)) {
161		if (isset($_POST['selected' . $cid . ''])) {
162		if (!in_array($cid, $linkedcats)) {
163		$newid = $xoopsDB->genId($xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat') . '_xid_seq');
164		$sql = sprintf("INSERT INTO %s (xid, cid, itemid, active, created) VALUES (%u, %u, %u, '%s', '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat'), $newid, $cid, $post_itemid, 1, time());
165		$xoopsDB->query($sql) or $eh->show('0013');
166		}
167
168		++$count;
169		} else {
170		if (in_array($cid, $linkedcats)) {
171		$sql = sprintf('DELETE FROM %s WHERE cid=%u AND itemid=%u', $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat'), $cid, $post_itemid);
172		$xoopsDB->query($sql) or $eh->show('0013');
173		}
174		}
175		}
176		if ($count == 0) {
177		redirect_header(XOOPS_URL . "/modules/$moddir/submit.php?dirid=" . $post_dirid . '', 2, _MD_NOCATEGORYMATCH);
178		exit();
179		}
180		} else {
181		redirect_header(XOOPS_URL . "/modules/$moddir/submit.php?dirid=" . $post_dirid . '', 2, _MD_NOCATEGORIESAVAILABLE);
182		exit();
183		}
184
185		// Get all datatypes that can be associated with this listing.
186		$sql = 'SELECT DISTINCT t.dtypeid, t.title, t.section, f.typeid, f.fieldtype, f.ext, t.options, d.itemid, d.value, t.custom ';
187		$sql .= 'FROM '
188		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat')
189		. ' ic, '
190		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes_x_cat')
191		. ' xc, '
192		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_fieldtypes')
193		. ' f, '
194		. $xoopsDB->prefix($module->getVar('dirname', 'n')
195		. '_dtypes')
196		. ' t ';
197		$sql .= 'LEFT JOIN ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . ' d ON (t.dtypeid=d.dtypeid AND d.itemid=' . $post_itemid . ') ';
198		$sql .= "WHERE ic.cid=xc.cid AND ic.active='1' AND xc.dtypeid=t.dtypeid AND t.fieldtypeid=f.typeid AND t.activeyn='1' AND ic.itemid=" . $post_itemid . '';
199		$data_result = $xoopsDB->query($sql) or $eh->show('0013');
200		while (list($dtypeid, $title, $section, $ftypeid, $fieldtype, $ext, $options, $itemid, $value, $custom) = $xoopsDB->fetchRow($data_result)) {
201		if (isset($_POST["$dtypeid"])) {
202		if (is_array($_POST["$dtypeid"])) {
203		$post_value_array = $_POST["$dtypeid"];
204		$post_value = '';
205		$options_arr = explode('[\|]', $options);
206		$options_arr[] = '-';
207		$count_post_value_array = count($post_value_array);
208		for ($i = 0; $i < $count_post_value_array; ++$i) {
209		// Check if posted value is in options.
210		if (in_array($post_value_array[$i], $options_arr)) {
211		if ($i == 0) {
212		$post_value = $post_value_array[$i];
213		} else {
214		$post_value .= '\|' . $post_value_array[$i];
215		}
216		}
217		}
218		} else {
219		$post_value = $myts->makeTboxData4Save($_POST["$dtypeid"]);
220		}
221		} else {
222		$post_value = '';
223		}
224	View Code Duplication	if (isset($_POST['custom' . $dtypeid . ''])) {
225		$post_customtitle = $myts->makeTboxData4Save($_POST['custom' . $dtypeid . '']);
226		} else {
227		$post_customtitle = '';
228		}
229	View Code Duplication	if (isset($_POST['url_title' . $dtypeid . ''])) {
230		$post_urltitle = $myts->makeTboxData4Save($_POST['url_title' . $dtypeid . '']);
231		} else {
232		$post_urltitle = '';
233		}
234	View Code Duplication	if (isset($_POST['url_link' . $dtypeid . ''])) {
235		$post_urllink = $myts->makeTboxData4Save($_POST['url_link' . $dtypeid . '']);
236		} else {
237		$post_urllink = '';
238		}
239		if ($post_urllink !== '') {
240		$post_value = $post_urllink . '\|' . $post_urltitle;
241		}
242	View Code Duplication	if ($itemid == null) {
243		//That means there was not any value, so a new record should be added to the data table.
244		$newid = $xoopsDB->genId($xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . '_dataid_seq');
245		$sql = sprintf("INSERT INTO %s (dataid, itemid, dtypeid, VALUE, created, customtitle) VALUES (%u, %u, %u, '%s', '%s', '%s')", $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data'), $newid, $post_itemid, $dtypeid, $post_value, time(), $post_customtitle);
246		$xoopsDB->query($sql) or $eh->show('0013');
247		} else {
248		if ($value != $post_value) {
249		$sql = 'UPDATE ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . " SET value = '$post_value', customtitle = '$post_customtitle' WHERE dtypeid = '$dtypeid' AND itemid = '$post_itemid'";
250		$xoopsDB->query($sql) or $eh->show('0013');
251		}
252		}
253		}
254		redirect_header("edit.php?item=$post_itemid", 1, _MD_ITEM_UPDATED);
255		exit();
256		} else {
257		// Prepare page for showing listing edit form.
258		if (!empty($_GET['item'])) {
259		$get_itemid = (int)$_GET['item'];
260		$get_dirid = getDirIdFromItem($get_itemid);
261		} else {
262		redirect_header('index.php', 2, _MD_NOVALIDITEM_GET_IDMISSING);
263		exit();
264		}
265
266		$GLOBALS['xoopsOption']['template_main'] = 'efqdiralpha1_editlisting.tpl';
267		include XOOPS_ROOT_PATH . '/header.php';
268		$xoopsTpl->assign('xoops_module_header', $xoops_module_header);
269		$xoopsTpl->assign('lang_submit', _SUBMIT);
270		$xoopsTpl->assign('lang_cancel', _CANCEL);
271
272		$sql = 'SELECT i.itemid, i.logourl, i.uid, i.status, i.created, i.title, i.typeid, t.description FROM '
273		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_items')
274		. ' i LEFT JOIN '
275		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_text')
276		. ' t ON (i.itemid=t.itemid) WHERE i.itemid='
277		. $get_itemid
278		. '';
279		$item_result = $xoopsDB->query($sql);
280		$numrows = $xoopsDB->getRowsNum($item_result);
281
282		while (list($itemid, $logourl, $submitter, $status, $created, $itemtitle, $typeid, $description) = $xoopsDB->fetchRow($item_result)) {
283		$itemtitle = $myts->htmlSpecialChars($itemtitle);
284		// Only the submitter or the admin are allowed edit a listing, so make sure
285		// all other users are redirected elsewhere.
286		if ($isadmin or $submitter == $userid) {
287		if ($status == '0' and $submitter == $userid) {
288		// Only the submitter can submit listing for approval when status = 0.
289		$submit_for_approval_button = "<form action=\"edit.php\" method=\"post\"><input type=\"hidden\" name=\"op\" value=\"submitforapproval\"><input type=\"hidden\" name=\"user\" value=\"$userid\"><input type=\"hidden\" name=\"itemid\" value=\"$get_itemid\"><input type=\"submit\" name=\"submit\" class=\"formButton\" value=\""
290		. _MD_PUBLISH_LISTING
291		. '"></form><br>';
292		$xoopsTpl->assign('submitview_button', $submit_for_approval_button);
293		} elseif ($xoopsModuleConfig['autoapprove'] == 1) {
294		// If status is not 0 and autoapprove is on, the submitter or
295		// admin can edit the listing and with the button "view listing"
296		// Go to the listing page in 'view' mode.
297		$view_button = '<form action="listing.php" method="get"><input type="hidden" name="item" value="' . $itemid . '"><input type="submit" value="' . _MD_VIEWITEM . '"></input></form><br>';
298		$xoopsTpl->assign('submitview_button', $view_button);
299		} elseif (!$isadmin) {
300		// Only admin is allowed to edit a listing after approval (status = 2)
301		// in case autoapprove is off.
302		redirect_header('listing.php?item=' . $itemid, 2, _MD_ONLYADMIN_ALLOWED_TO_EDIT);
303		exit();
304		}
305		if ($logourl !== '') {
306		$picture = "uploads/$logourl";
307		} else {
308		$picture = 'images/nopicture.gif';
309		}
310		$sql = 'SELECT DISTINCT t.dtypeid, t.title, t.section, f.typeid, f.fieldtype, f.ext, t.options, d.itemid, d.value, d.customtitle, t.custom ';
311		$sql .= 'FROM '
312		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_item_x_cat')
313		. ' ic, '
314		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes_x_cat')
315		. ' xc, '
316		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_fieldtypes')
317		. ' f, '
318		. $xoopsDB->prefix($module->getVar('dirname', 'n') . '_dtypes')
319		. ' t ';
320		$sql .= 'LEFT JOIN ' . $xoopsDB->prefix($module->getVar('dirname', 'n') . '_data') . ' d ON (t.dtypeid=d.dtypeid AND d.itemid=' . $get_itemid . ') ';
321		$sql .= "WHERE ic.cid=xc.cid AND ic.active='1' AND xc.dtypeid=t.dtypeid AND t.fieldtypeid=f.typeid AND t.activeyn='1' AND ic.itemid=" . $get_itemid . '';
322		$data_result = $xoopsDB->query($sql) or $eh->show('0013');
323		$numrows = $xoopsDB->getRowsNum($data_result);
324
325		ob_start();
326		$form = new XoopsThemeForm(_MD_EDITITEM_FORM, 'editform', 'edit.php');
327		$form->setExtra('enctype="multipart/form-data"');
328		$form->addElement(new XoopsFormText(_MD_TITLE, 'itemtitle', 50, 250, $itemtitle), true);
329		//$categories = getCategoriesPaths($get_itemid);
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-07-23 13:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this `56%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
330		$categories = getCatSelectArea($get_itemid, $get_dirid);
331		$form_cats = new XoopsFormLabel(_MD_ITEMCATEGORIES, "$categories");
332		$form->addElement($form_cats);
333		$form->addElement(new XoopsFormDhtmlTextArea(_MD_DESCRIPTION, 'description', $description, 5, 50));
334		$form->addElement(new XoopsFormFile(_MD_SELECT_PIC, 'image', 30000));
335		$form->addElement(new XoopsFormImage(_MD_CURRENT_PIC, 'current_image', null, "$picture", '', ''));
336
337	View Code Duplication	while (list($dtypeid, $title, $section, $ftypeid, $fieldtype, $ext, $options, $itemid, $value, $customtitle, $custom) = $xoopsDB->fetchRow($data_result)) {
338		$field = $datafieldmanager->createField($title, $dtypeid, $fieldtype, $ext, $options, $value, $custom, $customtitle);
339		}
340		$form->addElement(new XoopsFormButton('', 'submit', _MD_SAVE, 'submit'));
341		$form->addElement(new XoopsFormHidden('op', 'edit'));
342		$form->addElement(new XoopsFormHidden('itemid', $get_itemid));
343		$form->addElement(new XoopsFormHidden('dirid', $get_dirid));
344		$form->addElement(new XoopsFormHidden('ini_itemtitle', $itemtitle));
345
346		if ($description != null) {
347		$form->addElement(new XoopsFormHidden('ini_description', $description));
348		}
349		$form->addElement(new XoopsFormHidden('uid', $userid));
350	View Code Duplication	if ($description != null) {
351		$form->addElement(new XoopsFormHidden('description_set', '1'));
352		} else {
353		$form->addElement(new XoopsFormHidden('description_set', '0'));
354		}
355		$form->display();
356		$xoopsTpl->assign('dtypes_form', ob_get_contents());
357		ob_end_clean();
358		}
359		}
360		}
361		include XOOPS_ROOT_PATH . '/footer.php';
362
363		/**
364		* @param $locdestid
365		* @return int
366		*/
367	View Code Duplication	function GetLevelid($locdestid)
368		{
369		global $xoopsDB;
370		$block = array();
		0 ignored issues – show Unused Code introduced 2017-07-23 13:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$block` is dead and can be removed. Loading history...
371		$myts = MyTextSanitizer::getInstance();
		0 ignored issues – show Unused Code introduced 2017-07-23 13:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$myts` is dead and can be removed. Loading history...
372		$result2 = $xoopsDB->query('SELECT locid, levelid FROM ' . $xoopsDB->prefix('dst_loc') . ' WHERE locid = ' . $locdestid . '');
373		$num_results2 = $GLOBALS['xoopsDB']->getRowsNum($result2);
374		if (!$result2) {
375		return 0;
376		}
377		for ($i = 0; $i < $num_results2; ++$i) {
378		$row2 = $GLOBALS['xoopsDB']->fetchBoth($result2);
379		$levelid = $row2['levelid'];
380		}
381
382		return $levelid;
383		}
384
385		/**
386		* @param $locdestid
387		* @return int
388		*/
389	View Code Duplication	function GetLocName($locdestid)
390		{
391		global $xoopsDB;
392		$block = array();
		0 ignored issues – show Unused Code introduced 2017-07-23 13:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$block` is dead and can be removed. Loading history...
393		$myts = MyTextSanitizer::getInstance();
394		$result = $xoopsDB->query('SELECT locid, name FROM ' . $xoopsDB->prefix('dst_loc') . ' WHERE locid = ' . $locdestid . '');
395		$num_results = $GLOBALS['xoopsDB']->getRowsNum($result);
396		if (!$result) {
397		return 0;
398		}
399		for ($i = 0; $i < $num_results; ++$i) {
400		$row = $GLOBALS['xoopsDB']->fetchBoth($result);
401		$locname = $myts->htmlSpecialChars($row['name']);
402		}
403
404		return $locname;
405		}
406
407		include XOOPS_ROOT_PATH . '/footer.php';
408

XoopsModules25x / efqdirectory

Issues (1149)

edit.php (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like