Issues in functions.php (master) - Issues in master - XoopsModules25x/xdonations - Measure and Improve Code Quality continuously with Scrutinizer

Issues (129)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/functions.php (2 issues)

Labels

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/************************************************************************/
/* Donations - Paypal financial management module for Xoops 2           */
/* Copyright (c) 2016 XOOPS Project                                     */
/* http://dev.xoops.org/modules/xfmod/project/?group_id=1060            */
/* 
/************************************************************************/
/*                                                                      */
/* Based on NukeTreasury for PHP-Nuke - by Dave Lawrence AKA Thrash     */
/* NukeTreasury - Financial management for PHP-Nuke                     */
/* Copyright (c) 2004 by Dave Lawrence AKA Thrash                       */
/*                       [email protected]                         */
/*                       [email protected]                          */
/*                                                                      */
/************************************************************************/
/*                                                                      */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 2 of the License.       */
/*                                                                      */
/* This program is distributed in the hope that it will be useful, but  */
/* WITHOUT ANY WARRANTY; without even the implied warranty of           */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU     */
/* General Public License for more details.                             */
/*                                                                      */
/* You should have received a copy of the GNU General Public License    */
/* along with this program; if not, write to the Free Software          */
/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  */
/* USA                                                                  */
/************************************************************************/

// defined('XOOPS_ROOT_PATH') || exit('XOOPS root path not defined');

/**
 * Set the Currency Indicator ($, etc...)
 *
 * @param  string $curr PAYPAL abbreviation for currency
 * @return string currency indicator (sign)
 *
 */
function defineCurrency($curr)
{
    switch ($curr) {
        case 'AUD':
            $currencySign = _MD_DON_CURR_AUD;
            break;
        case 'EUR':
            $currencySign = _MD_DON_CURR_EUR;
            break;
        case 'GBP':
            $currencySign = _MD_DON_CURR_GBP;
            break;
        case 'JPY':
            $currencySign = _MD_DON_CURR_JPY;
            break;
        case 'CAD':
            $currencySign = _MD_DON_CURR_CAD;
            break;
        case 'USD':
        default:
            $currencySign = _MD_DON_CURR_USD;
            break;
    }

    return $currencySign;
}

/**
 * Get all Config fields from DB
 *
 * @return array
 */
function configInfo()
{
    global $xoopsDB;

    $query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE subtype = '' OR subtype = 'array'";
    $cfgset    = $xoopsDB->query($query_cfg);
    $tr_config = array();
    while ($cfgset && $row = $xoopsDB->fetchArray($cfgset)) {
        $tr_config[$row['name']] = $row['value'];
    }

    return $tr_config;
}

/**
 * Get XOOPS Member Object
 *
 * @param  int $muser_id
 * @return FALSE - no member info avail for this id, SUCCESS - member object
 */
function mgetUserInfo($muser_id)
{
    global $xoopsDB;
    $thisUser = false;
    if ((int)$muser_id > 0) {
        $member_handler = xoops_getHandler('member');
        $thisUser       = $member_handler->getUser($muser_id);
    }

    return $thisUser;
}

/**
 * Retrieve list of db table's field names
 *
 * EXAMPLE USAGE:
 *
 * $list=simple_query($xoopsDB->prefix('donations_transactions'));
 *
 * @param  string $table_name DB table name
 * @param  string $key_col    (optional) table column name
 * @param  mixed  $key_val    (optional) table column value
 * @param  array  $ignore     (optional) list of values to ignore (clear)
 * @return mixed  FALSE - nothing found, SUCCESS - array() of values
 */
function simple_query($table_name, $key_col = '', $key_val = '', $ignore = array())
{
    global $xoopsDB;
    // open the db
//    $db_link = mysqli_connect(XOOPS_DB_HOST, XOOPS_DB_USER, XOOPS_DB_PASS);
    $keys    = '';
    if ($key_col != '' && $key_val != '') {
        $keys = "WHERE $key_col = $key_val";
    }
    // query table using key col/val
    $simple_q   = false;
    $db_rs      = $xoopsDB->query("SELECT * FROM $table_name $keys");
    $num_fields = $xoopsDB->getFieldsNum($db_rs);
    if ($num_fields) {
        // first (and only) row
        $simple_q = array();
        $row      = $xoopsDB->fetchArray($db_rs);
        // load up array
        if ($key_col != '' && $key_val != '') {
            for ($i = 0; $i < $num_fields; ++$i) {

                $var            = '';
                $var            = $xoopsDB->getFieldName($db_rs, $i);
                $simple_q[$var] = $row[$var];
            }
        } else {
            for ($i = 0; $i < $num_fields; ++$i) {

                $var = '';
                $var = $xoopsDB->getFieldName($db_rs, $i);
                if (!in_array($var, $ignore)) {
                    $simple_q[$var] = '';
                }
            }
        }
    }
    $xoopsDB->freeRecordSet($db_rs);

    return $simple_q;
}

/*
 * Functions for Administration display
 */

/**
 * Display a Config Option html Option Box in a 2 column table row
 *
 * @param string $name name of config variable in config DB table
 * @param string $desc description of option box
 */
function ShowYNBox($name, $desc)
{
    global $tr_config, $modversion, $xoopsDB;

    $query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
    $cfgset    = $xoopsDB->query($query_cfg);
    if ($cfgset) {
        $cfg  = $xoopsDB->fetchArray($cfgset);
        $text = htmlentities($cfg['text']);
        echo "<tr>\n" . "  <td title=\"{$text}\" style=\"text-align: right;\">{$desc}</td>\n" . "  <td title=\"{$text}\" style=\"text-align: left;\">";
        echo "    <select size=\"1\" name=\"var_{$name}\">";
        if ($cfg['value']) {
            echo "      <option selected value=\"1\">" . _YES . '</option>' . "      <option value=\"0\">" . _NO . '</option>';
        } else {
            echo "      <option value=\"1\">" . _YES . '</option>' . "      <option selected value=\"0\">" . _NO . '</option>';
        }
        echo "    </select>\n";
        echo "  </td>\n";
        echo "</tr>\n";
    }
}

/**
 * Display a Config option HTML Select Box in 2 column table
 *
 * @param string $name name of config DB table column
 * @param string $desc description of select box to show
 */
function ShowDropBox($name, $desc)
{
    global $tr_config, $modversion, $xoopsDB;

    $query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
    $cfgset    = $xoopsDB->query($query_cfg);
    if ($cfgset) {
        $cfg  = $xoopsDB->fetchArray($cfgset);
        $text = htmlentities($cfg['text']);
        echo "<tr style=\"text-align: center;\">\n" . "  <td title=\"{$text}\" style=\"text-align: right; width: 50%;\">{$desc}</td>\n" . "  <td title=\"{$text}\" style=\"text-align: left;\">\n";
        echo "    <select size=\"1\" name=\"var_{$name}-array\">\n";
        if (isset($cfg['value'])) {
            $splitArr = explode('|', $cfg['value']);
            $i        = 0;
            while ($i < count($splitArr)) {
                $selected = (0 == $i) ? ' selected' : '';
                echo "      <option{$selected} value=\"{$splitArr[$i]}\">{$splitArr[$i]}</option>\n";
                ++$i;
            }
        }
        echo "    </select>\n";
        echo "  </td>\n";
        echo "</tr>\n";
    }
}

/**
 * Display Config Array Drop Box in HTML 2 column table row
 *
 * @param string $name    name of DB column in config table
 * @param string $desc    description to display for select box
 * @param array  $x_array array( array($value1, $attrib1), array(...) )
 */
function ShowArrayDropBox($name, $desc, $x_array)
{
    global $tr_config, $modversion, $xoopsDB;
    $query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}' LIMIT 1";
    $cfgset    = $xoopsDB->query($query_cfg);
    if ($cfgset) {
        $cfg  = $xoopsDB->fetchArray($cfgset);
        $text = htmlentities($cfg['text']);
        echo "<tr>\n" . "  <td title=\"{$text}\" style=\"text-align: right;\">{$desc}</td>\n" . "  <td title=\"{$text}\" style=\"text-align: left;\">\n";
        echo "    <select size=\"1\" name=\"var_{$name}\">\n";
        if (isset($cfg['value'])) {
            if (0 == $cfg['value']) {
                echo "      <option selected value=\"0\">-------</option>\n";
            } else {
                echo "      <option value=\"0\">-------</option>\n";
            }
            $i = 0;
            while ($i < count($x_array)) {
                $mvar     = $x_array[$i];
                $selected = '';
                if ($mvar[0] == $cfg['value']) {
                    $selected = ' selected';
                }
                echo "      <option{$selected} value=\"{$mvar[0]}\">{$mvar[1]}</option>\n";
                ++$i;
            }
        }
        echo "    </select>\n";
        echo "  </td>\n";
        echo "</tr>\n";
    }
}

/**
 * Display Config Option Text Box in a 2 column table row
 *
 * @param string $name    name of DB column in config table
 * @param string $desc    description of text box to display
 * @param int    $tdWidth width of description field
 * @param int    $inpSize width of text input box
 * @param string $extra   extra info included in input box 'string'
 */
function ShowTextBox($name, $desc, $tdWidth, $inpSize, $extra)
{
    global $tr_config, $modversion, $xoopsDB;

    $query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
    $cfgset    = $xoopsDB->query($query_cfg);
    if ($cfgset) {
        $cfg  = $xoopsDB->fetchArray($cfgset);
        $text = htmlentities($cfg['text']);
        echo "<tr>\n" . "  <td title=\"{$text}\" style=\"text-align: right; width: {$tdWidth};\">{$desc}</td>\n" . "  <td title=\"{$text}\" style=\"text-align: left;\">\n" . "    <input size=\"{$inpSize}\" name=\"var_{$name}\" type=\"text\" value=\"{$cfg['value']}\"  {$extra} />\n" . "  </td>\n" . "</tr>\n";
    }
}

/************************************************************************
 *
 ***********************************************************************
 * @param $xnm
 * @param $ynm
 * @param $desc
 * @param $inpSize
 * @param $extra
 */
function ShowImgXYBox($xnm, $ynm, $desc, $inpSize, $extra)
{
    global $tr_config, $modversion, $xoopsDB;

    $query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '$xnm'";
    $cfgset    = $xoopsDB->query($query_cfg);

    if ($cfgset) {
        $cfg = $xoopsDB->fetchArray($cfgset);

        $text = htmlentities($cfg['text']);
        echo "<tr>\n" . "  <td title=\"{$text}\" style=\"text-align: right;\">{$desc}</td>\n" . "  <td title=\"{$text}\" style=\"text-align: left;\">\n";
        echo '    &nbsp;' . _AD_DON_WIDTH . "&nbsp;\n" . "    <input size=\"{$inpSize}\" name=\"var_{$cfg['name']}\" type=\"text\" value=\"{$cfg['value']}\" {$extra} />\n";

        $query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '$ynm'";
        $cfgset    = $xoopsDB->query($query_cfg);
        if ($cfgset) {
            $cfg = $xoopsDB->fetchArray($cfgset);
            echo '    &nbsp;&nbsp;' . _AD_DON_HEIGHT . "&nbsp;\n" . "    <input size=\"{$inpSize}\" name=\"var_{$cfg['name']}\" type=\"text\" value=\"{$cfg['value']}\" {$extra} />\n";
        }
        echo "  </td>\n" . "</tr>\n";
    }
}

/*
 * Functions to save Administration settings
 */

/**
 * Update the Config option in the database
 *
 * @param  string $name config var name in the database
 * @param  string $sub  config subtype in the database
 * @param  mixed  $val  config var value
 * @param  string $txt  configuration text for this var
 * @return bool   TRUE value updated, FALSE value not updated
 */
function updateDb($name, $sub, $val, $txt)
{
    global $tr_config, $ilog, $xoopsDB;
    $insertRecordset = 'UPDATE `' . $xoopsDB->prefix('donations_config') . '`' . " SET `value`='$val', `text`='{$txt}'" . " WHERE `name`='{$name}' AND `subtype`='{$sub}'";
    $ilog .= "{$insertRecordset}<br /><br />";
    echo "{$insertRecordset}<br /><br />";
    echo "<span style=\"color: #FF0000; font-weight: bold;\">";
    $rvalue = $xoopsDB->query($insertRecordset);
    echo '</span>';
    $retVal = $rvalue ? true : false;

    return $retVal;
}

/************************************************************************
 *
 ***********************************************************************
 * @param $name
 * @param $sub
 * @param $val
 * @param $txt
 */
function updateDbShort($name, $sub, $val, $txt='')
{
    global $tr_config, $ilog, $xoopsDB;
    if ($sub === 'array') {
        $newArr    = '';
        $query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
        $cfgset    = $xoopsDB->query($query_cfg);
        $cfg       = $xoopsDB->fetchArray($cfgset);
        if (isset($cfg['value'])) {
            $splitArr = explode('|', $cfg['value']);
            $newArr   = $val;
            $i        = 0;
            while (false != ($singleVar = $splitArr[$i])) {
                if ($singleVar != $val) {
                    $newArr = $newArr . '|' . $singleVar;
                }
                ++$i;
            }
            $val = $newArr;
        }
    }
    $insertRecordset = 'UPDATE `' . $xoopsDB->prefix('donations_config') . '`' . " SET `value`='{$val}'" . " WHERE `name`='{$name}' AND `subtype`='{$sub}'";

    $ilog .= "{$insertRecordset}<br /><br />\n";
    echo "{$insertRecordset}<br /><br /><span style=\"color: #FF0000; font-weight: bold;\">\n";
    $rvalue = $xoopsDB->query($insertRecordset);
    echo "</span>\n";
}

/**
 * Get Configuration Value
 *
 * @param  string $name name of configuration variable
 * @return mixed  value of config var on success, FALSE on failure
 *
 */
function getLibConfig($name)
{
    global $xoopsDB;

    $sql       = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
    $Recordset = $xoopsDB->query($sql);
    $row       = $xoopsDB->fetchArray($Recordset);
    //  $text = $b = html_entity_decode($row['text']);
    $text = html_entity_decode($row['text']);

    return $text;
}

/**
 *
 * Get All Configuration Values
 *
 * @return array SUCCESS - array of config values (name as key); FAIL - empty
 */
function getAllLibConfig()
{
    global $xoopsDB;

    $sql      = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . ' ORDER BY name, subtype';
    $sqlquery = $xoopsDB->query($sql);

    $t = array();
    while (false != ($sqlfetch = $xoopsDB->fetchArray($sqlquery))) {
        $text = html_entity_decode($sqlfetch['text']);
        $text = str_replace('<br />', "\r\n", $text);
        $text = str_replace('<br />', "\r\n", $text);

        if ($sqlfetch['subtype'] == '') {
            $t[$sqlfetch['name']] = $text;
        } else {
            $t[$sqlfetch['name']][$sqlfetch['subtype']] = $text;
        }
    }
    //displayArray($t,"------getAllLibConfig-----------");
    return $t;
}

/*******************************************************************
 *
 ******************************************************************
 * @param        $t
 * @param string $name
 * @param int    $ident
 */
function displayArray_don($t, $name = '', $ident = 0)
{
    if (is_array($t)) {
        echo '------------------------------------------------<br />';
        echo 'displayArray: ' . $name . ' - count = ' . count($t);
        //echo "<table ".getTblStyle().">";
        echo "<table>\n";

        echo '  <tr><td>';
        //jjd_echo ("displayArray: ".$name." - count = ".count($t), 255, "-") ;
        echo "</td></tr>\n";

        echo "  <tr><td>\n";
        echo '    <pre>';
        echo print_r($t);
        echo "</pre>\n";
        echo "  </td></tr>\n";
        echo "</table>\n";
    } else {
        echo "The variable ---|{$t}|--- is not an array\n";
        //        echo "l'indice ---|{$t}|--- n'est pas un tableau\n";
    }
    //jjd_echo ("Fin - ".$name, 255, "-") ;
}

/**
 * Display main top header table
 *
 */
function adminmain()
{
    global $tr_config, $modversion, $xoopsDB;

    echo "<div style=\"text-align: center;\">\n";
    echo "<table style='text-align: center; border-width: 1px; padding: 2px; margin: 2px; width: 90%;'>\n";
    echo "  <tr>\n";
    echo "    <td style='text-align: center; width: 25%;'><a href='index.php?op=Treasury'><img src='../images/admin/business_sm.png' alt='" . _AD_DON_TREASURY . "' />&nbsp;" . _AD_DON_TREASURY . "</a></td>\n";
    echo "    <td style='text-align: center; width: 25%;'><a href='index.php?op=ShowLog'><img src='../images/admin/view_text_sm.png' alt='" . _AD_DON_SHOW_LOG . "' />&nbsp;" . _AD_DON_SHOW_LOG . "</a></td>\n";
    echo "    <td style='text-align: center; width: 25%;'><a href='transaction.php'><img src='../images/admin/view_detailed_sm.png' alt='" . _AD_DON_SHOW_TXN . "' />&nbsp;" . _AD_DON_SHOW_TXN . "</a></td>\n";
    echo "    <td style='text-align: center; width: 25%;'><a href='index.php?op=Config'><img src='../images/admin/configure_sm.png' alt='" . _AD_DON_CONFIGURATION . "' />&nbsp;" . _AD_DON_CONFIGURATION . "</a></td>\n";
    echo "  </tr>\n";
    echo "</table>\n";
    echo "<br /></div>\n";
}


1		<?php
2		/************************************************************************/
3		/* Donations - Paypal financial management module for Xoops 2 */
4		/* Copyright (c) 2016 XOOPS Project */
5		/* http://dev.xoops.org/modules/xfmod/project/?group_id=1060 */
6		/*
7		/************************************************************************/
8		/* */
9		/* Based on NukeTreasury for PHP-Nuke - by Dave Lawrence AKA Thrash */
10		/* NukeTreasury - Financial management for PHP-Nuke */
11		/* Copyright (c) 2004 by Dave Lawrence AKA Thrash */
12		/* [email protected] */
13		/* [email protected] */
14		/* */
15		/************************************************************************/
16		/* */
17		/* This program is free software; you can redistribute it and/or modify */
18		/* it under the terms of the GNU General Public License as published by */
19		/* the Free Software Foundation; either version 2 of the License. */
20		/* */
21		/* This program is distributed in the hope that it will be useful, but */
22		/* WITHOUT ANY WARRANTY; without even the implied warranty of */
23		/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU */
24		/* General Public License for more details. */
25		/* */
26		/* You should have received a copy of the GNU General Public License */
27		/* along with this program; if not, write to the Free Software */
28		/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 */
29		/* USA */
30		/************************************************************************/
31
32		// defined('XOOPS_ROOT_PATH') \|\| exit('XOOPS root path not defined');
33
34		/**
35		* Set the Currency Indicator ($, etc...)
36		*
37		* @param string $curr PAYPAL abbreviation for currency
38		* @return string currency indicator (sign)
39		*
40		*/
41		function defineCurrency($curr)
42		{
43		switch ($curr) {
44		case 'AUD':
45		$currencySign = _MD_DON_CURR_AUD;
46		break;
47		case 'EUR':
48		$currencySign = _MD_DON_CURR_EUR;
49		break;
50		case 'GBP':
51		$currencySign = _MD_DON_CURR_GBP;
52		break;
53		case 'JPY':
54		$currencySign = _MD_DON_CURR_JPY;
55		break;
56		case 'CAD':
57		$currencySign = _MD_DON_CURR_CAD;
58		break;
59		case 'USD':
60		default:
61		$currencySign = _MD_DON_CURR_USD;
62		break;
63		}
64
65		return $currencySign;
66		}
67
68		/**
69		* Get all Config fields from DB
70		*
71		* @return array
72		*/
73		function configInfo()
74		{
75		global $xoopsDB;
76
77		$query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE subtype = '' OR subtype = 'array'";
78		$cfgset = $xoopsDB->query($query_cfg);
79		$tr_config = array();
80		while ($cfgset && $row = $xoopsDB->fetchArray($cfgset)) {
81		$tr_config[$row['name']] = $row['value'];
82		}
83
84		return $tr_config;
85		}
86
87		/**
88		* Get XOOPS Member Object
89		*
90		* @param int $muser_id
91		* @return FALSE - no member info avail for this id, SUCCESS - member object
92		*/
93		function mgetUserInfo($muser_id)
94		{
95		global $xoopsDB;
96		$thisUser = false;
97		if ((int)$muser_id > 0) {
98		$member_handler = xoops_getHandler('member');
99		$thisUser = $member_handler->getUser($muser_id);
100		}
101
102		return $thisUser;
103		}
104
105		/**
106		* Retrieve list of db table's field names
107		*
108		* EXAMPLE USAGE:
109		*
110		* $list=simple_query($xoopsDB->prefix('donations_transactions'));
111		*
112		* @param string $table_name DB table name
113		* @param string $key_col (optional) table column name
114		* @param mixed $key_val (optional) table column value
115		* @param array $ignore (optional) list of values to ignore (clear)
116		* @return mixed FALSE - nothing found, SUCCESS - array() of values
117		*/
118		function simple_query($table_name, $key_col = '', $key_val = '', $ignore = array())
119		{
120		global $xoopsDB;
121		// open the db
122		// $db_link = mysqli_connect(XOOPS_DB_HOST, XOOPS_DB_USER, XOOPS_DB_PASS);
123		$keys = '';
124		if ($key_col != '' && $key_val != '') {
125		$keys = "WHERE $key_col = $key_val";
126		}
127		// query table using key col/val
128		$simple_q = false;
129		$db_rs = $xoopsDB->query("SELECT * FROM $table_name $keys");
130		$num_fields = $xoopsDB->getFieldsNum($db_rs);
131		if ($num_fields) {
132		// first (and only) row
133		$simple_q = array();
134		$row = $xoopsDB->fetchArray($db_rs);
135		// load up array
136		if ($key_col != '' && $key_val != '') {
137	View Code Duplication	for ($i = 0; $i < $num_fields; ++$i) {
		0 ignored issues – show Duplication introduced 2016-03-29 09:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
138		$var = '';
139		$var = $xoopsDB->getFieldName($db_rs, $i);
140		$simple_q[$var] = $row[$var];
141		}
142		} else {
143	View Code Duplication	for ($i = 0; $i < $num_fields; ++$i) {
		0 ignored issues – show Duplication introduced 2016-03-29 09:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
144		$var = '';
145		$var = $xoopsDB->getFieldName($db_rs, $i);
146		if (!in_array($var, $ignore)) {
147		$simple_q[$var] = '';
148		}
149		}
150		}
151		}
152		$xoopsDB->freeRecordSet($db_rs);
153
154		return $simple_q;
155		}
156
157		/*
158		* Functions for Administration display
159		*/
160
161		/**
162		* Display a Config Option html Option Box in a 2 column table row
163		*
164		* @param string $name name of config variable in config DB table
165		* @param string $desc description of option box
166		*/
167		function ShowYNBox($name, $desc)
168		{
169		global $tr_config, $modversion, $xoopsDB;
170
171		$query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
172		$cfgset = $xoopsDB->query($query_cfg);
173		if ($cfgset) {
174		$cfg = $xoopsDB->fetchArray($cfgset);
175		$text = htmlentities($cfg['text']);
176		echo "<tr>\n" . " <td title=\"{$text}\" style=\"text-align: right;\">{$desc}</td>\n" . " <td title=\"{$text}\" style=\"text-align: left;\">";
177		echo " <select size=\"1\" name=\"var_{$name}\">";
178		if ($cfg['value']) {
179		echo " <option selected value=\"1\">" . _YES . '</option>' . " <option value=\"0\">" . _NO . '</option>';
180		} else {
181		echo " <option value=\"1\">" . _YES . '</option>' . " <option selected value=\"0\">" . _NO . '</option>';
182		}
183		echo " </select>\n";
184		echo " </td>\n";
185		echo "</tr>\n";
186		}
187		}
188
189		/**
190		* Display a Config option HTML Select Box in 2 column table
191		*
192		* @param string $name name of config DB table column
193		* @param string $desc description of select box to show
194		*/
195		function ShowDropBox($name, $desc)
196		{
197		global $tr_config, $modversion, $xoopsDB;
198
199		$query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
200		$cfgset = $xoopsDB->query($query_cfg);
201		if ($cfgset) {
202		$cfg = $xoopsDB->fetchArray($cfgset);
203		$text = htmlentities($cfg['text']);
204		echo "<tr style=\"text-align: center;\">\n" . " <td title=\"{$text}\" style=\"text-align: right; width: 50%;\">{$desc}</td>\n" . " <td title=\"{$text}\" style=\"text-align: left;\">\n";
205		echo " <select size=\"1\" name=\"var_{$name}-array\">\n";
206		if (isset($cfg['value'])) {
207		$splitArr = explode('\|', $cfg['value']);
208		$i = 0;
209		while ($i < count($splitArr)) {
210		$selected = (0 == $i) ? ' selected' : '';
211		echo " <option{$selected} value=\"{$splitArr[$i]}\">{$splitArr[$i]}</option>\n";
212		++$i;
213		}
214		}
215		echo " </select>\n";
216		echo " </td>\n";
217		echo "</tr>\n";
218		}
219		}
220
221		/**
222		* Display Config Array Drop Box in HTML 2 column table row
223		*
224		* @param string $name name of DB column in config table
225		* @param string $desc description to display for select box
226		* @param array $x_array array( array($value1, $attrib1), array(...) )
227		*/
228		function ShowArrayDropBox($name, $desc, $x_array)
229		{
230		global $tr_config, $modversion, $xoopsDB;
231		$query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}' LIMIT 1";
232		$cfgset = $xoopsDB->query($query_cfg);
233		if ($cfgset) {
234		$cfg = $xoopsDB->fetchArray($cfgset);
235		$text = htmlentities($cfg['text']);
236		echo "<tr>\n" . " <td title=\"{$text}\" style=\"text-align: right;\">{$desc}</td>\n" . " <td title=\"{$text}\" style=\"text-align: left;\">\n";
237		echo " <select size=\"1\" name=\"var_{$name}\">\n";
238		if (isset($cfg['value'])) {
239		if (0 == $cfg['value']) {
240		echo " <option selected value=\"0\">-------</option>\n";
241		} else {
242		echo " <option value=\"0\">-------</option>\n";
243		}
244		$i = 0;
245		while ($i < count($x_array)) {
246		$mvar = $x_array[$i];
247		$selected = '';
248		if ($mvar[0] == $cfg['value']) {
249		$selected = ' selected';
250		}
251		echo " <option{$selected} value=\"{$mvar[0]}\">{$mvar[1]}</option>\n";
252		++$i;
253		}
254		}
255		echo " </select>\n";
256		echo " </td>\n";
257		echo "</tr>\n";
258		}
259		}
260
261		/**
262		* Display Config Option Text Box in a 2 column table row
263		*
264		* @param string $name name of DB column in config table
265		* @param string $desc description of text box to display
266		* @param int $tdWidth width of description field
267		* @param int $inpSize width of text input box
268		* @param string $extra extra info included in input box 'string'
269		*/
270		function ShowTextBox($name, $desc, $tdWidth, $inpSize, $extra)
271		{
272		global $tr_config, $modversion, $xoopsDB;
273
274		$query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
275		$cfgset = $xoopsDB->query($query_cfg);
276		if ($cfgset) {
277		$cfg = $xoopsDB->fetchArray($cfgset);
278		$text = htmlentities($cfg['text']);
279		echo "<tr>\n" . " <td title=\"{$text}\" style=\"text-align: right; width: {$tdWidth};\">{$desc}</td>\n" . " <td title=\"{$text}\" style=\"text-align: left;\">\n" . " <input size=\"{$inpSize}\" name=\"var_{$name}\" type=\"text\" value=\"{$cfg['value']}\" {$extra} />\n" . " </td>\n" . "</tr>\n";
280		}
281		}
282
283		/************************************************************************
284		*
285		***********************************************************************
286		* @param $xnm
287		* @param $ynm
288		* @param $desc
289		* @param $inpSize
290		* @param $extra
291		*/
292		function ShowImgXYBox($xnm, $ynm, $desc, $inpSize, $extra)
293		{
294		global $tr_config, $modversion, $xoopsDB;
295
296		$query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '$xnm'";
297		$cfgset = $xoopsDB->query($query_cfg);
298
299		if ($cfgset) {
300		$cfg = $xoopsDB->fetchArray($cfgset);
301
302		$text = htmlentities($cfg['text']);
303		echo "<tr>\n" . " <td title=\"{$text}\" style=\"text-align: right;\">{$desc}</td>\n" . " <td title=\"{$text}\" style=\"text-align: left;\">\n";
304		echo '  ' . _AD_DON_WIDTH . " \n" . " <input size=\"{$inpSize}\" name=\"var_{$cfg['name']}\" type=\"text\" value=\"{$cfg['value']}\" {$extra} />\n";
305
306		$query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '$ynm'";
307		$cfgset = $xoopsDB->query($query_cfg);
308		if ($cfgset) {
309		$cfg = $xoopsDB->fetchArray($cfgset);
310		echo '   ' . _AD_DON_HEIGHT . " \n" . " <input size=\"{$inpSize}\" name=\"var_{$cfg['name']}\" type=\"text\" value=\"{$cfg['value']}\" {$extra} />\n";
311		}
312		echo " </td>\n" . "</tr>\n";
313		}
314		}
315
316		/*
317		* Functions to save Administration settings
318		*/
319
320		/**
321		* Update the Config option in the database
322		*
323		* @param string $name config var name in the database
324		* @param string $sub config subtype in the database
325		* @param mixed $val config var value
326		* @param string $txt configuration text for this var
327		* @return bool TRUE value updated, FALSE value not updated
328		*/
329		function updateDb($name, $sub, $val, $txt)
330		{
331		global $tr_config, $ilog, $xoopsDB;
332		$insertRecordset = 'UPDATE `' . $xoopsDB->prefix('donations_config') . '`' . " SET `value`='$val', `text`='{$txt}'" . " WHERE `name`='{$name}' AND `subtype`='{$sub}'";
333		$ilog .= "{$insertRecordset}<br /><br />";
334		echo "{$insertRecordset}<br /><br />";
335		echo "<span style=\"color: #FF0000; font-weight: bold;\">";
336		$rvalue = $xoopsDB->query($insertRecordset);
337		echo '</span>';
338		$retVal = $rvalue ? true : false;
339
340		return $retVal;
341		}
342
343		/************************************************************************
344		*
345		***********************************************************************
346		* @param $name
347		* @param $sub
348		* @param $val
349		* @param $txt
350		*/
351		function updateDbShort($name, $sub, $val, $txt='')
352		{
353		global $tr_config, $ilog, $xoopsDB;
354		if ($sub === 'array') {
355		$newArr = '';
356		$query_cfg = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
357		$cfgset = $xoopsDB->query($query_cfg);
358		$cfg = $xoopsDB->fetchArray($cfgset);
359		if (isset($cfg['value'])) {
360		$splitArr = explode('\|', $cfg['value']);
361		$newArr = $val;
362		$i = 0;
363		while (false != ($singleVar = $splitArr[$i])) {
364		if ($singleVar != $val) {
365		$newArr = $newArr . '\|' . $singleVar;
366		}
367		++$i;
368		}
369		$val = $newArr;
370		}
371		}
372		$insertRecordset = 'UPDATE `' . $xoopsDB->prefix('donations_config') . '`' . " SET `value`='{$val}'" . " WHERE `name`='{$name}' AND `subtype`='{$sub}'";
373
374		$ilog .= "{$insertRecordset}<br /><br />\n";
375		echo "{$insertRecordset}<br /><br /><span style=\"color: #FF0000; font-weight: bold;\">\n";
376		$rvalue = $xoopsDB->query($insertRecordset);
377		echo "</span>\n";
378		}
379
380		/**
381		* Get Configuration Value
382		*
383		* @param string $name name of configuration variable
384		* @return mixed value of config var on success, FALSE on failure
385		*
386		*/
387		function getLibConfig($name)
388		{
389		global $xoopsDB;
390
391		$sql = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . " WHERE name = '{$name}'";
392		$Recordset = $xoopsDB->query($sql);
393		$row = $xoopsDB->fetchArray($Recordset);
394		// $text = $b = html_entity_decode($row['text']);
395		$text = html_entity_decode($row['text']);
396
397		return $text;
398		}
399
400		/**
401		*
402		* Get All Configuration Values
403		*
404		* @return array SUCCESS - array of config values (name as key); FAIL - empty
405		*/
406		function getAllLibConfig()
407		{
408		global $xoopsDB;
409
410		$sql = 'SELECT * FROM ' . $xoopsDB->prefix('donations_config') . ' ORDER BY name, subtype';
411		$sqlquery = $xoopsDB->query($sql);
412
413		$t = array();
414		while (false != ($sqlfetch = $xoopsDB->fetchArray($sqlquery))) {
415		$text = html_entity_decode($sqlfetch['text']);
416		$text = str_replace('<br />', "\r\n", $text);
417		$text = str_replace('<br />', "\r\n", $text);
418
419		if ($sqlfetch['subtype'] == '') {
420		$t[$sqlfetch['name']] = $text;
421		} else {
422		$t[$sqlfetch['name']][$sqlfetch['subtype']] = $text;
423		}
424		}
425		//displayArray($t,"------getAllLibConfig-----------");
426		return $t;
427		}
428
429		/*******************************************************************
430		*
431		******************************************************************
432		* @param $t
433		* @param string $name
434		* @param int $ident
435		*/
436		function displayArray_don($t, $name = '', $ident = 0)
437		{
438		if (is_array($t)) {
439		echo '------------------------------------------------<br />';
440		echo 'displayArray: ' . $name . ' - count = ' . count($t);
441		//echo "<table ".getTblStyle().">";
442		echo "<table>\n";
443
444		echo ' <tr><td>';
445		//jjd_echo ("displayArray: ".$name." - count = ".count($t), 255, "-") ;
446		echo "</td></tr>\n";
447
448		echo " <tr><td>\n";
449		echo ' <pre>';
450		echo print_r($t);
451		echo "</pre>\n";
452		echo " </td></tr>\n";
453		echo "</table>\n";
454		} else {
455		echo "The variable ---\|{$t}\|--- is not an array\n";
456		// echo "l'indice ---\|{$t}\|--- n'est pas un tableau\n";
457		}
458		//jjd_echo ("Fin - ".$name, 255, "-") ;
459		}
460
461		/**
462		* Display main top header table
463		*
464		*/
465		function adminmain()
466		{
467		global $tr_config, $modversion, $xoopsDB;
468
469		echo "<div style=\"text-align: center;\">\n";
470		echo "<table style='text-align: center; border-width: 1px; padding: 2px; margin: 2px; width: 90%;'>\n";
471		echo " <tr>\n";
472		echo " <td style='text-align: center; width: 25%;'><a href='index.php?op=Treasury'><img src='../images/admin/business_sm.png' alt='" . _AD_DON_TREASURY . "' /> " . _AD_DON_TREASURY . "</a></td>\n";
473		echo " <td style='text-align: center; width: 25%;'><a href='index.php?op=ShowLog'><img src='../images/admin/view_text_sm.png' alt='" . _AD_DON_SHOW_LOG . "' /> " . _AD_DON_SHOW_LOG . "</a></td>\n";
474		echo " <td style='text-align: center; width: 25%;'><a href='transaction.php'><img src='../images/admin/view_detailed_sm.png' alt='" . _AD_DON_SHOW_TXN . "' /> " . _AD_DON_SHOW_TXN . "</a></td>\n";
475		echo " <td style='text-align: center; width: 25%;'><a href='index.php?op=Config'><img src='../images/admin/configure_sm.png' alt='" . _AD_DON_CONFIGURATION . "' /> " . _AD_DON_CONFIGURATION . "</a></td>\n";
476		echo " </tr>\n";
477		echo "</table>\n";
478		echo "<br /></div>\n";
479		}
480

XoopsModules25x / xdonations

Issues (129)

Security Analysis not enabled

include/functions.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like