This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | // ------------------------------------------------------------------------ // |
||
3 | // -- XoopsHP Module -- Xoops e-Learning System // |
||
4 | // Copyright (c) 2005 SUDOW-SOKEN // |
||
5 | // <http://www.mailpark.co.jp/> // |
||
6 | // ------------------------------------------------------------------------ // |
||
7 | // Based on XoopsHP1.01 by Yoshi, aka HowardGee. // |
||
8 | // ------------------------------------------------------------------------ // |
||
9 | // This program is free software; you can redistribute it and/or modify // |
||
10 | // it under the terms of the GNU General Public License as published by // |
||
11 | // the Free Software Foundation; either version 2 of the License, or // |
||
12 | // (at your option) any later version. // |
||
13 | // // |
||
14 | // You may not change or alter any portion of this comment or credits // |
||
15 | // of supporting developers from this source code or any supporting // |
||
16 | // source code which is considered copyrighted (c) material of the // |
||
17 | // original comment or credit authors. // |
||
18 | // // |
||
19 | // This program is distributed in the hope that it will be useful, // |
||
20 | // but WITHOUT ANY WARRANTY; without even the implied warranty of // |
||
21 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // |
||
22 | // GNU General Public License for more details. // |
||
23 | // // |
||
24 | // You should have received a copy of the GNU General Public License // |
||
25 | // along with this program; if not, write to the Free Software // |
||
26 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // |
||
27 | // ------------------------------------------------------------------------ // |
||
28 | |||
29 | include_once __DIR__ . '/admin_header.php'; |
||
30 | |||
31 | $mydirname = basename(dirname(__DIR__)); |
||
32 | xoops_loadLanguage('main', $mydirname); |
||
33 | |||
34 | /*********************************************************/ |
||
35 | /* Sections Manager Functions */ |
||
36 | /*********************************************************/ |
||
37 | /** |
||
38 | * @param int $secid2show |
||
39 | */ |
||
40 | function sections($secid2show = 0) |
||
41 | { |
||
42 | global $xoopsConfig, $xoopsDB, $xoopsModule, $xoopsModuleConfig; |
||
43 | xoops_cp_header(); |
||
44 | // JS for checkbox manipulation |
||
45 | ?> |
||
46 | <SCRIPT TYPE="text/javascript"> |
||
47 | <!-- |
||
48 | var count; |
||
49 | function BoxesChecked(myform, check) { |
||
50 | for (count = 0; count < document.forms(myform).selected.length; count++) { |
||
51 | document.forms(myform).selected[count].checked = check; |
||
52 | } |
||
53 | } |
||
54 | --> |
||
55 | </SCRIPT> |
||
56 | <?php |
||
57 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
58 | include dirname(__DIR__) . '/module_prefix.php'; |
||
59 | $result = $xoopsDB->query('SELECT secid, secname, secdesc, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . ' ORDER BY secname'); |
||
60 | if ($xoopsDB->getRowsNum($result) > 0) { |
||
61 | $myts = MyTextSanitizer::getInstance(); |
||
62 | echo '<hr /><h4>' . _MD_CURACTIVESEC . _MD_CLICK2EDIT . '</h4>'; |
||
63 | echo "<form enctype='multipart/form-data' action='main.php' name='coursesform' method='post'>"; |
||
64 | echo "<table border='0' cellspacing='1' cellpadding ='3' class='outer'>"; |
||
65 | echo '<tr>'; |
||
66 | //echo "<th><input type='checkbox' onClick=\"BoxesChecked('coursesform', this.checked);\"></th>"; |
||
67 | echo '<th>' . _MD_SECNAMEC . '</th>'; |
||
68 | echo '<th>' . _MD_SECDESC . '</th>'; |
||
69 | echo '<th>' . _MD_LT_DISPLAY . '</th>'; |
||
70 | echo '<th size=19>' . _MD_LT_EXPIRE . '</th>'; |
||
71 | echo '<th>' . _MD_LT_ACTION . '</th>'; |
||
72 | echo '</tr>'; |
||
73 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
74 | while (list($secid, $secname, $secdesc, $display, $expire) = $xoopsDB->fetchRow($result)) { |
||
75 | $secid = (int)$secid; |
||
76 | $display = (int)$display; |
||
77 | $expire = $myts->displayTarea($expire); |
||
78 | $secname = $myts->displayTarea($secname); |
||
79 | $secdesc = $myts->displayTarea($secdesc); |
||
80 | echo '<tr>'; |
||
81 | //echo "<td class='even'><input type='checkbox' name='selected' value='$secid' /></td>"; |
||
82 | echo "<input type='hidden' name='id[$secid]' value='$secid' />"; |
||
83 | echo "<td class='even'><b>" . $secname . '</b></td>'; |
||
84 | echo "<td class='even'>" . $secdesc . '</td>'; |
||
85 | $checked = $display ? 'checked' : ''; |
||
86 | echo "<td class='even'><input type='checkbox' name='display[$secid]' " . $checked . ' /></td>'; |
||
87 | View Code Duplication | if ($expire !== '0000-00-00 00:00:00') { |
|
88 | if ($expire > $currenttime) { |
||
89 | echo "<td class='even'>" . $expire . '</td>'; |
||
90 | } else { |
||
91 | echo "<td class='even'>" . $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span></td>'; |
||
92 | } |
||
93 | } else { |
||
94 | echo "<td class='even'>" . '-------------------' . '</td>'; |
||
95 | } |
||
96 | echo "<td class='even'><a href='main.php?op=sectionedit&secid=" . $secid . "'>" . _MD_EDIT . '</a></td>'; |
||
97 | echo '</tr>'; |
||
98 | } |
||
99 | echo '</table>'; |
||
100 | echo '<br>'; |
||
101 | echo "<input type='hidden' name='op' value='sectiondispchange'>"; |
||
102 | echo "<input type='submit' value=" . _MD_SAVECHANGES . '>'; |
||
103 | echo '</form>'; |
||
104 | echo '<br>'; |
||
105 | |||
106 | echo '<hr><h4>' . _MD_ADDARTICLE . '</h4>'; |
||
107 | echo "<form enctype='multipart/form-data' action='main.php' method='post'>"; |
||
108 | echo '<b>' . _MD_TITLEC . '</b>'; |
||
109 | echo "<input class=textbox type='text' name='title' size=40 value=''><br><br>"; |
||
110 | include dirname(__DIR__) . '/module_prefix.php'; |
||
111 | $result = $xoopsDB->query('SELECT secid, secname, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . ' ORDER BY secname'); |
||
112 | echo '<b>' . _MD_SECNAMEC . "</b> <select name='secid'><option value='0' selected></option>"; |
||
113 | while (list($secid, $secname, $display, $expire) = $xoopsDB->fetchRow($result)) { |
||
114 | $secid = (int)$secid; |
||
115 | $secname = $myts->displayTarea($secname); |
||
116 | $display = (int)$display; |
||
117 | echo "<option value='$secid'>" . $secname; |
||
118 | if (!$display) { |
||
119 | echo ' (' . _MD_LT_HIDDEN . ')'; |
||
120 | } |
||
121 | echo '</option>'; |
||
122 | } |
||
123 | echo '</select><br><br>'; |
||
124 | echo '<b>' . _MD_CONTENTC . '</b>'; |
||
125 | echo "<input type='file' name='quizfile'>"; |
||
126 | echo '<i>' . _MD_FILE_MAX . (int)$xoopsModuleConfig['max_file_size'] . '</i><br><br>'; |
||
127 | echo "<input type='hidden' name='MAX_FILE_SIZE' value='" . $xoopsModuleConfig['max_file_size'] . "'>"; |
||
128 | echo '<b>' . _MD_LT_DISPLAY . '</b>'; |
||
129 | echo "<input type='checkbox' name='display[$secid]' checked /><br><br>"; |
||
130 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
131 | $expire = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s'); |
||
132 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>'; |
||
133 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'>"; |
||
134 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'><br>"; |
||
135 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
136 | echo "<input type='hidden' name='op' value='secarticleadd'>"; |
||
137 | echo "<input type='submit' value='" . _MD_DOADDARTICLE . "'>"; |
||
138 | echo '</form>'; |
||
139 | echo '<br>'; |
||
140 | |||
141 | echo '<hr><h4>' . _MD_LAST20ART . '</h4>'; |
||
142 | echo "<form action='main.php' method='post'>"; |
||
143 | echo '<b>' . _MD_SECNAMEC . '</b>'; |
||
144 | $onchangestr = "onchange=\"location='" . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . "/admin/main.php?op=sections&secid='+this.options[this.selectedIndex].value\""; |
||
145 | echo "<select name='secid'" . $onchangestr . '>'; |
||
146 | |||
147 | include dirname(__DIR__) . '/module_prefix.php'; |
||
148 | $result = $xoopsDB->query('SELECT secid, secname, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . ' ORDER BY secname'); |
||
149 | while (list($secid, $secname, $display, $expire) = $xoopsDB->fetchRow($result)) { |
||
150 | $secid = (int)$secid; |
||
151 | $secname = $myts->displayTarea($secname); |
||
152 | $display = (int)$display; |
||
153 | $expire = $myts->displayTarea($expire); |
||
154 | if (!$secid2show) { |
||
155 | $secid2show = $secid; |
||
156 | } |
||
157 | if ($secid == $secid2show) { |
||
158 | echo "<option value='$secid' selected>" . $secname; |
||
159 | } else { |
||
160 | echo "<option value='$secid'>" . $secname; |
||
161 | } |
||
162 | if (!$display) { |
||
163 | echo ' (' . _MD_LT_HIDDEN . ')'; |
||
164 | } |
||
165 | echo '</option>'; |
||
166 | } |
||
167 | echo '</select>'; |
||
168 | echo "<input type='hidden' name='op' value='sections'>"; |
||
169 | echo "<input type='submit' value='" . _MD_GO . "'>"; |
||
170 | echo '</form>'; |
||
171 | |||
172 | echo "<form enctype='multipart/form-data' action='main.php' method='post' name='tasksform'>"; |
||
173 | echo "<table border='0' cellspacing='1' cellpadding ='3' class='outer'>"; |
||
174 | echo '<tr>'; |
||
175 | //echo "<th><input type='checkbox' onClick=\"BoxesChecked('tasksform', this.checked);\"></th>"; |
||
176 | echo '<th>' . _MD_TITLEC . '</th>'; |
||
177 | echo '<th>' . _MD_LT_POSTED . '</th>'; |
||
178 | echo '<th>' . _MD_LT_DISPLAY . '</th>'; |
||
179 | echo '<th>' . _MD_LT_EXPIRE . '</th>'; |
||
180 | echo "<th COLSPAN='2'>" . _MD_LT_ACTION . '</th>'; |
||
181 | echo '</tr>'; |
||
182 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
183 | include dirname(__DIR__) . '/module_prefix.php'; |
||
184 | $qiz = $xoopsDB->prefix($module_prefix . '_quiz'); |
||
185 | $result = $xoopsDB->query("SELECT artid, secid, title, posted, display, expire FROM $qiz WHERE secid=" . (int)$secid2show . ' ORDER BY title'); |
||
186 | while (list($artid, $secid, $title, $posted, $display, $expire) = $xoopsDB->fetchRow($result)) { |
||
187 | $artid = (int)$artid; |
||
188 | $title = $myts->displayTarea($title); |
||
189 | $posted = $myts->displayTarea($posted); |
||
190 | $display = (int)$display; |
||
191 | $expire = $myts->displayTarea($expire); |
||
192 | $checked = $display ? 'checked' : ''; |
||
193 | echo '<tr>' . "<input type='hidden' name='id[$artid]' value='$artid' />" //."<td class='even'><input type='checkbox' name='selected' value='$artid' /></td>" |
||
194 | . "<td class='even'><b>$title</b></td>" . "<td class='even'>$posted</td>" . "<td class='even'><input type='checkbox' name='display[$artid]' " . $checked . ' /></td>'; |
||
195 | View Code Duplication | if ($expire !== '0000-00-00 00:00:00') { |
|
196 | if ($expire > $currenttime) { |
||
197 | echo "<td class='even'>" . $expire . '</td>'; |
||
198 | } else { |
||
199 | echo "<td class='even'>" . $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span></td>'; |
||
200 | } |
||
201 | } else { |
||
202 | echo "<td class='even'>" . '-------------------' . '</td>'; |
||
203 | } |
||
204 | echo "<td class='even'><a href=main.php?op=secartedit&artid=$artid>" . _MD_EDIT . '</a></td>' . "<td class='even'><a href=main.php?op=secartdelete&artid=$artid>" . _MD_DELETE |
||
205 | . '</a></td>' . '</tr>'; |
||
206 | } |
||
207 | echo '</table><br>'; |
||
208 | echo "<input type='hidden' name='op' value='articledispchange' />"; |
||
209 | echo "<input type='submit' value=" . _MD_SAVECHANGES . ' />'; |
||
210 | echo '</form>'; |
||
211 | } |
||
212 | |||
213 | echo '<br>'; |
||
214 | echo '<hr /><h4>' . _MD_ADDNEWSEC . '</h4>'; |
||
215 | echo "<form action='main.php' method='post'>"; |
||
216 | echo '<b>' . _MD_SECNAMEC . '</b> ' . _MD_MAXCHAR . '<br>'; |
||
217 | echo "<input class='textbox' type='text' name='secname' size='40' maxlength='40' /><br><br>"; |
||
218 | echo '<b>' . _MD_SECDESC . '</b> ' . _MD_EXDESC . '<br>'; |
||
219 | echo "<input class='textbox' type='text' name='secdesc' size='40' maxlength='255' /><br><br>"; |
||
220 | echo '<b>' . _MD_LT_DISPLAY . '</b>'; |
||
221 | echo "<input class='textbox' type='checkbox' name='display' value='1' checked /><br><br>"; |
||
222 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
223 | $expire = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s'); |
||
224 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>'; |
||
225 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'>"; |
||
226 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'><br>"; |
||
227 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
228 | echo "<input type='hidden' name='op' value='sectionmake' />"; |
||
229 | echo "<input type='submit' value='" . _MD_GOADDSECTION . "' />"; |
||
230 | echo '</form>'; |
||
231 | } |
||
232 | |||
233 | /** |
||
234 | * @param $artid |
||
235 | */ |
||
236 | function secartedit($artid) |
||
237 | { |
||
238 | global $xoopsDB, $xoopsConfig, $xoopsModule, $xoopsModuleConfig; |
||
239 | $myts = MyTextSanitizer::getInstance(); |
||
240 | xoops_cp_header(); |
||
241 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
242 | $artid = (int)$artid; |
||
243 | include dirname(__DIR__) . '/module_prefix.php'; |
||
244 | $result = $xoopsDB->query('SELECT artid, secid, title, content, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$artid"); |
||
245 | list($artid, $secid, $title, $content, $display, $expire) = $xoopsDB->fetchRow($result); |
||
246 | $artid = (int)$artid; |
||
247 | $secid = (int)$secid; |
||
248 | $title = $myts->displayTarea($myts->stripSlashesGPC($title)); |
||
249 | $content = $myts->htmlSpecialChars($myts->stripSlashesGPC($content)); |
||
250 | $display = (int)$display; |
||
251 | $expire = $myts->stripSlashesGPC($expire); |
||
252 | $expire = $myts->displayTarea($expire); |
||
253 | echo '<hr /><h3>' . _MD_EDITARTICLE . '</h3>'; |
||
254 | echo "<form enctype='multipart/form-data' action='main.php' method='post'>"; |
||
255 | echo '<b>' . _MD_EDITARTID . ' ' . $artid . '</b><br><br>'; |
||
256 | echo '<b>' . _MD_TITLEC . "</b><input class='textbox' type='text' name='title' size='40' value='" . $title . "' /><br><br>"; |
||
257 | echo '<b>' . _MD_SECNAMEC . "</b> <select name='secid'>"; |
||
258 | include dirname(__DIR__) . '/module_prefix.php'; |
||
259 | $result2 = $xoopsDB->query('SELECT secid, secname, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . ' ORDER BY secname'); |
||
260 | while (list($secid2, $secname, $display2, $expire2) = $xoopsDB->fetchRow($result2)) { |
||
261 | $secid2 = (int)$secid2; |
||
262 | $secname = $myts->displayTarea($secname); |
||
263 | $display2 = (int)$display2; |
||
264 | $expire2 = $myts->displayTarea($expire2); |
||
265 | if ($secid2 == $secid) { |
||
266 | echo "<option value='$secid2' selected>"; |
||
267 | } else { |
||
268 | echo "<option value='$secid2'>"; |
||
269 | } |
||
270 | echo $secname; |
||
271 | if (!$display2) { |
||
272 | echo ' (' . _MD_LT_HIDDEN . ')'; |
||
273 | } |
||
274 | echo '</option>'; |
||
275 | } |
||
276 | echo '</select>'; |
||
277 | echo '<br><br>'; |
||
278 | echo '<b>' . _MD_LT_DISPLAY . '</b>'; |
||
279 | $checked = $display ? 'checked' : ''; |
||
280 | echo "<input type='checkbox' name='display' " . $checked . ' /><br><br>'; |
||
281 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
282 | $endtime = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s'); |
||
283 | View Code Duplication | if ($expire !== '0000-00-00 00:00:00') { |
|
284 | if ($expire > $currenttime) { |
||
285 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
286 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1' checked>"; |
||
287 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'> <br>"; |
||
288 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
289 | } else { |
||
290 | echo '<b>' . _MD_LT_EXPIRE . '</b>: '; |
||
291 | echo $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span><br>'; |
||
292 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
293 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> "; |
||
294 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>"; |
||
295 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
296 | } |
||
297 | } else { |
||
298 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
299 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> "; |
||
300 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>"; |
||
301 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
302 | } |
||
303 | echo '<b>' . _MD_CONTENTC . '</b>' . _MD_READONLY . '<br>'; |
||
304 | //echo "<a href='../main.php?op=viewarticle&artid=$artid' target='quiz_window'><b>Preview</b></a>"; |
||
305 | |||
306 | echo "<textarea class='textbox' name='content' cols='60' rows='10' readonly>$content</textarea>"; |
||
307 | echo "<input type='hidden' name='MAX_FILE_SIZE' value='200000'><br>"; |
||
308 | echo '<b>' . _MD_FILE2REPLACE . "</b><input type='file' name='quizfile'><br><br>"; |
||
309 | echo "<input type='hidden' name='artid' value='$artid'>"; |
||
310 | echo "<input type='hidden' name='op' value='secartchange'>"; |
||
311 | echo "<table border='0'><tr><td>"; |
||
312 | echo "<input type='submit' value='" . _MD_SAVECHANGES . "'>"; |
||
313 | echo '</td></form>'; |
||
314 | echo "<form action='main.php' method='post'>"; |
||
315 | echo '<td>'; |
||
316 | echo "<input type='hidden' name='artid' value='$artid'>"; |
||
317 | echo "<input type='hidden' name='op' value='secartdelete'>"; |
||
318 | echo "<input type='submit' value='" . _MD_DELETE . "'>"; |
||
319 | echo '</td></form></tr></table>'; |
||
320 | } |
||
321 | |||
322 | /** |
||
323 | * @param $secid |
||
324 | */ |
||
325 | function sectionedit($secid) |
||
326 | { |
||
327 | global $xoopsDB, $xoopsConfig, $xoopsModule, $xoopsModuleConfig; |
||
328 | xoops_cp_header(); |
||
329 | echo '<h4>' . _AM_SECCONF . '</h4><br>'; |
||
330 | $myts = MyTextSanitizer::getInstance(); |
||
331 | $secid = (int)$secid; |
||
332 | include dirname(__DIR__) . '/module_prefix.php'; |
||
333 | $result = $xoopsDB->query('SELECT secid, secname, secdesc, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . " WHERE secid=$secid"); |
||
334 | list($secid, $secname, $secdesc, $display, $expire) = $xoopsDB->fetchRow($result); |
||
335 | $secname = $myts->stripSlashesGPC($secname); |
||
336 | $secdesc = $myts->stripSlashesGPC($secdesc); |
||
337 | $display = (int)$display; |
||
338 | $expire = $myts->stripSlashesGPC($expire); |
||
339 | $expire = $myts->displayTarea($expire); |
||
340 | include dirname(__DIR__) . '/module_prefix.php'; |
||
341 | $result2 = $xoopsDB->query('select artid from ' . $xoopsDB->prefix($module_prefix . '_quiz') . " where secid=$secid"); |
||
342 | $number = $xoopsDB->getRowsNum($result2); |
||
343 | |||
344 | echo '<h4>'; |
||
345 | printf(_MD_EDITTHISSEC, $myts->displayTarea($secname)); |
||
346 | echo '</h4>'; |
||
347 | echo '<br>'; |
||
348 | printf(_MD_THISSECHAS, $number); |
||
349 | |||
350 | echo '<br><br>'; |
||
351 | echo "<form action='main.php' method='post'><br>"; |
||
352 | echo '<b>' . _MD_SECNAMEC . '</b> ' . _MD_MAXCHAR . '<br>'; |
||
353 | echo "<input class='textbox' type='text' name='secname' size='40' maxlength='40' value='" . $myts->displayTarea($secname) . "' /><br><br>"; |
||
354 | echo '<b>' . _MD_SECDESC . '</b> ' . _MD_EXDESC . '<br>'; |
||
355 | echo "<input class='textbox' type='text' name='secdesc' size='40' maxlength='50' value='" . $myts->displayTarea($secdesc) . "' /><br><br>"; |
||
356 | echo "<input type='hidden' name='secid' value='" . $secid . "' />"; |
||
357 | echo '<b>' . _MD_LT_DISPLAY . '</b>'; |
||
358 | $checked = $display ? 'checked' : ''; |
||
359 | echo "<input type='checkbox' name='display' value='1' " . $checked . ' /><br><br>'; |
||
360 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
361 | $endtime = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s'); |
||
362 | View Code Duplication | if ($expire !== '0000-00-00 00:00:00') { |
|
363 | if ($expire > $currenttime) { |
||
364 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
365 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1' checked>"; |
||
366 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'> <br>"; |
||
367 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
368 | } else { |
||
369 | echo '<b>' . _MD_LT_EXPIRE . '</b>: '; |
||
370 | echo $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span><br>'; |
||
371 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
372 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> "; |
||
373 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>"; |
||
374 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
375 | } |
||
376 | } else { |
||
377 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
378 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> "; |
||
379 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>"; |
||
380 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
381 | } |
||
382 | echo "<input type='hidden' name='op' value='sectionchange' />"; |
||
383 | |||
384 | echo "<table border='0'><tr><td>"; |
||
385 | echo "<input type='submit' value='" . _MD_SAVECHANGES . "' />"; |
||
386 | echo '</td></form>'; |
||
387 | echo "<form action='main.php' method='post'>"; |
||
388 | echo '<td>'; |
||
389 | echo "<input type='hidden' name='secid' value='" . $secid . "' />"; |
||
390 | echo "<input type='hidden' name='op' value='sectiondelete' />"; |
||
391 | echo "<input type='submit' value='" . _MD_DELETE . "' />"; |
||
392 | echo '</td></form></tr></table>'; |
||
393 | } |
||
394 | |||
395 | /** |
||
396 | * @param $content |
||
397 | * @return mixed |
||
398 | */ |
||
399 | function cgi_replace($content) |
||
400 | { |
||
401 | global $xoopsDB, $xoopsModule; |
||
402 | if (!strpos(_XD_FB_CODE4RESULTS_MARKER, $content)) { |
||
403 | $content = str_replace(_XD_FB_CODE4RESULTS_INSERT, _XD_FB_CODE4RESULTS . "\n\n" . _XD_FB_CODE4RESULTS_INSERT, $content); |
||
404 | View Code Duplication | if (!strpos(_XD_FB_CODE4STARTUP, $content)) { |
|
405 | $content = str_replace(_XD_FB_CODE4STARTUP_INSERT, "\\0\n\n" . _XD_FB_CODE4STARTUP . "\n", $content); |
||
406 | } else { |
||
407 | redirect_header('main.php', 3, _MD_ERRORQUIZFILE); |
||
408 | } |
||
409 | View Code Duplication | if (!strpos(_XD_FB_CODE4SEND, $content)) { |
|
410 | $content = str_replace(_XD_FB_CODE4SEND_INSERT, "\\0\n\n" . _XD_FB_CODE4SEND, $content); |
||
411 | } else { |
||
412 | redirect_header('main.php', 3, _MD_ERRORQUIZFILE); |
||
413 | } |
||
414 | } |
||
415 | |||
416 | $content = str_replace('toLocaleString', 'toGMTString', $content); |
||
417 | $action = XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/process_form.php'; |
||
418 | |||
419 | return preg_replace("/var ResultForm = '<html><body><form name=\"Results\" action=\"[^\"]*\"/", "var ResultForm = '<html><body><form name=\"Results\" action=\"$action\" accept-charset=\"EUC-JP\"", |
||
420 | $content); |
||
421 | } |
||
422 | |||
423 | // URL GET_VARS OPTION |
||
424 | $op = ''; |
||
425 | |||
426 | if (isset($_GET['op'])) { |
||
427 | $op = trim($_GET['op']); |
||
428 | $artid = isset($_GET['artid']) ? (int)$_GET['artid'] : 0; |
||
429 | $secid = isset($_GET['secid']) ? (int)$_GET['secid'] : 0; |
||
430 | $res_id = isset($_GET['res_id']) ? (int)$_GET['res_id'] : 0; |
||
431 | } elseif (!empty($_POST['op'])) { |
||
432 | $op = $_POST['op']; |
||
433 | $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0; |
||
434 | $secid = !empty($_POST['secid']) ? (int)$_POST['secid'] : 0; |
||
435 | $res_id = !empty($_POST['res_id']) ? (int)$_POST['res_id'] : 0; |
||
436 | } |
||
437 | |||
438 | switch ($op) { |
||
439 | case 'sections': |
||
440 | sections($secid); |
||
441 | break; |
||
442 | |||
443 | case 'sectionedit': |
||
444 | sectionedit($secid); |
||
445 | break; |
||
446 | |||
447 | case 'sectionmake': |
||
448 | $myts = MyTextSanitizer::getInstance(); |
||
449 | $secname = !empty($_POST['secname']) ? $myts->stripSlashesGPC($_POST['secname']) : ''; |
||
450 | View Code Duplication | if (empty($_POST['secname'])) { |
|
451 | redirect_header('main.php', 2, _MD_ERRORSECNAME); |
||
452 | } else { |
||
453 | $secname = $myts->stripSlashesGPC($_POST['secname']); |
||
454 | } |
||
455 | $secdesc = !empty($_POST['secdesc']) ? $myts->stripSlashesGPC($_POST['secdesc']) : ''; |
||
456 | $display = (int)(empty($_POST['display']) ? 0 : 1); |
||
457 | $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1); |
||
458 | $expire = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : 0; |
||
459 | $expire = $expire != 0 ? $xoopsDB->quoteString($expire) : 0; |
||
460 | $secname = $xoopsDB->quoteString($secname); |
||
461 | $secdesc = $xoopsDB->quoteString($secdesc); |
||
462 | include dirname(__DIR__) . '/module_prefix.php'; |
||
463 | $newid = $xoopsDB->genId($xoopsDB->prefix($module_prefix . '_sections') . '_secid_seq'); |
||
464 | include dirname(__DIR__) . '/module_prefix.php'; |
||
465 | $mytable = $xoopsDB->prefix($module_prefix . '_sections'); |
||
466 | $result = $xoopsDB->query('INSERT INTO ' . $mytable . " (secid, secname, secdesc, display, expire) VALUES ($newid, $secname, $secdesc, $display, $expire)"); |
||
467 | if ($result) { |
||
468 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
469 | break; |
||
470 | } else { |
||
471 | var_dump($result, $module_prefix, $newid, $display, $expire); |
||
0 ignored issues
–
show
Security
Debugging Code
introduced
by
![]() |
|||
472 | redirect_header('main.php?op=sections', 2, _AM_MSG_UPDATE_FAILED); |
||
473 | } |
||
474 | |||
475 | case 'secartdelete': |
||
476 | xoops_cp_header(); |
||
477 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
478 | $myts = MyTextSanitizer::getInstance(); |
||
479 | View Code Duplication | if (!empty($_POST['artid'])) { |
|
480 | $artid = (int)$_POST['artid']; |
||
481 | } elseif (!empty($_GET['artid'])) { |
||
482 | $artid = (int)$_GET['artid']; |
||
483 | } else { |
||
484 | $artid = 0; |
||
485 | } |
||
486 | $artid = (int)$artid; |
||
487 | include dirname(__DIR__) . '/module_prefix.php'; |
||
488 | $result = $xoopsDB->query('SELECT title FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$artid"); |
||
489 | list($title) = $xoopsDB->fetchRow($result); |
||
490 | $title = $myts->displayTarea($title); |
||
491 | xoops_confirm(array('op' => 'secartdelete_ok', 'artid' => $artid), 'main.php', sprintf(_MD_DELETETHISART, $title) . '<br><br>' . _MD_RUSUREDELART); |
||
492 | break; |
||
493 | |||
494 | case 'secartdelete_ok': |
||
495 | $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0; |
||
496 | if ($artid <= 0) { |
||
497 | redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED); |
||
498 | } |
||
499 | include dirname(__DIR__) . '/module_prefix.php'; |
||
500 | $xoopsDB->query('DETELE FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$artid"); |
||
501 | include dirname(__DIR__) . '/module_prefix.php'; |
||
502 | $xoopsDB->query('DETELE FROM ' . $xoopsDB->prefix($module_prefix . '_results') . " WHERE quiz_id=$artid"); |
||
503 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
504 | break; |
||
505 | |||
506 | case 'sectionchange': |
||
507 | if ($secid <= 0) { |
||
508 | redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED); |
||
509 | } |
||
510 | $myts = MyTextSanitizer::getInstance(); |
||
511 | View Code Duplication | if (empty($_POST['secname'])) { |
|
512 | redirect_header('main.php', 2, _MD_ERRORSECNAME); |
||
513 | } else { |
||
514 | $secname = $myts->stripSlashesGPC($_POST['secname']); |
||
515 | } |
||
516 | $secdesc = !empty($_POST['secdesc']) ? $myts->stripSlashesGPC($_POST['secdesc']) : ''; |
||
517 | $secname = $xoopsDB->quoteString($secname); |
||
518 | $secdesc = $xoopsDB->quoteString($secdesc); |
||
519 | $display = (int)(empty($_POST['display']) ? 0 : 1); |
||
520 | $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1); |
||
521 | $expire = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : ''; |
||
522 | $expire = $xoopsDB->quoteString($expire); |
||
523 | include dirname(__DIR__) . '/module_prefix.php'; |
||
524 | $secid = (int)$secid; |
||
525 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_sections') . " SET secname=$secname, secdesc=$secdesc, display=$display, expire=$expire WHERE secid=$secid"); |
||
526 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
527 | break; |
||
528 | |||
529 | View Code Duplication | case 'sectiondispchange': |
|
530 | foreach ($_POST['id'] as $secid) { |
||
531 | $secid = (int)$secid; |
||
532 | $display = (int)(empty($_POST['display'][$secid]) ? 0 : 1); |
||
533 | include dirname(__DIR__) . '/module_prefix.php'; |
||
534 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_sections') . " set display=$display WHERE secid=$secid"); |
||
535 | } |
||
536 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
537 | break; |
||
538 | |||
539 | View Code Duplication | case 'articledispchange': |
|
540 | foreach ($_POST['id'] as $artid) { |
||
541 | $artid = (int)$artid; |
||
542 | $display = (int)(empty($_POST['display'][$artid]) ? 0 : 1); |
||
543 | include dirname(__DIR__) . '/module_prefix.php'; |
||
544 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_quiz') . " set display=$display WHERE artid=$artid"); |
||
545 | } |
||
546 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
547 | break; |
||
548 | |||
549 | case 'secarticleadd': |
||
550 | if ($secid <= 0) { |
||
551 | redirect_header('main.php?op=sections', 2, _MD_ERRORSECNAME); |
||
552 | } |
||
553 | $myts = MyTextSanitizer::getInstance(); |
||
554 | if (empty($_POST['title'])) { |
||
555 | redirect_header('main.php?op=sections', 2, _MD_ERRORARTNAME); |
||
556 | } else { |
||
557 | $title = $myts->stripSlashesGPC($_POST['title']); |
||
558 | } |
||
559 | $title = $xoopsDB->quoteString($title); |
||
560 | $content = is_uploaded_file($_FILES['quizfile']['tmp_name']) ? implode(file($_FILES['quizfile']['tmp_name'])) : ''; |
||
561 | if (empty($content)) { |
||
562 | redirect_header('main.php?op=sections', 2, _MD_ERRORARTCONT); |
||
563 | } |
||
564 | $content = cgi_replace($content); |
||
565 | $content = $xoopsDB->quoteString($content); |
||
566 | $posted = $xoopsDB->quoteString(date('Y-m-d H:i:s')); |
||
567 | $poster = $xoopsUser->getVar('uid'); |
||
568 | $results_to = $xoopsDB->quoteString($xoopsUser->getVar('email')); |
||
569 | $display = (int)(empty($_POST['display']) ? 0 : 1); |
||
570 | $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1); |
||
571 | $expire = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : ''; |
||
572 | $expire = $xoopsDB->quoteString($expire); |
||
573 | |||
574 | include dirname(__DIR__) . '/module_prefix.php'; |
||
575 | $newid = $xoopsDB->genId($xoopsDB->prefix($module_prefix . '_quiz') . '_artid_seq'); |
||
576 | include dirname(__DIR__) . '/module_prefix.php'; |
||
577 | $result = $xoopsDB->query('INSERT INTO ' . $xoopsDB->prefix($module_prefix . '_quiz') |
||
578 | . " (artid, secid, title, content, posted, poster, results_to, counter, display, expire) VALUES ($newid, $secid, $title, $content, $posted, $poster, $results_to, 0, $display, $expire)"); |
||
579 | if ($result) { |
||
580 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
581 | break; |
||
582 | } else { |
||
583 | xoops_cp_header(); |
||
584 | echo "<table width='100%' border='0' cellspacing='1' class='outer'><tr><td class='odd'>"; |
||
585 | echo "<a href='./main.php'><h4>" . _AM_SECCONF . '</h4></a>'; |
||
586 | echo _MD_DBNOTUPDATED; |
||
587 | echo '<br>' . $success; |
||
588 | echo '</td></tr></table>'; |
||
589 | xoops_cp_footer(); |
||
590 | exit(); |
||
591 | } |
||
592 | |||
593 | case 'secartedit': |
||
594 | $artid = !empty($_REQUEST['artid']) ? (int)$_REQUEST['artid'] : 0; |
||
595 | if ($artid > 0) { |
||
596 | secartedit($artid); |
||
597 | } |
||
598 | break; |
||
599 | |||
600 | case 'secartchange': |
||
601 | $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0; |
||
602 | if ($artid <= 0) { |
||
603 | redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED); |
||
604 | } |
||
605 | $myts = MyTextSanitizer::getInstance(); |
||
606 | $secid = (int)$_POST['secid']; |
||
607 | $title = !empty($_POST['title']) ? $myts->stripSlashesGPC($_POST['title']) : ''; |
||
608 | $content = is_uploaded_file($_FILES['quizfile']['tmp_name']) ? implode(file($_FILES['quizfile']['tmp_name'])) : ''; |
||
609 | $display = (int)(empty($_POST['display']) ? 0 : 1); |
||
610 | $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1); |
||
611 | $expire = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : ''; |
||
612 | $expire = $xoopsDB->quoteString($expire); |
||
613 | $title = $xoopsDB->quoteString($title); |
||
614 | if (empty($content)) { |
||
615 | include dirname(__DIR__) . '/module_prefix.php'; |
||
616 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_quiz') . " SET secid=$secid, title=$title, display=$display, expire=$expire WHERE artid=$artid"); |
||
617 | } else { |
||
618 | $content = cgi_replace($content); |
||
619 | $content = $xoopsDB->quoteString($content); |
||
620 | include dirname(__DIR__) . '/module_prefix.php'; |
||
621 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_quiz') . " SET secid=$secid, title=$title, content=$content, display=$display, expire=$expire WHERE artid=$artid"); |
||
622 | } |
||
623 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
624 | break; |
||
625 | |||
626 | case 'sectiondelete': |
||
627 | xoops_cp_header(); |
||
628 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
629 | xoops_confirm(array('op' => 'sectiondelete_ok', 'secid' => $secid), 'main.php', _MD_RUSUREDELSEC . '<br>' . _MD_THISDELETESALL); |
||
630 | break; |
||
631 | |||
632 | case 'sectiondelete_ok': |
||
633 | include dirname(__DIR__) . '/module_prefix.php'; |
||
634 | $sql = sprintf('DELETE FROM %s WHERE secid = %u', $xoopsDB->prefix($module_prefix . '_quiz'), $secid); |
||
635 | $xoopsDB->query($sql); |
||
636 | include dirname(__DIR__) . '/module_prefix.php'; |
||
637 | $sql = sprintf('DELETE FROM %s WHERE secid = %u', $xoopsDB->prefix($module_prefix . '_sections'), $secid); |
||
638 | $xoopsDB->query($sql); |
||
639 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
640 | break; |
||
641 | |||
642 | case 'resultdelete': |
||
643 | xoops_cp_header(); |
||
644 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
645 | $myts = MyTextSanitizer::getInstance(); |
||
646 | View Code Duplication | if (!empty($_POST['res_id'])) { |
|
647 | $res_id = (int)$_POST['res_id']; |
||
648 | } elseif (!empty($_GET['res_id'])) { |
||
649 | $res_id = (int)$_GET['res_id']; |
||
650 | } else { |
||
651 | $res_id = 0; |
||
652 | } |
||
653 | include dirname(__DIR__) . '/module_prefix.php'; |
||
654 | $result = $xoopsDB->query('SELECT quiz_id, uid, score, timestamp FROM ' . $xoopsDB->prefix($module_prefix . '_results') . " WHERE id=$res_id"); |
||
655 | list($quiz_id, $uid, $score, $timestamp) = $xoopsDB->fetchRow($result); |
||
656 | include dirname(__DIR__) . '/module_prefix.php'; |
||
657 | $result = $xoopsDB->query('SELECT title FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$quiz_id"); |
||
658 | list($title) = $xoopsDB->fetchRow($result); |
||
659 | $message = '<center><br>' . _MD_RUSUREDELREC . '<br><br>'; |
||
660 | $message .= "<table border='1'><th>" . _MD_LT_STUDENT . '</th><th>' . _MD_LT_TITLE . '</th><th>' . _MD_LT_SCORE . '</th><th>' . _MD_LT_DATE . '</th></tr>'; |
||
661 | $message .= "<tr><td align='center'>" . $xoopsUser->getUnameFromId($uid) . "</td><td align='center'>$title</td><td align='center'>$score</td><td align='center'>$timestamp</td></tr>"; |
||
662 | $message .= '</table></center>'; |
||
663 | xoops_confirm(array('op' => 'resultdelete_ok', 'res_id' => $res_id, 'artid' => $quiz_id), 'main.php', $message); |
||
664 | break; |
||
665 | |||
666 | case 'resultdelete_ok': |
||
667 | $res_id = !empty($_POST['res_id']) ? (int)$_POST['res_id'] : 0; |
||
668 | $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0; |
||
669 | if ($res_id <= 0) { |
||
670 | redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED); |
||
671 | } |
||
672 | include dirname(__DIR__) . '/module_prefix.php'; |
||
673 | $sql = sprintf('DELETE FROM %s WHERE id = %u', $xoopsDB->prefix($module_prefix . '_results'), $res_id); |
||
674 | $xoopsDB->query($sql); |
||
675 | redirect_header("../main.php?op=viewresults&artid=$artid", 2, _MD_DBUPDATED); |
||
676 | break; |
||
677 | |||
678 | default: |
||
679 | sections(); |
||
680 | break; |
||
681 | } |
||
682 | |||
683 | xoops_cp_footer(); |
||
684 |