Issues (102)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

admin/main.php (27 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
0 ignored issues
show
Coding Style Compatibility introduced by
For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 40 and the first side effect is on line 29.

The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.

The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.

To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.

Loading history...
2
//  ------------------------------------------------------------------------ //
3
//             --  XoopsHP Module --       Xoops e-Learning System           //
4
//                     Copyright (c) 2005 SUDOW-SOKEN                        //
5
//                      <http://www.mailpark.co.jp/>                         //
6
//  ------------------------------------------------------------------------ //
7
//               Based on XoopsHP1.01 by Yoshi, aka HowardGee.               //
8
//  ------------------------------------------------------------------------ //
9
//  This program is free software; you can redistribute it and/or modify     //
10
//  it under the terms of the GNU General Public License as published by     //
11
//  the Free Software Foundation; either version 2 of the License, or        //
12
//  (at your option) any later version.                                      //
13
//                                                                           //
14
//  You may not change or alter any portion of this comment or credits       //
15
//  of supporting developers from this source code or any supporting         //
16
//  source code which is considered copyrighted (c) material of the          //
17
//  original comment or credit authors.                                      //
18
//                                                                           //
19
//  This program is distributed in the hope that it will be useful,          //
20
//  but WITHOUT ANY WARRANTY; without even the implied warranty of           //
21
//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            //
22
//  GNU General Public License for more details.                             //
23
//                                                                           //
24
//  You should have received a copy of the GNU General Public License        //
25
//  along with this program; if not, write to the Free Software              //
26
//  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA //
27
//  ------------------------------------------------------------------------ //
28
29
include_once __DIR__ . '/admin_header.php';
30
31
$mydirname = basename(dirname(__DIR__));
32
xoops_loadLanguage('main', $mydirname);
33
34
/*********************************************************/
35
/* Sections Manager Functions                            */
36
/*********************************************************/
37
/**
38
 * @param int $secid2show
39
 */
40
function sections($secid2show = 0)
41
{
42
    global $xoopsConfig, $xoopsDB, $xoopsModule, $xoopsModuleConfig;
0 ignored issues
show
Compatibility Best Practice introduced by
Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

Instead of relying on global state, we recommend one of these alternatives:

1. Pass all data via parameters

function myFunction($a, $b) {
    // Do something
}

2. Create a class that maintains your state

class MyClass {
    private $a;
    private $b;

    public function __construct($a, $b) {
        $this->a = $a;
        $this->b = $b;
    }

    public function myFunction() {
        // Do something
    }
}
Loading history...
43
    xoops_cp_header();
44
    // JS for checkbox manipulation
45
    ?>
46
    <SCRIPT TYPE="text/javascript">
47
        <!--
48
        var count;
49
        function BoxesChecked(myform, check) {
50
            for (count = 0; count < document.forms(myform).selected.length; count++) {
51
                document.forms(myform).selected[count].checked = check;
52
            }
53
        }
54
        -->
55
    </SCRIPT>
56
    <?php
57
    echo '<h4>' . _AM_SECCONF . '</h4>';
58
    include dirname(__DIR__) . '/module_prefix.php';
59
    $result = $xoopsDB->query('SELECT secid, secname, secdesc, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . ' ORDER BY secname');
0 ignored issues
show
The variable $module_prefix does not exist. Did you forget to declare it?

This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.

Loading history...
60
    if ($xoopsDB->getRowsNum($result) > 0) {
61
        $myts = MyTextSanitizer::getInstance();
62
        echo '<hr /><h4>' . _MD_CURACTIVESEC . _MD_CLICK2EDIT . '</h4>';
63
        echo "<form enctype='multipart/form-data' action='main.php' name='coursesform' method='post'>";
64
        echo "<table border='0' cellspacing='1' cellpadding ='3' class='outer'>";
65
        echo '<tr>';
66
        //echo "<th><input type='checkbox' onClick=\"BoxesChecked('coursesform', this.checked);\"></th>";
0 ignored issues
show
Unused Code Comprehensibility introduced by
57% of this comment could be valid code. Did you maybe forget this after debugging?

Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.

The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.

This check looks for comments that seem to be mostly valid code and reports them.

Loading history...
67
        echo '<th>' . _MD_SECNAMEC . '</th>';
68
        echo '<th>' . _MD_SECDESC . '</th>';
69
        echo '<th>' . _MD_LT_DISPLAY . '</th>';
70
        echo '<th size=19>' . _MD_LT_EXPIRE . '</th>';
71
        echo '<th>' . _MD_LT_ACTION . '</th>';
72
        echo '</tr>';
73
        $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s');
74
        while (list($secid, $secname, $secdesc, $display, $expire) = $xoopsDB->fetchRow($result)) {
75
            $secid   = (int)$secid;
76
            $display = (int)$display;
77
            $expire  = $myts->displayTarea($expire);
78
            $secname = $myts->displayTarea($secname);
79
            $secdesc = $myts->displayTarea($secdesc);
80
            echo '<tr>';
81
            //echo "<td class='even'><input type='checkbox' name='selected' value='$secid' /></td>";
82
            echo "<input type='hidden' name='id[$secid]' value='$secid' />";
83
            echo "<td class='even'><b>" . $secname . '</b></td>';
84
            echo "<td class='even'>" . $secdesc . '</td>';
85
            $checked = $display ? 'checked' : '';
86
            echo "<td class='even'><input type='checkbox' name='display[$secid]' " . $checked . ' /></td>';
87 View Code Duplication
            if ($expire !== '0000-00-00 00:00:00') {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
88
                if ($expire > $currenttime) {
89
                    echo "<td class='even'>" . $expire . '</td>';
90
                } else {
91
                    echo "<td class='even'>" . $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span></td>';
92
                }
93
            } else {
94
                echo "<td class='even'>" . '-------------------' . '</td>';
95
            }
96
            echo "<td class='even'><a href='main.php?op=sectionedit&amp;secid=" . $secid . "'>" . _MD_EDIT . '</a></td>';
97
            echo '</tr>';
98
        }
99
        echo '</table>';
100
        echo '<br>';
101
        echo "<input type='hidden' name='op' value='sectiondispchange'>";
102
        echo "<input type='submit' value=" . _MD_SAVECHANGES . '>';
103
        echo '</form>';
104
        echo '<br>';
105
106
        echo '<hr><h4>' . _MD_ADDARTICLE . '</h4>';
107
        echo "<form enctype='multipart/form-data' action='main.php' method='post'>";
108
        echo '<b>' . _MD_TITLEC . '</b>';
109
        echo "<input class=textbox type='text' name='title' size=40 value=''><br><br>";
110
        include dirname(__DIR__) . '/module_prefix.php';
111
        $result = $xoopsDB->query('SELECT secid, secname, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . '  ORDER BY secname');
112
        echo '<b>' . _MD_SECNAMEC . "</b> <select name='secid'><option value='0' selected></option>";
113
        while (list($secid, $secname, $display, $expire) = $xoopsDB->fetchRow($result)) {
0 ignored issues
show
The assignment to $expire is unused. Consider omitting it like so list($first,,$third).

This checks looks for assignemnts to variables using the list(...) function, where not all assigned variables are subsequently used.

Consider the following code example.

<?php

function returnThreeValues() {
    return array('a', 'b', 'c');
}

list($a, $b, $c) = returnThreeValues();

print $a . " - " . $c;

Only the variables $a and $c are used. There was no need to assign $b.

Instead, the list call could have been.

list($a,, $c) = returnThreeValues();
Loading history...
114
            $secid   = (int)$secid;
115
            $secname = $myts->displayTarea($secname);
116
            $display = (int)$display;
117
            echo "<option value='$secid'>" . $secname;
118
            if (!$display) {
119
                echo ' (' . _MD_LT_HIDDEN . ')';
120
            }
121
            echo '</option>';
122
        }
123
        echo '</select><br><br>';
124
        echo '<b>' . _MD_CONTENTC . '</b>';
125
        echo "<input type='file' name='quizfile'>";
126
        echo '<i>' . _MD_FILE_MAX . (int)$xoopsModuleConfig['max_file_size'] . '</i><br><br>';
127
        echo "<input type='hidden' name='MAX_FILE_SIZE' value='" . $xoopsModuleConfig['max_file_size'] . "'>";
128
        echo '<b>' . _MD_LT_DISPLAY . '</b>';
129
        echo "<input type='checkbox' name='display[$secid]' checked /><br><br>";
130
        $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s');
131
        $expire      = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s');
132
        echo '<b>' . _MD_LT_SET_EXPIRE . '</b>';
133
        echo "<input class='textbox' type='checkbox' name='setexpire' value='1'>";
134
        echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'><br>";
135
        echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>';
136
        echo "<input type='hidden' name='op' value='secarticleadd'>";
137
        echo "<input type='submit' value='" . _MD_DOADDARTICLE . "'>";
138
        echo '</form>';
139
        echo '<br>';
140
141
        echo '<hr><h4>' . _MD_LAST20ART . '</h4>';
142
        echo "<form action='main.php' method='post'>";
143
        echo '<b>' . _MD_SECNAMEC . '</b>';
144
        $onchangestr = "onchange=\"location='" . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . "/admin/main.php?op=sections&secid='+this.options[this.selectedIndex].value\"";
145
        echo "<select name='secid'" . $onchangestr . '>';
146
147
        include dirname(__DIR__) . '/module_prefix.php';
148
        $result = $xoopsDB->query('SELECT secid, secname, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . '  ORDER BY secname');
149
        while (list($secid, $secname, $display, $expire) = $xoopsDB->fetchRow($result)) {
150
            $secid   = (int)$secid;
151
            $secname = $myts->displayTarea($secname);
152
            $display = (int)$display;
153
            $expire  = $myts->displayTarea($expire);
154
            if (!$secid2show) {
155
                $secid2show = $secid;
156
            }
157
            if ($secid == $secid2show) {
158
                echo "<option value='$secid' selected>" . $secname;
159
            } else {
160
                echo "<option value='$secid'>" . $secname;
161
            }
162
            if (!$display) {
163
                echo ' (' . _MD_LT_HIDDEN . ')';
164
            }
165
            echo '</option>';
166
        }
167
        echo '</select>';
168
        echo "<input type='hidden' name='op' value='sections'>";
169
        echo "<input type='submit' value='" . _MD_GO . "'>";
170
        echo '</form>';
171
172
        echo "<form enctype='multipart/form-data' action='main.php' method='post' name='tasksform'>";
173
        echo "<table border='0' cellspacing='1' cellpadding ='3' class='outer'>";
174
        echo '<tr>';
175
        //echo "<th><input type='checkbox' onClick=\"BoxesChecked('tasksform', this.checked);\"></th>";
0 ignored issues
show
Unused Code Comprehensibility introduced by
57% of this comment could be valid code. Did you maybe forget this after debugging?

Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.

The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.

This check looks for comments that seem to be mostly valid code and reports them.

Loading history...
176
        echo '<th>' . _MD_TITLEC . '</th>';
177
        echo '<th>' . _MD_LT_POSTED . '</th>';
178
        echo '<th>' . _MD_LT_DISPLAY . '</th>';
179
        echo '<th>' . _MD_LT_EXPIRE . '</th>';
180
        echo "<th COLSPAN='2'>" . _MD_LT_ACTION . '</th>';
181
        echo '</tr>';
182
        $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s');
183
        include dirname(__DIR__) . '/module_prefix.php';
184
        $qiz    = $xoopsDB->prefix($module_prefix . '_quiz');
185
        $result = $xoopsDB->query("SELECT artid, secid, title, posted, display, expire FROM $qiz WHERE secid=" . (int)$secid2show . ' ORDER BY title');
186
        while (list($artid, $secid, $title, $posted, $display, $expire) = $xoopsDB->fetchRow($result)) {
0 ignored issues
show
The assignment to $secid is unused. Consider omitting it like so list($first,,$third).

This checks looks for assignemnts to variables using the list(...) function, where not all assigned variables are subsequently used.

Consider the following code example.

<?php

function returnThreeValues() {
    return array('a', 'b', 'c');
}

list($a, $b, $c) = returnThreeValues();

print $a . " - " . $c;

Only the variables $a and $c are used. There was no need to assign $b.

Instead, the list call could have been.

list($a,, $c) = returnThreeValues();
Loading history...
187
            $artid   = (int)$artid;
188
            $title   = $myts->displayTarea($title);
189
            $posted  = $myts->displayTarea($posted);
190
            $display = (int)$display;
191
            $expire  = $myts->displayTarea($expire);
192
            $checked = $display ? 'checked' : '';
193
            echo '<tr>' . "<input type='hidden' name='id[$artid]' value='$artid' />" //."<td class='even'><input type='checkbox' name='selected' value='$artid' /></td>"
194
                 . "<td class='even'><b>$title</b></td>" . "<td class='even'>$posted</td>" . "<td class='even'><input type='checkbox' name='display[$artid]' " . $checked . ' /></td>';
195 View Code Duplication
            if ($expire !== '0000-00-00 00:00:00') {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
196
                if ($expire > $currenttime) {
197
                    echo "<td class='even'>" . $expire . '</td>';
198
                } else {
199
                    echo "<td class='even'>" . $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span></td>';
200
                }
201
            } else {
202
                echo "<td class='even'>" . '-------------------' . '</td>';
203
            }
204
            echo "<td class='even'><a href=main.php?op=secartedit&amp;artid=$artid>" . _MD_EDIT . '</a></td>' . "<td class='even'><a href=main.php?op=secartdelete&amp;artid=$artid>" . _MD_DELETE
205
                 . '</a></td>' . '</tr>';
206
        }
207
        echo '</table><br>';
208
        echo "<input type='hidden' name='op' value='articledispchange' />";
209
        echo "<input type='submit' value=" . _MD_SAVECHANGES . ' />';
210
        echo '</form>';
211
    }
212
213
    echo '<br>';
214
    echo '<hr /><h4>' . _MD_ADDNEWSEC . '</h4>';
215
    echo "<form action='main.php' method='post'>";
216
    echo '<b>' . _MD_SECNAMEC . '</b>  ' . _MD_MAXCHAR . '<br>';
217
    echo "<input class='textbox' type='text' name='secname' size='40' maxlength='40' /><br><br>";
218
    echo '<b>' . _MD_SECDESC . '</b>  ' . _MD_EXDESC . '<br>';
219
    echo "<input class='textbox' type='text' name='secdesc' size='40' maxlength='255' /><br><br>";
220
    echo '<b>' . _MD_LT_DISPLAY . '</b>';
221
    echo "<input class='textbox' type='checkbox' name='display' value='1' checked /><br><br>";
222
    $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s');
223
    $expire      = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s');
224
    echo '<b>' . _MD_LT_SET_EXPIRE . '</b>';
225
    echo "<input class='textbox' type='checkbox' name='setexpire' value='1'>";
226
    echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'><br>";
227
    echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>';
228
    echo "<input type='hidden' name='op' value='sectionmake' />";
229
    echo "<input type='submit' value='" . _MD_GOADDSECTION . "' />";
230
    echo '</form>';
231
}
232
233
/**
234
 * @param $artid
235
 */
236
function secartedit($artid)
237
{
238
    global $xoopsDB, $xoopsConfig, $xoopsModule, $xoopsModuleConfig;
0 ignored issues
show
Compatibility Best Practice introduced by
Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

Instead of relying on global state, we recommend one of these alternatives:

1. Pass all data via parameters

function myFunction($a, $b) {
    // Do something
}

2. Create a class that maintains your state

class MyClass {
    private $a;
    private $b;

    public function __construct($a, $b) {
        $this->a = $a;
        $this->b = $b;
    }

    public function myFunction() {
        // Do something
    }
}
Loading history...
239
    $myts = MyTextSanitizer::getInstance();
240
    xoops_cp_header();
241
    echo '<h4>' . _AM_SECCONF . '</h4>';
242
    $artid = (int)$artid;
243
    include dirname(__DIR__) . '/module_prefix.php';
244
    $result = $xoopsDB->query('SELECT artid, secid, title, content, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$artid");
0 ignored issues
show
The variable $module_prefix does not exist. Did you forget to declare it?

This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.

Loading history...
245
    list($artid, $secid, $title, $content, $display, $expire) = $xoopsDB->fetchRow($result);
246
    $artid   = (int)$artid;
247
    $secid   = (int)$secid;
248
    $title   = $myts->displayTarea($myts->stripSlashesGPC($title));
249
    $content = $myts->htmlSpecialChars($myts->stripSlashesGPC($content));
250
    $display = (int)$display;
251
    $expire  = $myts->stripSlashesGPC($expire);
252
    $expire  = $myts->displayTarea($expire);
253
    echo '<hr /><h3>' . _MD_EDITARTICLE . '</h3>';
254
    echo "<form enctype='multipart/form-data' action='main.php' method='post'>";
255
    echo '<b>' . _MD_EDITARTID . '&nbsp;&nbsp;' . $artid . '</b><br><br>';
256
    echo '<b>' . _MD_TITLEC . "</b><input class='textbox' type='text' name='title' size='40' value='" . $title . "' /><br><br>";
257
    echo '<b>' . _MD_SECNAMEC . "</b> <select name='secid'>";
258
    include dirname(__DIR__) . '/module_prefix.php';
259
    $result2 = $xoopsDB->query('SELECT secid, secname, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . '  ORDER BY secname');
260
    while (list($secid2, $secname, $display2, $expire2) = $xoopsDB->fetchRow($result2)) {
261
        $secid2   = (int)$secid2;
262
        $secname  = $myts->displayTarea($secname);
263
        $display2 = (int)$display2;
264
        $expire2  = $myts->displayTarea($expire2);
265
        if ($secid2 == $secid) {
266
            echo "<option value='$secid2' selected>";
267
        } else {
268
            echo "<option value='$secid2'>";
269
        }
270
        echo $secname;
271
        if (!$display2) {
272
            echo ' (' . _MD_LT_HIDDEN . ')';
273
        }
274
        echo '</option>';
275
    }
276
    echo '</select>';
277
    echo '<br><br>';
278
    echo '<b>' . _MD_LT_DISPLAY . '</b>';
279
    $checked = $display ? 'checked' : '';
280
    echo "<input type='checkbox' name='display' " . $checked . ' /><br><br>';
281
    $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s');
282
    $endtime     = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s');
283 View Code Duplication
    if ($expire !== '0000-00-00 00:00:00') {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
284
        if ($expire > $currenttime) {
285
            echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: ';
286
            echo "<input class='textbox' type='checkbox' name='setexpire' value='1' checked>";
287
            echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'> <br>";
288
            echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>';
289
        } else {
290
            echo '<b>' . _MD_LT_EXPIRE . '</b>: ';
291
            echo $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span><br>';
292
            echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: ';
293
            echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> ";
294
            echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>";
295
            echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>';
296
        }
297
    } else {
298
        echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: ';
299
        echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> ";
300
        echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>";
301
        echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>';
302
    }
303
    echo '<b>' . _MD_CONTENTC . '</b>' . _MD_READONLY . '<br>';
304
    //echo "<a href='../main.php?op=viewarticle&amp;artid=$artid' target='quiz_window'><b>Preview</b></a>";
305
306
    echo "<textarea class='textbox' name='content' cols='60' rows='10' readonly>$content</textarea>";
307
    echo "<input type='hidden' name='MAX_FILE_SIZE' value='200000'><br>";
308
    echo '<b>' . _MD_FILE2REPLACE . "</b><input type='file' name='quizfile'><br><br>";
309
    echo "<input type='hidden' name='artid' value='$artid'>";
310
    echo "<input type='hidden' name='op' value='secartchange'>";
311
    echo "<table border='0'><tr><td>";
312
    echo "<input type='submit' value='" . _MD_SAVECHANGES . "'>";
313
    echo '</td></form>';
314
    echo "<form action='main.php' method='post'>";
315
    echo '<td>';
316
    echo "<input type='hidden' name='artid' value='$artid'>";
317
    echo "<input type='hidden' name='op' value='secartdelete'>";
318
    echo "<input type='submit' value='" . _MD_DELETE . "'>";
319
    echo '</td></form></tr></table>';
320
}
321
322
/**
323
 * @param $secid
324
 */
325
function sectionedit($secid)
326
{
327
    global $xoopsDB, $xoopsConfig, $xoopsModule, $xoopsModuleConfig;
0 ignored issues
show
Compatibility Best Practice introduced by
Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

Instead of relying on global state, we recommend one of these alternatives:

1. Pass all data via parameters

function myFunction($a, $b) {
    // Do something
}

2. Create a class that maintains your state

class MyClass {
    private $a;
    private $b;

    public function __construct($a, $b) {
        $this->a = $a;
        $this->b = $b;
    }

    public function myFunction() {
        // Do something
    }
}
Loading history...
328
    xoops_cp_header();
329
    echo '<h4>' . _AM_SECCONF . '</h4><br>';
330
    $myts  = MyTextSanitizer::getInstance();
331
    $secid = (int)$secid;
332
    include dirname(__DIR__) . '/module_prefix.php';
333
    $result = $xoopsDB->query('SELECT secid, secname, secdesc, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . " WHERE secid=$secid");
0 ignored issues
show
The variable $module_prefix does not exist. Did you forget to declare it?

This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.

Loading history...
334
    list($secid, $secname, $secdesc, $display, $expire) = $xoopsDB->fetchRow($result);
335
    $secname = $myts->stripSlashesGPC($secname);
336
    $secdesc = $myts->stripSlashesGPC($secdesc);
337
    $display = (int)$display;
338
    $expire  = $myts->stripSlashesGPC($expire);
339
    $expire  = $myts->displayTarea($expire);
340
    include dirname(__DIR__) . '/module_prefix.php';
341
    $result2 = $xoopsDB->query('select artid from ' . $xoopsDB->prefix($module_prefix . '_quiz') . " where secid=$secid");
342
    $number  = $xoopsDB->getRowsNum($result2);
343
344
    echo '<h4>';
345
    printf(_MD_EDITTHISSEC, $myts->displayTarea($secname));
346
    echo '</h4>';
347
    echo '<br>';
348
    printf(_MD_THISSECHAS, $number);
349
350
    echo '<br><br>';
351
    echo "<form action='main.php' method='post'><br>";
352
    echo '<b>' . _MD_SECNAMEC . '</b> ' . _MD_MAXCHAR . '<br>';
353
    echo "<input class='textbox' type='text' name='secname' size='40' maxlength='40' value='" . $myts->displayTarea($secname) . "' /><br><br>";
354
    echo '<b>' . _MD_SECDESC . '</b> ' . _MD_EXDESC . '<br>';
355
    echo "<input class='textbox' type='text' name='secdesc' size='40' maxlength='50' value='" . $myts->displayTarea($secdesc) . "' /><br><br>";
356
    echo "<input type='hidden' name='secid' value='" . $secid . "' />";
357
    echo '<b>' . _MD_LT_DISPLAY . '</b>';
358
    $checked = $display ? 'checked' : '';
359
    echo "<input type='checkbox' name='display' value='1' " . $checked . ' /><br><br>';
360
    $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s');
361
    $endtime     = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s');
362 View Code Duplication
    if ($expire !== '0000-00-00 00:00:00') {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
363
        if ($expire > $currenttime) {
364
            echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: ';
365
            echo "<input class='textbox' type='checkbox' name='setexpire' value='1' checked>";
366
            echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'> <br>";
367
            echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>';
368
        } else {
369
            echo '<b>' . _MD_LT_EXPIRE . '</b>: ';
370
            echo $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span><br>';
371
            echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: ';
372
            echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> ";
373
            echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>";
374
            echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>';
375
        }
376
    } else {
377
        echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: ';
378
        echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> ";
379
        echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>";
380
        echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>';
381
    }
382
    echo "<input type='hidden' name='op' value='sectionchange' />";
383
384
    echo "<table border='0'><tr><td>";
385
    echo "<input type='submit' value='" . _MD_SAVECHANGES . "' />";
386
    echo '</td></form>';
387
    echo "<form action='main.php' method='post'>";
388
    echo '<td>';
389
    echo "<input type='hidden' name='secid' value='" . $secid . "' />";
390
    echo "<input type='hidden' name='op' value='sectiondelete' />";
391
    echo "<input type='submit' value='" . _MD_DELETE . "' />";
392
    echo '</td></form></tr></table>';
393
}
394
395
/**
396
 * @param $content
397
 * @return mixed
398
 */
399
function cgi_replace($content)
400
{
401
    global $xoopsDB, $xoopsModule;
0 ignored issues
show
Compatibility Best Practice introduced by
Use of global functionality is not recommended; it makes your code harder to test, and less reusable.

Instead of relying on global state, we recommend one of these alternatives:

1. Pass all data via parameters

function myFunction($a, $b) {
    // Do something
}

2. Create a class that maintains your state

class MyClass {
    private $a;
    private $b;

    public function __construct($a, $b) {
        $this->a = $a;
        $this->b = $b;
    }

    public function myFunction() {
        // Do something
    }
}
Loading history...
402
    if (!strpos(_XD_FB_CODE4RESULTS_MARKER, $content)) {
403
        $content = str_replace(_XD_FB_CODE4RESULTS_INSERT, _XD_FB_CODE4RESULTS . "\n\n" . _XD_FB_CODE4RESULTS_INSERT, $content);
404 View Code Duplication
        if (!strpos(_XD_FB_CODE4STARTUP, $content)) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
405
            $content = str_replace(_XD_FB_CODE4STARTUP_INSERT, "\\0\n\n" . _XD_FB_CODE4STARTUP . "\n", $content);
406
        } else {
407
            redirect_header('main.php', 3, _MD_ERRORQUIZFILE);
408
        }
409 View Code Duplication
        if (!strpos(_XD_FB_CODE4SEND, $content)) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
410
            $content = str_replace(_XD_FB_CODE4SEND_INSERT, "\\0\n\n" . _XD_FB_CODE4SEND, $content);
411
        } else {
412
            redirect_header('main.php', 3, _MD_ERRORQUIZFILE);
413
        }
414
    }
415
416
    $content = str_replace('toLocaleString', 'toGMTString', $content);
417
    $action  = XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/process_form.php';
418
419
    return preg_replace("/var ResultForm = '<html><body><form name=\"Results\" action=\"[^\"]*\"/", "var ResultForm = '<html><body><form name=\"Results\" action=\"$action\" accept-charset=\"EUC-JP\"",
420
                        $content);
421
}
422
423
// URL GET_VARS OPTION
424
$op = '';
425
426
if (isset($_GET['op'])) {
427
    $op     = trim($_GET['op']);
428
    $artid  = isset($_GET['artid']) ? (int)$_GET['artid'] : 0;
429
    $secid  = isset($_GET['secid']) ? (int)$_GET['secid'] : 0;
430
    $res_id = isset($_GET['res_id']) ? (int)$_GET['res_id'] : 0;
431
} elseif (!empty($_POST['op'])) {
432
    $op     = $_POST['op'];
433
    $artid  = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0;
434
    $secid  = !empty($_POST['secid']) ? (int)$_POST['secid'] : 0;
435
    $res_id = !empty($_POST['res_id']) ? (int)$_POST['res_id'] : 0;
436
}
437
438
switch ($op) {
439
    case 'sections':
440
        sections($secid);
441
        break;
442
443
    case 'sectionedit':
444
        sectionedit($secid);
445
        break;
446
447
    case 'sectionmake':
0 ignored issues
show
There must be a comment when fall-through is intentional in a non-empty case body
Loading history...
448
        $myts    = MyTextSanitizer::getInstance();
449
        $secname = !empty($_POST['secname']) ? $myts->stripSlashesGPC($_POST['secname']) : '';
450 View Code Duplication
        if (empty($_POST['secname'])) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
451
            redirect_header('main.php', 2, _MD_ERRORSECNAME);
452
        } else {
453
            $secname = $myts->stripSlashesGPC($_POST['secname']);
454
        }
455
        $secdesc   = !empty($_POST['secdesc']) ? $myts->stripSlashesGPC($_POST['secdesc']) : '';
456
        $display   = (int)(empty($_POST['display']) ? 0 : 1);
457
        $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1);
458
        $expire    = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : 0;
459
        $expire    = $expire != 0 ? $xoopsDB->quoteString($expire) : 0;
460
        $secname   = $xoopsDB->quoteString($secname);
461
        $secdesc   = $xoopsDB->quoteString($secdesc);
462
        include dirname(__DIR__) . '/module_prefix.php';
463
        $newid = $xoopsDB->genId($xoopsDB->prefix($module_prefix . '_sections') . '_secid_seq');
464
        include dirname(__DIR__) . '/module_prefix.php';
465
        $mytable = $xoopsDB->prefix($module_prefix . '_sections');
466
        $result  = $xoopsDB->query('INSERT INTO ' . $mytable . " (secid, secname, secdesc, display, expire) VALUES ($newid, $secname, $secdesc, $display, $expire)");
467
        if ($result) {
468
            redirect_header('main.php?op=sections', 2, _MD_DBUPDATED);
469
            break;
470
        } else {
471
            var_dump($result, $module_prefix, $newid, $display, $expire);
0 ignored issues
show
Security Debugging Code introduced by
var_dump($result, $modul...id, $display, $expire); looks like debug code. Are you sure you do not want to remove it? This might expose sensitive data.
Loading history...
472
            redirect_header('main.php?op=sections', 2, _AM_MSG_UPDATE_FAILED);
473
        }
474
475
    case 'secartdelete':
476
        xoops_cp_header();
477
        echo '<h4>' . _AM_SECCONF . '</h4>';
478
        $myts = MyTextSanitizer::getInstance();
479 View Code Duplication
        if (!empty($_POST['artid'])) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
480
            $artid = (int)$_POST['artid'];
481
        } elseif (!empty($_GET['artid'])) {
482
            $artid = (int)$_GET['artid'];
483
        } else {
484
            $artid = 0;
485
        }
486
        $artid = (int)$artid;
487
        include dirname(__DIR__) . '/module_prefix.php';
488
        $result = $xoopsDB->query('SELECT title FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$artid");
489
        list($title) = $xoopsDB->fetchRow($result);
490
        $title = $myts->displayTarea($title);
491
        xoops_confirm(array('op' => 'secartdelete_ok', 'artid' => $artid), 'main.php', sprintf(_MD_DELETETHISART, $title) . '<br><br>' . _MD_RUSUREDELART);
492
        break;
493
494
    case 'secartdelete_ok':
495
        $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0;
496
        if ($artid <= 0) {
497
            redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED);
498
        }
499
        include dirname(__DIR__) . '/module_prefix.php';
500
        $xoopsDB->query('DETELE FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$artid");
501
        include dirname(__DIR__) . '/module_prefix.php';
502
        $xoopsDB->query('DETELE FROM ' . $xoopsDB->prefix($module_prefix . '_results') . " WHERE quiz_id=$artid");
503
        redirect_header('main.php?op=sections', 2, _MD_DBUPDATED);
504
        break;
505
506
    case 'sectionchange':
507
        if ($secid <= 0) {
508
            redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED);
509
        }
510
        $myts = MyTextSanitizer::getInstance();
511 View Code Duplication
        if (empty($_POST['secname'])) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
512
            redirect_header('main.php', 2, _MD_ERRORSECNAME);
513
        } else {
514
            $secname = $myts->stripSlashesGPC($_POST['secname']);
515
        }
516
        $secdesc   = !empty($_POST['secdesc']) ? $myts->stripSlashesGPC($_POST['secdesc']) : '';
517
        $secname   = $xoopsDB->quoteString($secname);
518
        $secdesc   = $xoopsDB->quoteString($secdesc);
519
        $display   = (int)(empty($_POST['display']) ? 0 : 1);
520
        $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1);
521
        $expire    = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : '';
522
        $expire    = $xoopsDB->quoteString($expire);
523
        include dirname(__DIR__) . '/module_prefix.php';
524
        $secid = (int)$secid;
525
        $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_sections') . " SET secname=$secname, secdesc=$secdesc, display=$display, expire=$expire WHERE secid=$secid");
526
        redirect_header('main.php?op=sections', 2, _MD_DBUPDATED);
527
        break;
528
529 View Code Duplication
    case 'sectiondispchange':
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
530
        foreach ($_POST['id'] as $secid) {
531
            $secid   = (int)$secid;
532
            $display = (int)(empty($_POST['display'][$secid]) ? 0 : 1);
533
            include dirname(__DIR__) . '/module_prefix.php';
534
            $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_sections') . " set display=$display WHERE secid=$secid");
535
        }
536
        redirect_header('main.php?op=sections', 2, _MD_DBUPDATED);
537
        break;
538
539 View Code Duplication
    case 'articledispchange':
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
540
        foreach ($_POST['id'] as $artid) {
541
            $artid   = (int)$artid;
542
            $display = (int)(empty($_POST['display'][$artid]) ? 0 : 1);
543
            include dirname(__DIR__) . '/module_prefix.php';
544
            $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_quiz') . " set display=$display WHERE artid=$artid");
545
        }
546
        redirect_header('main.php?op=sections', 2, _MD_DBUPDATED);
547
        break;
548
549
    case 'secarticleadd':
0 ignored issues
show
There must be a comment when fall-through is intentional in a non-empty case body
Loading history...
550
        if ($secid <= 0) {
551
            redirect_header('main.php?op=sections', 2, _MD_ERRORSECNAME);
552
        }
553
        $myts = MyTextSanitizer::getInstance();
554
        if (empty($_POST['title'])) {
555
            redirect_header('main.php?op=sections', 2, _MD_ERRORARTNAME);
556
        } else {
557
            $title = $myts->stripSlashesGPC($_POST['title']);
558
        }
559
        $title   = $xoopsDB->quoteString($title);
560
        $content = is_uploaded_file($_FILES['quizfile']['tmp_name']) ? implode(file($_FILES['quizfile']['tmp_name'])) : '';
561
        if (empty($content)) {
562
            redirect_header('main.php?op=sections', 2, _MD_ERRORARTCONT);
563
        }
564
        $content    = cgi_replace($content);
565
        $content    = $xoopsDB->quoteString($content);
566
        $posted     = $xoopsDB->quoteString(date('Y-m-d H:i:s'));
567
        $poster     = $xoopsUser->getVar('uid');
568
        $results_to = $xoopsDB->quoteString($xoopsUser->getVar('email'));
569
        $display    = (int)(empty($_POST['display']) ? 0 : 1);
570
        $setexpire  = (int)(empty($_POST['setexpire']) ? 0 : 1);
571
        $expire     = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : '';
572
        $expire     = $xoopsDB->quoteString($expire);
573
574
        include dirname(__DIR__) . '/module_prefix.php';
575
        $newid = $xoopsDB->genId($xoopsDB->prefix($module_prefix . '_quiz') . '_artid_seq');
576
        include dirname(__DIR__) . '/module_prefix.php';
577
        $result = $xoopsDB->query('INSERT INTO ' . $xoopsDB->prefix($module_prefix . '_quiz')
578
                                  . " (artid, secid, title, content, posted, poster, results_to, counter, display, expire) VALUES ($newid, $secid, $title, $content, $posted, $poster, $results_to, 0, $display, $expire)");
579
        if ($result) {
580
            redirect_header('main.php?op=sections', 2, _MD_DBUPDATED);
581
            break;
582
        } else {
583
            xoops_cp_header();
584
            echo "<table width='100%' border='0' cellspacing='1' class='outer'><tr><td class='odd'>";
585
            echo "<a href='./main.php'><h4>" . _AM_SECCONF . '</h4></a>';
586
            echo _MD_DBNOTUPDATED;
587
            echo '<br>' . $success;
588
            echo '</td></tr></table>';
589
            xoops_cp_footer();
590
            exit();
591
        }
592
593
    case 'secartedit':
594
        $artid = !empty($_REQUEST['artid']) ? (int)$_REQUEST['artid'] : 0;
595
        if ($artid > 0) {
596
            secartedit($artid);
597
        }
598
        break;
599
600
    case 'secartchange':
601
        $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0;
602
        if ($artid <= 0) {
603
            redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED);
604
        }
605
        $myts      = MyTextSanitizer::getInstance();
606
        $secid     = (int)$_POST['secid'];
607
        $title     = !empty($_POST['title']) ? $myts->stripSlashesGPC($_POST['title']) : '';
608
        $content   = is_uploaded_file($_FILES['quizfile']['tmp_name']) ? implode(file($_FILES['quizfile']['tmp_name'])) : '';
609
        $display   = (int)(empty($_POST['display']) ? 0 : 1);
610
        $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1);
611
        $expire    = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : '';
612
        $expire    = $xoopsDB->quoteString($expire);
613
        $title     = $xoopsDB->quoteString($title);
614
        if (empty($content)) {
615
            include dirname(__DIR__) . '/module_prefix.php';
616
            $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_quiz') . " SET secid=$secid, title=$title, display=$display, expire=$expire WHERE artid=$artid");
617
        } else {
618
            $content = cgi_replace($content);
619
            $content = $xoopsDB->quoteString($content);
620
            include dirname(__DIR__) . '/module_prefix.php';
621
            $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_quiz') . " SET secid=$secid, title=$title, content=$content, display=$display, expire=$expire WHERE artid=$artid");
622
        }
623
        redirect_header('main.php?op=sections', 2, _MD_DBUPDATED);
624
        break;
625
626
    case 'sectiondelete':
627
        xoops_cp_header();
628
        echo '<h4>' . _AM_SECCONF . '</h4>';
629
        xoops_confirm(array('op' => 'sectiondelete_ok', 'secid' => $secid), 'main.php', _MD_RUSUREDELSEC . '<br>' . _MD_THISDELETESALL);
630
        break;
631
632
    case 'sectiondelete_ok':
633
        include dirname(__DIR__) . '/module_prefix.php';
634
        $sql = sprintf('DELETE FROM %s WHERE secid = %u', $xoopsDB->prefix($module_prefix . '_quiz'), $secid);
635
        $xoopsDB->query($sql);
636
        include dirname(__DIR__) . '/module_prefix.php';
637
        $sql = sprintf('DELETE FROM %s WHERE secid = %u', $xoopsDB->prefix($module_prefix . '_sections'), $secid);
638
        $xoopsDB->query($sql);
639
        redirect_header('main.php?op=sections', 2, _MD_DBUPDATED);
640
        break;
641
642
    case 'resultdelete':
643
        xoops_cp_header();
644
        echo '<h4>' . _AM_SECCONF . '</h4>';
645
        $myts = MyTextSanitizer::getInstance();
646 View Code Duplication
        if (!empty($_POST['res_id'])) {
0 ignored issues
show
This code seems to be duplicated across your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
647
            $res_id = (int)$_POST['res_id'];
648
        } elseif (!empty($_GET['res_id'])) {
649
            $res_id = (int)$_GET['res_id'];
650
        } else {
651
            $res_id = 0;
652
        }
653
        include dirname(__DIR__) . '/module_prefix.php';
654
        $result = $xoopsDB->query('SELECT quiz_id, uid, score, timestamp FROM ' . $xoopsDB->prefix($module_prefix . '_results') . " WHERE id=$res_id");
655
        list($quiz_id, $uid, $score, $timestamp) = $xoopsDB->fetchRow($result);
656
        include dirname(__DIR__) . '/module_prefix.php';
657
        $result = $xoopsDB->query('SELECT title FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$quiz_id");
658
        list($title) = $xoopsDB->fetchRow($result);
659
        $message = '<center><br>' . _MD_RUSUREDELREC . '<br><br>';
660
        $message .= "<table border='1'><th>" . _MD_LT_STUDENT . '</th><th>' . _MD_LT_TITLE . '</th><th>' . _MD_LT_SCORE . '</th><th>' . _MD_LT_DATE . '</th></tr>';
661
        $message .= "<tr><td align='center'>" . $xoopsUser->getUnameFromId($uid) . "</td><td align='center'>$title</td><td align='center'>$score</td><td align='center'>$timestamp</td></tr>";
662
        $message .= '</table></center>';
663
        xoops_confirm(array('op' => 'resultdelete_ok', 'res_id' => $res_id, 'artid' => $quiz_id), 'main.php', $message);
664
        break;
665
666
    case 'resultdelete_ok':
667
        $res_id = !empty($_POST['res_id']) ? (int)$_POST['res_id'] : 0;
668
        $artid  = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0;
669
        if ($res_id <= 0) {
670
            redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED);
671
        }
672
        include dirname(__DIR__) . '/module_prefix.php';
673
        $sql = sprintf('DELETE FROM %s WHERE id = %u', $xoopsDB->prefix($module_prefix . '_results'), $res_id);
674
        $xoopsDB->query($sql);
675
        redirect_header("../main.php?op=viewresults&amp;artid=$artid", 2, _MD_DBUPDATED);
676
        break;
677
678
    default:
679
        sections();
680
        break;
681
}
682
683
xoops_cp_footer();
684