This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
0 ignored issues
–
show
|
|||
2 | // ------------------------------------------------------------------------ // |
||
3 | // -- XoopsHP Module -- Xoops e-Learning System // |
||
4 | // Copyright (c) 2005 SUDOW-SOKEN // |
||
5 | // <http://www.mailpark.co.jp/> // |
||
6 | // ------------------------------------------------------------------------ // |
||
7 | // Based on XoopsHP1.01 by Yoshi, aka HowardGee. // |
||
8 | // ------------------------------------------------------------------------ // |
||
9 | // This program is free software; you can redistribute it and/or modify // |
||
10 | // it under the terms of the GNU General Public License as published by // |
||
11 | // the Free Software Foundation; either version 2 of the License, or // |
||
12 | // (at your option) any later version. // |
||
13 | // // |
||
14 | // You may not change or alter any portion of this comment or credits // |
||
15 | // of supporting developers from this source code or any supporting // |
||
16 | // source code which is considered copyrighted (c) material of the // |
||
17 | // original comment or credit authors. // |
||
18 | // // |
||
19 | // This program is distributed in the hope that it will be useful, // |
||
20 | // but WITHOUT ANY WARRANTY; without even the implied warranty of // |
||
21 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // |
||
22 | // GNU General Public License for more details. // |
||
23 | // // |
||
24 | // You should have received a copy of the GNU General Public License // |
||
25 | // along with this program; if not, write to the Free Software // |
||
26 | // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // |
||
27 | // ------------------------------------------------------------------------ // |
||
28 | |||
29 | include_once __DIR__ . '/admin_header.php'; |
||
30 | |||
31 | $mydirname = basename(dirname(__DIR__)); |
||
32 | xoops_loadLanguage('main', $mydirname); |
||
33 | |||
34 | /*********************************************************/ |
||
35 | /* Sections Manager Functions */ |
||
36 | /*********************************************************/ |
||
37 | /** |
||
38 | * @param int $secid2show |
||
39 | */ |
||
40 | function sections($secid2show = 0) |
||
41 | { |
||
42 | global $xoopsConfig, $xoopsDB, $xoopsModule, $xoopsModuleConfig; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
![]() |
|||
43 | xoops_cp_header(); |
||
44 | // JS for checkbox manipulation |
||
45 | ?> |
||
46 | <SCRIPT TYPE="text/javascript"> |
||
47 | <!-- |
||
48 | var count; |
||
49 | function BoxesChecked(myform, check) { |
||
50 | for (count = 0; count < document.forms(myform).selected.length; count++) { |
||
51 | document.forms(myform).selected[count].checked = check; |
||
52 | } |
||
53 | } |
||
54 | --> |
||
55 | </SCRIPT> |
||
56 | <?php |
||
57 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
58 | include dirname(__DIR__) . '/module_prefix.php'; |
||
59 | $result = $xoopsDB->query('SELECT secid, secname, secdesc, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . ' ORDER BY secname'); |
||
0 ignored issues
–
show
The variable
$module_prefix does not exist. Did you forget to declare it?
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. ![]() |
|||
60 | if ($xoopsDB->getRowsNum($result) > 0) { |
||
61 | $myts = MyTextSanitizer::getInstance(); |
||
62 | echo '<hr /><h4>' . _MD_CURACTIVESEC . _MD_CLICK2EDIT . '</h4>'; |
||
63 | echo "<form enctype='multipart/form-data' action='main.php' name='coursesform' method='post'>"; |
||
64 | echo "<table border='0' cellspacing='1' cellpadding ='3' class='outer'>"; |
||
65 | echo '<tr>'; |
||
66 | //echo "<th><input type='checkbox' onClick=\"BoxesChecked('coursesform', this.checked);\"></th>"; |
||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
57% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. ![]() |
|||
67 | echo '<th>' . _MD_SECNAMEC . '</th>'; |
||
68 | echo '<th>' . _MD_SECDESC . '</th>'; |
||
69 | echo '<th>' . _MD_LT_DISPLAY . '</th>'; |
||
70 | echo '<th size=19>' . _MD_LT_EXPIRE . '</th>'; |
||
71 | echo '<th>' . _MD_LT_ACTION . '</th>'; |
||
72 | echo '</tr>'; |
||
73 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
74 | while (list($secid, $secname, $secdesc, $display, $expire) = $xoopsDB->fetchRow($result)) { |
||
75 | $secid = (int)$secid; |
||
76 | $display = (int)$display; |
||
77 | $expire = $myts->displayTarea($expire); |
||
78 | $secname = $myts->displayTarea($secname); |
||
79 | $secdesc = $myts->displayTarea($secdesc); |
||
80 | echo '<tr>'; |
||
81 | //echo "<td class='even'><input type='checkbox' name='selected' value='$secid' /></td>"; |
||
82 | echo "<input type='hidden' name='id[$secid]' value='$secid' />"; |
||
83 | echo "<td class='even'><b>" . $secname . '</b></td>'; |
||
84 | echo "<td class='even'>" . $secdesc . '</td>'; |
||
85 | $checked = $display ? 'checked' : ''; |
||
86 | echo "<td class='even'><input type='checkbox' name='display[$secid]' " . $checked . ' /></td>'; |
||
87 | View Code Duplication | if ($expire !== '0000-00-00 00:00:00') { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
88 | if ($expire > $currenttime) { |
||
89 | echo "<td class='even'>" . $expire . '</td>'; |
||
90 | } else { |
||
91 | echo "<td class='even'>" . $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span></td>'; |
||
92 | } |
||
93 | } else { |
||
94 | echo "<td class='even'>" . '-------------------' . '</td>'; |
||
95 | } |
||
96 | echo "<td class='even'><a href='main.php?op=sectionedit&secid=" . $secid . "'>" . _MD_EDIT . '</a></td>'; |
||
97 | echo '</tr>'; |
||
98 | } |
||
99 | echo '</table>'; |
||
100 | echo '<br>'; |
||
101 | echo "<input type='hidden' name='op' value='sectiondispchange'>"; |
||
102 | echo "<input type='submit' value=" . _MD_SAVECHANGES . '>'; |
||
103 | echo '</form>'; |
||
104 | echo '<br>'; |
||
105 | |||
106 | echo '<hr><h4>' . _MD_ADDARTICLE . '</h4>'; |
||
107 | echo "<form enctype='multipart/form-data' action='main.php' method='post'>"; |
||
108 | echo '<b>' . _MD_TITLEC . '</b>'; |
||
109 | echo "<input class=textbox type='text' name='title' size=40 value=''><br><br>"; |
||
110 | include dirname(__DIR__) . '/module_prefix.php'; |
||
111 | $result = $xoopsDB->query('SELECT secid, secname, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . ' ORDER BY secname'); |
||
112 | echo '<b>' . _MD_SECNAMEC . "</b> <select name='secid'><option value='0' selected></option>"; |
||
113 | while (list($secid, $secname, $display, $expire) = $xoopsDB->fetchRow($result)) { |
||
0 ignored issues
–
show
The assignment to
$expire is unused. Consider omitting it like so list($first,,$third) .
This checks looks for assignemnts to variables using the Consider the following code example. <?php
function returnThreeValues() {
return array('a', 'b', 'c');
}
list($a, $b, $c) = returnThreeValues();
print $a . " - " . $c;
Only the variables Instead, the list call could have been. list($a,, $c) = returnThreeValues();
![]() |
|||
114 | $secid = (int)$secid; |
||
115 | $secname = $myts->displayTarea($secname); |
||
116 | $display = (int)$display; |
||
117 | echo "<option value='$secid'>" . $secname; |
||
118 | if (!$display) { |
||
119 | echo ' (' . _MD_LT_HIDDEN . ')'; |
||
120 | } |
||
121 | echo '</option>'; |
||
122 | } |
||
123 | echo '</select><br><br>'; |
||
124 | echo '<b>' . _MD_CONTENTC . '</b>'; |
||
125 | echo "<input type='file' name='quizfile'>"; |
||
126 | echo '<i>' . _MD_FILE_MAX . (int)$xoopsModuleConfig['max_file_size'] . '</i><br><br>'; |
||
127 | echo "<input type='hidden' name='MAX_FILE_SIZE' value='" . $xoopsModuleConfig['max_file_size'] . "'>"; |
||
128 | echo '<b>' . _MD_LT_DISPLAY . '</b>'; |
||
129 | echo "<input type='checkbox' name='display[$secid]' checked /><br><br>"; |
||
130 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
131 | $expire = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s'); |
||
132 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>'; |
||
133 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'>"; |
||
134 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'><br>"; |
||
135 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
136 | echo "<input type='hidden' name='op' value='secarticleadd'>"; |
||
137 | echo "<input type='submit' value='" . _MD_DOADDARTICLE . "'>"; |
||
138 | echo '</form>'; |
||
139 | echo '<br>'; |
||
140 | |||
141 | echo '<hr><h4>' . _MD_LAST20ART . '</h4>'; |
||
142 | echo "<form action='main.php' method='post'>"; |
||
143 | echo '<b>' . _MD_SECNAMEC . '</b>'; |
||
144 | $onchangestr = "onchange=\"location='" . XOOPS_URL . '/modules/' . $xoopsModule->dirname() . "/admin/main.php?op=sections&secid='+this.options[this.selectedIndex].value\""; |
||
145 | echo "<select name='secid'" . $onchangestr . '>'; |
||
146 | |||
147 | include dirname(__DIR__) . '/module_prefix.php'; |
||
148 | $result = $xoopsDB->query('SELECT secid, secname, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . ' ORDER BY secname'); |
||
149 | while (list($secid, $secname, $display, $expire) = $xoopsDB->fetchRow($result)) { |
||
150 | $secid = (int)$secid; |
||
151 | $secname = $myts->displayTarea($secname); |
||
152 | $display = (int)$display; |
||
153 | $expire = $myts->displayTarea($expire); |
||
154 | if (!$secid2show) { |
||
155 | $secid2show = $secid; |
||
156 | } |
||
157 | if ($secid == $secid2show) { |
||
158 | echo "<option value='$secid' selected>" . $secname; |
||
159 | } else { |
||
160 | echo "<option value='$secid'>" . $secname; |
||
161 | } |
||
162 | if (!$display) { |
||
163 | echo ' (' . _MD_LT_HIDDEN . ')'; |
||
164 | } |
||
165 | echo '</option>'; |
||
166 | } |
||
167 | echo '</select>'; |
||
168 | echo "<input type='hidden' name='op' value='sections'>"; |
||
169 | echo "<input type='submit' value='" . _MD_GO . "'>"; |
||
170 | echo '</form>'; |
||
171 | |||
172 | echo "<form enctype='multipart/form-data' action='main.php' method='post' name='tasksform'>"; |
||
173 | echo "<table border='0' cellspacing='1' cellpadding ='3' class='outer'>"; |
||
174 | echo '<tr>'; |
||
175 | //echo "<th><input type='checkbox' onClick=\"BoxesChecked('tasksform', this.checked);\"></th>"; |
||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
57% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. ![]() |
|||
176 | echo '<th>' . _MD_TITLEC . '</th>'; |
||
177 | echo '<th>' . _MD_LT_POSTED . '</th>'; |
||
178 | echo '<th>' . _MD_LT_DISPLAY . '</th>'; |
||
179 | echo '<th>' . _MD_LT_EXPIRE . '</th>'; |
||
180 | echo "<th COLSPAN='2'>" . _MD_LT_ACTION . '</th>'; |
||
181 | echo '</tr>'; |
||
182 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
183 | include dirname(__DIR__) . '/module_prefix.php'; |
||
184 | $qiz = $xoopsDB->prefix($module_prefix . '_quiz'); |
||
185 | $result = $xoopsDB->query("SELECT artid, secid, title, posted, display, expire FROM $qiz WHERE secid=" . (int)$secid2show . ' ORDER BY title'); |
||
186 | while (list($artid, $secid, $title, $posted, $display, $expire) = $xoopsDB->fetchRow($result)) { |
||
0 ignored issues
–
show
The assignment to
$secid is unused. Consider omitting it like so list($first,,$third) .
This checks looks for assignemnts to variables using the Consider the following code example. <?php
function returnThreeValues() {
return array('a', 'b', 'c');
}
list($a, $b, $c) = returnThreeValues();
print $a . " - " . $c;
Only the variables Instead, the list call could have been. list($a,, $c) = returnThreeValues();
![]() |
|||
187 | $artid = (int)$artid; |
||
188 | $title = $myts->displayTarea($title); |
||
189 | $posted = $myts->displayTarea($posted); |
||
190 | $display = (int)$display; |
||
191 | $expire = $myts->displayTarea($expire); |
||
192 | $checked = $display ? 'checked' : ''; |
||
193 | echo '<tr>' . "<input type='hidden' name='id[$artid]' value='$artid' />" //."<td class='even'><input type='checkbox' name='selected' value='$artid' /></td>" |
||
194 | . "<td class='even'><b>$title</b></td>" . "<td class='even'>$posted</td>" . "<td class='even'><input type='checkbox' name='display[$artid]' " . $checked . ' /></td>'; |
||
195 | View Code Duplication | if ($expire !== '0000-00-00 00:00:00') { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
196 | if ($expire > $currenttime) { |
||
197 | echo "<td class='even'>" . $expire . '</td>'; |
||
198 | } else { |
||
199 | echo "<td class='even'>" . $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span></td>'; |
||
200 | } |
||
201 | } else { |
||
202 | echo "<td class='even'>" . '-------------------' . '</td>'; |
||
203 | } |
||
204 | echo "<td class='even'><a href=main.php?op=secartedit&artid=$artid>" . _MD_EDIT . '</a></td>' . "<td class='even'><a href=main.php?op=secartdelete&artid=$artid>" . _MD_DELETE |
||
205 | . '</a></td>' . '</tr>'; |
||
206 | } |
||
207 | echo '</table><br>'; |
||
208 | echo "<input type='hidden' name='op' value='articledispchange' />"; |
||
209 | echo "<input type='submit' value=" . _MD_SAVECHANGES . ' />'; |
||
210 | echo '</form>'; |
||
211 | } |
||
212 | |||
213 | echo '<br>'; |
||
214 | echo '<hr /><h4>' . _MD_ADDNEWSEC . '</h4>'; |
||
215 | echo "<form action='main.php' method='post'>"; |
||
216 | echo '<b>' . _MD_SECNAMEC . '</b> ' . _MD_MAXCHAR . '<br>'; |
||
217 | echo "<input class='textbox' type='text' name='secname' size='40' maxlength='40' /><br><br>"; |
||
218 | echo '<b>' . _MD_SECDESC . '</b> ' . _MD_EXDESC . '<br>'; |
||
219 | echo "<input class='textbox' type='text' name='secdesc' size='40' maxlength='255' /><br><br>"; |
||
220 | echo '<b>' . _MD_LT_DISPLAY . '</b>'; |
||
221 | echo "<input class='textbox' type='checkbox' name='display' value='1' checked /><br><br>"; |
||
222 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
223 | $expire = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s'); |
||
224 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>'; |
||
225 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'>"; |
||
226 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'><br>"; |
||
227 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
228 | echo "<input type='hidden' name='op' value='sectionmake' />"; |
||
229 | echo "<input type='submit' value='" . _MD_GOADDSECTION . "' />"; |
||
230 | echo '</form>'; |
||
231 | } |
||
232 | |||
233 | /** |
||
234 | * @param $artid |
||
235 | */ |
||
236 | function secartedit($artid) |
||
237 | { |
||
238 | global $xoopsDB, $xoopsConfig, $xoopsModule, $xoopsModuleConfig; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
![]() |
|||
239 | $myts = MyTextSanitizer::getInstance(); |
||
240 | xoops_cp_header(); |
||
241 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
242 | $artid = (int)$artid; |
||
243 | include dirname(__DIR__) . '/module_prefix.php'; |
||
244 | $result = $xoopsDB->query('SELECT artid, secid, title, content, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$artid"); |
||
0 ignored issues
–
show
The variable
$module_prefix does not exist. Did you forget to declare it?
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. ![]() |
|||
245 | list($artid, $secid, $title, $content, $display, $expire) = $xoopsDB->fetchRow($result); |
||
246 | $artid = (int)$artid; |
||
247 | $secid = (int)$secid; |
||
248 | $title = $myts->displayTarea($myts->stripSlashesGPC($title)); |
||
249 | $content = $myts->htmlSpecialChars($myts->stripSlashesGPC($content)); |
||
250 | $display = (int)$display; |
||
251 | $expire = $myts->stripSlashesGPC($expire); |
||
252 | $expire = $myts->displayTarea($expire); |
||
253 | echo '<hr /><h3>' . _MD_EDITARTICLE . '</h3>'; |
||
254 | echo "<form enctype='multipart/form-data' action='main.php' method='post'>"; |
||
255 | echo '<b>' . _MD_EDITARTID . ' ' . $artid . '</b><br><br>'; |
||
256 | echo '<b>' . _MD_TITLEC . "</b><input class='textbox' type='text' name='title' size='40' value='" . $title . "' /><br><br>"; |
||
257 | echo '<b>' . _MD_SECNAMEC . "</b> <select name='secid'>"; |
||
258 | include dirname(__DIR__) . '/module_prefix.php'; |
||
259 | $result2 = $xoopsDB->query('SELECT secid, secname, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . ' ORDER BY secname'); |
||
260 | while (list($secid2, $secname, $display2, $expire2) = $xoopsDB->fetchRow($result2)) { |
||
261 | $secid2 = (int)$secid2; |
||
262 | $secname = $myts->displayTarea($secname); |
||
263 | $display2 = (int)$display2; |
||
264 | $expire2 = $myts->displayTarea($expire2); |
||
265 | if ($secid2 == $secid) { |
||
266 | echo "<option value='$secid2' selected>"; |
||
267 | } else { |
||
268 | echo "<option value='$secid2'>"; |
||
269 | } |
||
270 | echo $secname; |
||
271 | if (!$display2) { |
||
272 | echo ' (' . _MD_LT_HIDDEN . ')'; |
||
273 | } |
||
274 | echo '</option>'; |
||
275 | } |
||
276 | echo '</select>'; |
||
277 | echo '<br><br>'; |
||
278 | echo '<b>' . _MD_LT_DISPLAY . '</b>'; |
||
279 | $checked = $display ? 'checked' : ''; |
||
280 | echo "<input type='checkbox' name='display' " . $checked . ' /><br><br>'; |
||
281 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
282 | $endtime = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s'); |
||
283 | View Code Duplication | if ($expire !== '0000-00-00 00:00:00') { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
284 | if ($expire > $currenttime) { |
||
285 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
286 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1' checked>"; |
||
287 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'> <br>"; |
||
288 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
289 | } else { |
||
290 | echo '<b>' . _MD_LT_EXPIRE . '</b>: '; |
||
291 | echo $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span><br>'; |
||
292 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
293 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> "; |
||
294 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>"; |
||
295 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
296 | } |
||
297 | } else { |
||
298 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
299 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> "; |
||
300 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>"; |
||
301 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
302 | } |
||
303 | echo '<b>' . _MD_CONTENTC . '</b>' . _MD_READONLY . '<br>'; |
||
304 | //echo "<a href='../main.php?op=viewarticle&artid=$artid' target='quiz_window'><b>Preview</b></a>"; |
||
305 | |||
306 | echo "<textarea class='textbox' name='content' cols='60' rows='10' readonly>$content</textarea>"; |
||
307 | echo "<input type='hidden' name='MAX_FILE_SIZE' value='200000'><br>"; |
||
308 | echo '<b>' . _MD_FILE2REPLACE . "</b><input type='file' name='quizfile'><br><br>"; |
||
309 | echo "<input type='hidden' name='artid' value='$artid'>"; |
||
310 | echo "<input type='hidden' name='op' value='secartchange'>"; |
||
311 | echo "<table border='0'><tr><td>"; |
||
312 | echo "<input type='submit' value='" . _MD_SAVECHANGES . "'>"; |
||
313 | echo '</td></form>'; |
||
314 | echo "<form action='main.php' method='post'>"; |
||
315 | echo '<td>'; |
||
316 | echo "<input type='hidden' name='artid' value='$artid'>"; |
||
317 | echo "<input type='hidden' name='op' value='secartdelete'>"; |
||
318 | echo "<input type='submit' value='" . _MD_DELETE . "'>"; |
||
319 | echo '</td></form></tr></table>'; |
||
320 | } |
||
321 | |||
322 | /** |
||
323 | * @param $secid |
||
324 | */ |
||
325 | function sectionedit($secid) |
||
326 | { |
||
327 | global $xoopsDB, $xoopsConfig, $xoopsModule, $xoopsModuleConfig; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
![]() |
|||
328 | xoops_cp_header(); |
||
329 | echo '<h4>' . _AM_SECCONF . '</h4><br>'; |
||
330 | $myts = MyTextSanitizer::getInstance(); |
||
331 | $secid = (int)$secid; |
||
332 | include dirname(__DIR__) . '/module_prefix.php'; |
||
333 | $result = $xoopsDB->query('SELECT secid, secname, secdesc, display, expire FROM ' . $xoopsDB->prefix($module_prefix . '_sections') . " WHERE secid=$secid"); |
||
0 ignored issues
–
show
The variable
$module_prefix does not exist. Did you forget to declare it?
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. ![]() |
|||
334 | list($secid, $secname, $secdesc, $display, $expire) = $xoopsDB->fetchRow($result); |
||
335 | $secname = $myts->stripSlashesGPC($secname); |
||
336 | $secdesc = $myts->stripSlashesGPC($secdesc); |
||
337 | $display = (int)$display; |
||
338 | $expire = $myts->stripSlashesGPC($expire); |
||
339 | $expire = $myts->displayTarea($expire); |
||
340 | include dirname(__DIR__) . '/module_prefix.php'; |
||
341 | $result2 = $xoopsDB->query('select artid from ' . $xoopsDB->prefix($module_prefix . '_quiz') . " where secid=$secid"); |
||
342 | $number = $xoopsDB->getRowsNum($result2); |
||
343 | |||
344 | echo '<h4>'; |
||
345 | printf(_MD_EDITTHISSEC, $myts->displayTarea($secname)); |
||
346 | echo '</h4>'; |
||
347 | echo '<br>'; |
||
348 | printf(_MD_THISSECHAS, $number); |
||
349 | |||
350 | echo '<br><br>'; |
||
351 | echo "<form action='main.php' method='post'><br>"; |
||
352 | echo '<b>' . _MD_SECNAMEC . '</b> ' . _MD_MAXCHAR . '<br>'; |
||
353 | echo "<input class='textbox' type='text' name='secname' size='40' maxlength='40' value='" . $myts->displayTarea($secname) . "' /><br><br>"; |
||
354 | echo '<b>' . _MD_SECDESC . '</b> ' . _MD_EXDESC . '<br>'; |
||
355 | echo "<input class='textbox' type='text' name='secdesc' size='40' maxlength='50' value='" . $myts->displayTarea($secdesc) . "' /><br><br>"; |
||
356 | echo "<input type='hidden' name='secid' value='" . $secid . "' />"; |
||
357 | echo '<b>' . _MD_LT_DISPLAY . '</b>'; |
||
358 | $checked = $display ? 'checked' : ''; |
||
359 | echo "<input type='checkbox' name='display' value='1' " . $checked . ' /><br><br>'; |
||
360 | $currenttime = formatTimestamp(time(), 'Y-m-d H:i:s'); |
||
361 | $endtime = formatTimestamp(time() + $xoopsModuleConfig['default_days'] * 86400, 'Y-m-d H:i:s'); |
||
362 | View Code Duplication | if ($expire !== '0000-00-00 00:00:00') { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
363 | if ($expire > $currenttime) { |
||
364 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
365 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1' checked>"; |
||
366 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $expire . "'> <br>"; |
||
367 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
368 | } else { |
||
369 | echo '<b>' . _MD_LT_EXPIRE . '</b>: '; |
||
370 | echo $expire . "<span style='color:#ff0000;'>(" . _MD_LT_EXPIRED . ')</span><br>'; |
||
371 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
372 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> "; |
||
373 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>"; |
||
374 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
375 | } |
||
376 | } else { |
||
377 | echo '<b>' . _MD_LT_SET_EXPIRE . '</b>: '; |
||
378 | echo "<input class='textbox' type='checkbox' name='setexpire' value='1'> "; |
||
379 | echo "<input class='textbox' type='text' name='expire' size=19 value='" . $endtime . "'><br>"; |
||
380 | echo '<b>' . _MD_LT_CURRENT_TIME . '</b>: ' . $currenttime . '<br><br>'; |
||
381 | } |
||
382 | echo "<input type='hidden' name='op' value='sectionchange' />"; |
||
383 | |||
384 | echo "<table border='0'><tr><td>"; |
||
385 | echo "<input type='submit' value='" . _MD_SAVECHANGES . "' />"; |
||
386 | echo '</td></form>'; |
||
387 | echo "<form action='main.php' method='post'>"; |
||
388 | echo '<td>'; |
||
389 | echo "<input type='hidden' name='secid' value='" . $secid . "' />"; |
||
390 | echo "<input type='hidden' name='op' value='sectiondelete' />"; |
||
391 | echo "<input type='submit' value='" . _MD_DELETE . "' />"; |
||
392 | echo '</td></form></tr></table>'; |
||
393 | } |
||
394 | |||
395 | /** |
||
396 | * @param $content |
||
397 | * @return mixed |
||
398 | */ |
||
399 | function cgi_replace($content) |
||
400 | { |
||
401 | global $xoopsDB, $xoopsModule; |
||
0 ignored issues
–
show
Compatibility
Best Practice
introduced
by
Use of
global functionality is not recommended; it makes your code harder to test, and less reusable.
Instead of relying on 1. Pass all data via parametersfunction myFunction($a, $b) {
// Do something
}
2. Create a class that maintains your stateclass MyClass {
private $a;
private $b;
public function __construct($a, $b) {
$this->a = $a;
$this->b = $b;
}
public function myFunction() {
// Do something
}
}
![]() |
|||
402 | if (!strpos(_XD_FB_CODE4RESULTS_MARKER, $content)) { |
||
403 | $content = str_replace(_XD_FB_CODE4RESULTS_INSERT, _XD_FB_CODE4RESULTS . "\n\n" . _XD_FB_CODE4RESULTS_INSERT, $content); |
||
404 | View Code Duplication | if (!strpos(_XD_FB_CODE4STARTUP, $content)) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
405 | $content = str_replace(_XD_FB_CODE4STARTUP_INSERT, "\\0\n\n" . _XD_FB_CODE4STARTUP . "\n", $content); |
||
406 | } else { |
||
407 | redirect_header('main.php', 3, _MD_ERRORQUIZFILE); |
||
408 | } |
||
409 | View Code Duplication | if (!strpos(_XD_FB_CODE4SEND, $content)) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
410 | $content = str_replace(_XD_FB_CODE4SEND_INSERT, "\\0\n\n" . _XD_FB_CODE4SEND, $content); |
||
411 | } else { |
||
412 | redirect_header('main.php', 3, _MD_ERRORQUIZFILE); |
||
413 | } |
||
414 | } |
||
415 | |||
416 | $content = str_replace('toLocaleString', 'toGMTString', $content); |
||
417 | $action = XOOPS_URL . '/modules/' . $xoopsModule->dirname() . '/process_form.php'; |
||
418 | |||
419 | return preg_replace("/var ResultForm = '<html><body><form name=\"Results\" action=\"[^\"]*\"/", "var ResultForm = '<html><body><form name=\"Results\" action=\"$action\" accept-charset=\"EUC-JP\"", |
||
420 | $content); |
||
421 | } |
||
422 | |||
423 | // URL GET_VARS OPTION |
||
424 | $op = ''; |
||
425 | |||
426 | if (isset($_GET['op'])) { |
||
427 | $op = trim($_GET['op']); |
||
428 | $artid = isset($_GET['artid']) ? (int)$_GET['artid'] : 0; |
||
429 | $secid = isset($_GET['secid']) ? (int)$_GET['secid'] : 0; |
||
430 | $res_id = isset($_GET['res_id']) ? (int)$_GET['res_id'] : 0; |
||
431 | } elseif (!empty($_POST['op'])) { |
||
432 | $op = $_POST['op']; |
||
433 | $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0; |
||
434 | $secid = !empty($_POST['secid']) ? (int)$_POST['secid'] : 0; |
||
435 | $res_id = !empty($_POST['res_id']) ? (int)$_POST['res_id'] : 0; |
||
436 | } |
||
437 | |||
438 | switch ($op) { |
||
439 | case 'sections': |
||
440 | sections($secid); |
||
441 | break; |
||
442 | |||
443 | case 'sectionedit': |
||
444 | sectionedit($secid); |
||
445 | break; |
||
446 | |||
447 | case 'sectionmake': |
||
0 ignored issues
–
show
|
|||
448 | $myts = MyTextSanitizer::getInstance(); |
||
449 | $secname = !empty($_POST['secname']) ? $myts->stripSlashesGPC($_POST['secname']) : ''; |
||
450 | View Code Duplication | if (empty($_POST['secname'])) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
451 | redirect_header('main.php', 2, _MD_ERRORSECNAME); |
||
452 | } else { |
||
453 | $secname = $myts->stripSlashesGPC($_POST['secname']); |
||
454 | } |
||
455 | $secdesc = !empty($_POST['secdesc']) ? $myts->stripSlashesGPC($_POST['secdesc']) : ''; |
||
456 | $display = (int)(empty($_POST['display']) ? 0 : 1); |
||
457 | $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1); |
||
458 | $expire = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : 0; |
||
459 | $expire = $expire != 0 ? $xoopsDB->quoteString($expire) : 0; |
||
460 | $secname = $xoopsDB->quoteString($secname); |
||
461 | $secdesc = $xoopsDB->quoteString($secdesc); |
||
462 | include dirname(__DIR__) . '/module_prefix.php'; |
||
463 | $newid = $xoopsDB->genId($xoopsDB->prefix($module_prefix . '_sections') . '_secid_seq'); |
||
464 | include dirname(__DIR__) . '/module_prefix.php'; |
||
465 | $mytable = $xoopsDB->prefix($module_prefix . '_sections'); |
||
466 | $result = $xoopsDB->query('INSERT INTO ' . $mytable . " (secid, secname, secdesc, display, expire) VALUES ($newid, $secname, $secdesc, $display, $expire)"); |
||
467 | if ($result) { |
||
468 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
469 | break; |
||
470 | } else { |
||
471 | var_dump($result, $module_prefix, $newid, $display, $expire); |
||
0 ignored issues
–
show
|
|||
472 | redirect_header('main.php?op=sections', 2, _AM_MSG_UPDATE_FAILED); |
||
473 | } |
||
474 | |||
475 | case 'secartdelete': |
||
476 | xoops_cp_header(); |
||
477 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
478 | $myts = MyTextSanitizer::getInstance(); |
||
479 | View Code Duplication | if (!empty($_POST['artid'])) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
480 | $artid = (int)$_POST['artid']; |
||
481 | } elseif (!empty($_GET['artid'])) { |
||
482 | $artid = (int)$_GET['artid']; |
||
483 | } else { |
||
484 | $artid = 0; |
||
485 | } |
||
486 | $artid = (int)$artid; |
||
487 | include dirname(__DIR__) . '/module_prefix.php'; |
||
488 | $result = $xoopsDB->query('SELECT title FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$artid"); |
||
489 | list($title) = $xoopsDB->fetchRow($result); |
||
490 | $title = $myts->displayTarea($title); |
||
491 | xoops_confirm(array('op' => 'secartdelete_ok', 'artid' => $artid), 'main.php', sprintf(_MD_DELETETHISART, $title) . '<br><br>' . _MD_RUSUREDELART); |
||
492 | break; |
||
493 | |||
494 | case 'secartdelete_ok': |
||
495 | $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0; |
||
496 | if ($artid <= 0) { |
||
497 | redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED); |
||
498 | } |
||
499 | include dirname(__DIR__) . '/module_prefix.php'; |
||
500 | $xoopsDB->query('DETELE FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$artid"); |
||
501 | include dirname(__DIR__) . '/module_prefix.php'; |
||
502 | $xoopsDB->query('DETELE FROM ' . $xoopsDB->prefix($module_prefix . '_results') . " WHERE quiz_id=$artid"); |
||
503 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
504 | break; |
||
505 | |||
506 | case 'sectionchange': |
||
507 | if ($secid <= 0) { |
||
508 | redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED); |
||
509 | } |
||
510 | $myts = MyTextSanitizer::getInstance(); |
||
511 | View Code Duplication | if (empty($_POST['secname'])) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
512 | redirect_header('main.php', 2, _MD_ERRORSECNAME); |
||
513 | } else { |
||
514 | $secname = $myts->stripSlashesGPC($_POST['secname']); |
||
515 | } |
||
516 | $secdesc = !empty($_POST['secdesc']) ? $myts->stripSlashesGPC($_POST['secdesc']) : ''; |
||
517 | $secname = $xoopsDB->quoteString($secname); |
||
518 | $secdesc = $xoopsDB->quoteString($secdesc); |
||
519 | $display = (int)(empty($_POST['display']) ? 0 : 1); |
||
520 | $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1); |
||
521 | $expire = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : ''; |
||
522 | $expire = $xoopsDB->quoteString($expire); |
||
523 | include dirname(__DIR__) . '/module_prefix.php'; |
||
524 | $secid = (int)$secid; |
||
525 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_sections') . " SET secname=$secname, secdesc=$secdesc, display=$display, expire=$expire WHERE secid=$secid"); |
||
526 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
527 | break; |
||
528 | |||
529 | View Code Duplication | case 'sectiondispchange': |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
530 | foreach ($_POST['id'] as $secid) { |
||
531 | $secid = (int)$secid; |
||
532 | $display = (int)(empty($_POST['display'][$secid]) ? 0 : 1); |
||
533 | include dirname(__DIR__) . '/module_prefix.php'; |
||
534 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_sections') . " set display=$display WHERE secid=$secid"); |
||
535 | } |
||
536 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
537 | break; |
||
538 | |||
539 | View Code Duplication | case 'articledispchange': |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
540 | foreach ($_POST['id'] as $artid) { |
||
541 | $artid = (int)$artid; |
||
542 | $display = (int)(empty($_POST['display'][$artid]) ? 0 : 1); |
||
543 | include dirname(__DIR__) . '/module_prefix.php'; |
||
544 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_quiz') . " set display=$display WHERE artid=$artid"); |
||
545 | } |
||
546 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
547 | break; |
||
548 | |||
549 | case 'secarticleadd': |
||
0 ignored issues
–
show
|
|||
550 | if ($secid <= 0) { |
||
551 | redirect_header('main.php?op=sections', 2, _MD_ERRORSECNAME); |
||
552 | } |
||
553 | $myts = MyTextSanitizer::getInstance(); |
||
554 | if (empty($_POST['title'])) { |
||
555 | redirect_header('main.php?op=sections', 2, _MD_ERRORARTNAME); |
||
556 | } else { |
||
557 | $title = $myts->stripSlashesGPC($_POST['title']); |
||
558 | } |
||
559 | $title = $xoopsDB->quoteString($title); |
||
560 | $content = is_uploaded_file($_FILES['quizfile']['tmp_name']) ? implode(file($_FILES['quizfile']['tmp_name'])) : ''; |
||
561 | if (empty($content)) { |
||
562 | redirect_header('main.php?op=sections', 2, _MD_ERRORARTCONT); |
||
563 | } |
||
564 | $content = cgi_replace($content); |
||
565 | $content = $xoopsDB->quoteString($content); |
||
566 | $posted = $xoopsDB->quoteString(date('Y-m-d H:i:s')); |
||
567 | $poster = $xoopsUser->getVar('uid'); |
||
568 | $results_to = $xoopsDB->quoteString($xoopsUser->getVar('email')); |
||
569 | $display = (int)(empty($_POST['display']) ? 0 : 1); |
||
570 | $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1); |
||
571 | $expire = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : ''; |
||
572 | $expire = $xoopsDB->quoteString($expire); |
||
573 | |||
574 | include dirname(__DIR__) . '/module_prefix.php'; |
||
575 | $newid = $xoopsDB->genId($xoopsDB->prefix($module_prefix . '_quiz') . '_artid_seq'); |
||
576 | include dirname(__DIR__) . '/module_prefix.php'; |
||
577 | $result = $xoopsDB->query('INSERT INTO ' . $xoopsDB->prefix($module_prefix . '_quiz') |
||
578 | . " (artid, secid, title, content, posted, poster, results_to, counter, display, expire) VALUES ($newid, $secid, $title, $content, $posted, $poster, $results_to, 0, $display, $expire)"); |
||
579 | if ($result) { |
||
580 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
581 | break; |
||
582 | } else { |
||
583 | xoops_cp_header(); |
||
584 | echo "<table width='100%' border='0' cellspacing='1' class='outer'><tr><td class='odd'>"; |
||
585 | echo "<a href='./main.php'><h4>" . _AM_SECCONF . '</h4></a>'; |
||
586 | echo _MD_DBNOTUPDATED; |
||
587 | echo '<br>' . $success; |
||
588 | echo '</td></tr></table>'; |
||
589 | xoops_cp_footer(); |
||
590 | exit(); |
||
591 | } |
||
592 | |||
593 | case 'secartedit': |
||
594 | $artid = !empty($_REQUEST['artid']) ? (int)$_REQUEST['artid'] : 0; |
||
595 | if ($artid > 0) { |
||
596 | secartedit($artid); |
||
597 | } |
||
598 | break; |
||
599 | |||
600 | case 'secartchange': |
||
601 | $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0; |
||
602 | if ($artid <= 0) { |
||
603 | redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED); |
||
604 | } |
||
605 | $myts = MyTextSanitizer::getInstance(); |
||
606 | $secid = (int)$_POST['secid']; |
||
607 | $title = !empty($_POST['title']) ? $myts->stripSlashesGPC($_POST['title']) : ''; |
||
608 | $content = is_uploaded_file($_FILES['quizfile']['tmp_name']) ? implode(file($_FILES['quizfile']['tmp_name'])) : ''; |
||
609 | $display = (int)(empty($_POST['display']) ? 0 : 1); |
||
610 | $setexpire = (int)(empty($_POST['setexpire']) ? 0 : 1); |
||
611 | $expire = $setexpire ? $myts->stripSlashesGPC($_POST['expire']) : ''; |
||
612 | $expire = $xoopsDB->quoteString($expire); |
||
613 | $title = $xoopsDB->quoteString($title); |
||
614 | if (empty($content)) { |
||
615 | include dirname(__DIR__) . '/module_prefix.php'; |
||
616 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_quiz') . " SET secid=$secid, title=$title, display=$display, expire=$expire WHERE artid=$artid"); |
||
617 | } else { |
||
618 | $content = cgi_replace($content); |
||
619 | $content = $xoopsDB->quoteString($content); |
||
620 | include dirname(__DIR__) . '/module_prefix.php'; |
||
621 | $xoopsDB->query('UPDATE ' . $xoopsDB->prefix($module_prefix . '_quiz') . " SET secid=$secid, title=$title, content=$content, display=$display, expire=$expire WHERE artid=$artid"); |
||
622 | } |
||
623 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
624 | break; |
||
625 | |||
626 | case 'sectiondelete': |
||
627 | xoops_cp_header(); |
||
628 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
629 | xoops_confirm(array('op' => 'sectiondelete_ok', 'secid' => $secid), 'main.php', _MD_RUSUREDELSEC . '<br>' . _MD_THISDELETESALL); |
||
630 | break; |
||
631 | |||
632 | case 'sectiondelete_ok': |
||
633 | include dirname(__DIR__) . '/module_prefix.php'; |
||
634 | $sql = sprintf('DELETE FROM %s WHERE secid = %u', $xoopsDB->prefix($module_prefix . '_quiz'), $secid); |
||
635 | $xoopsDB->query($sql); |
||
636 | include dirname(__DIR__) . '/module_prefix.php'; |
||
637 | $sql = sprintf('DELETE FROM %s WHERE secid = %u', $xoopsDB->prefix($module_prefix . '_sections'), $secid); |
||
638 | $xoopsDB->query($sql); |
||
639 | redirect_header('main.php?op=sections', 2, _MD_DBUPDATED); |
||
640 | break; |
||
641 | |||
642 | case 'resultdelete': |
||
643 | xoops_cp_header(); |
||
644 | echo '<h4>' . _AM_SECCONF . '</h4>'; |
||
645 | $myts = MyTextSanitizer::getInstance(); |
||
646 | View Code Duplication | if (!empty($_POST['res_id'])) { |
|
0 ignored issues
–
show
This code seems to be duplicated across your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
647 | $res_id = (int)$_POST['res_id']; |
||
648 | } elseif (!empty($_GET['res_id'])) { |
||
649 | $res_id = (int)$_GET['res_id']; |
||
650 | } else { |
||
651 | $res_id = 0; |
||
652 | } |
||
653 | include dirname(__DIR__) . '/module_prefix.php'; |
||
654 | $result = $xoopsDB->query('SELECT quiz_id, uid, score, timestamp FROM ' . $xoopsDB->prefix($module_prefix . '_results') . " WHERE id=$res_id"); |
||
655 | list($quiz_id, $uid, $score, $timestamp) = $xoopsDB->fetchRow($result); |
||
656 | include dirname(__DIR__) . '/module_prefix.php'; |
||
657 | $result = $xoopsDB->query('SELECT title FROM ' . $xoopsDB->prefix($module_prefix . '_quiz') . " WHERE artid=$quiz_id"); |
||
658 | list($title) = $xoopsDB->fetchRow($result); |
||
659 | $message = '<center><br>' . _MD_RUSUREDELREC . '<br><br>'; |
||
660 | $message .= "<table border='1'><th>" . _MD_LT_STUDENT . '</th><th>' . _MD_LT_TITLE . '</th><th>' . _MD_LT_SCORE . '</th><th>' . _MD_LT_DATE . '</th></tr>'; |
||
661 | $message .= "<tr><td align='center'>" . $xoopsUser->getUnameFromId($uid) . "</td><td align='center'>$title</td><td align='center'>$score</td><td align='center'>$timestamp</td></tr>"; |
||
662 | $message .= '</table></center>'; |
||
663 | xoops_confirm(array('op' => 'resultdelete_ok', 'res_id' => $res_id, 'artid' => $quiz_id), 'main.php', $message); |
||
664 | break; |
||
665 | |||
666 | case 'resultdelete_ok': |
||
667 | $res_id = !empty($_POST['res_id']) ? (int)$_POST['res_id'] : 0; |
||
668 | $artid = !empty($_POST['artid']) ? (int)$_POST['artid'] : 0; |
||
669 | if ($res_id <= 0) { |
||
670 | redirect_header('main.php?op=sections', 2, _MD_DBNOTUPDATED); |
||
671 | } |
||
672 | include dirname(__DIR__) . '/module_prefix.php'; |
||
673 | $sql = sprintf('DELETE FROM %s WHERE id = %u', $xoopsDB->prefix($module_prefix . '_results'), $res_id); |
||
674 | $xoopsDB->query($sql); |
||
675 | redirect_header("../main.php?op=viewresults&artid=$artid", 2, _MD_DBUPDATED); |
||
676 | break; |
||
677 | |||
678 | default: |
||
679 | sections(); |
||
680 | break; |
||
681 | } |
||
682 | |||
683 | xoops_cp_footer(); |
||
684 |
The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.
The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.
To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.