Issues in modify.php - Fixed Issues - Inspection of "updates" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 9d155f...5e790e )

by Michael

created 2018-03-20 07:06 UTC

modify.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php
/*
-------------------------------------------------------------------------
                     ADSLIGHT 2 : Module for Xoops

        Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
        Started with the Classifieds module and made MANY changes
        Website : http://www.luc-bizet.fr
        Contact : [email protected]
-------------------------------------------------------------------------
             Original credits below Version History
##########################################################################
#                    Classified Module for Xoops                         #
#  By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com         #
#      Started with the MyAds module and made MANY changes               #
##########################################################################
 Original Author: Pascal Le Boustouller
 Author Website : [email protected]
 Licence Type   : GPL
-------------------------------------------------------------------------
*/

use Xmf\Request;
use XoopsModules\Adslight;

require_once __DIR__ . '/header.php';
$moduleDirName = basename(__DIR__);
$main_lang     = '_' . strtoupper($moduleDirName);
//require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
$myts      = \MyTextSanitizer::getInstance();
$module_id = $xoopsModule->getVar('mid');

$groups = ($GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
/** @var XoopsGroupPermHandler $gpermHandler */
$gpermHandler = xoops_getHandler('groupperm');
$perm_itemid  = Request::getInt('item_id', 0, 'POST');

//If no access
if (!$gpermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
    redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
}

/**
 * @param $lid
 * @param $ok
 */
function listingDel($lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
    list($usid) = $xoopsDB->fetchRow($result);

    $result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if (1 == $ok) {
                while (false !== (list($purl) = $xoopsDB->fetchRow($result1))) {
                    if ($purl) {
                        $destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
                        if (file_exists("$destination/$purl")) {
                            unlink("$destination/$purl");
                        }
                        $destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
                        if (file_exists("$destination2/thumb_$purl")) {
                            unlink("$destination2/thumb_$purl");
                        }
                        $destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
                        if (file_exists("$destination3/resized_$purl")) {
                            unlink("$destination3/resized_$purl");
                        }

                        $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
                    }
                }
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
                redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo '[ <a href="modify.php?op=ListingDel&amp;lid=' . $lid . '&amp;ok=1">' . _ADSLIGHT_OUI . '</a> | <a href="index.php">' . _ADSLIGHT_NON . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $r_lid
 * @param $ok
 */
function delReply($r_lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' l LEFT JOIN ' . $xoopsDB->prefix('adslight_replies') . ' r ON l.lid=r.lid  WHERE r.r_lid=' . $xoopsDB->escape($r_lid));
    list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if (1 == $ok) {
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid));
                redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo '[ <a href="modify.php?op=DelReply&amp;r_lid=' . addslashes($r_lid) . '&amp;ok=1">' . _ADSLIGHT_OUI . '</a> | <a href="members.php?usid=' . addslashes($usid) . '">' . _ADSLIGHT_NON . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $lid
 */
function modAd($lid)
{
    global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;
    $contactselect = '';
    require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
    require_once XOOPS_ROOT_PATH . '/modules/adslight/class/Utility.php';
    echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";

    require_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
    $mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
filter:
    dependency_paths: ["lib/*"]

    $result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
    list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);

    $categories = Adslight\Utility::getMyItemIds('adslight_submit');
    if (is_array($categories) && count($categories) > 0) {
        if (!in_array($cide, $categories)) {
            redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
        }
    } else {    // User can't see any category
        redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
    }

    if ($GLOBALS['xoopsUser']) {
        $calusern = $GLOBALS['xoopsUser']->uid();
        if ($usid == $calusern) {
            echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
            $title    = $myts->htmlSpecialChars($title);
            $status   = $myts->htmlSpecialChars($status);
            $expire   = $myts->htmlSpecialChars($expire);
            $type     = $myts->htmlSpecialChars($type);
            $desctext = $myts->displayTarea($desctext, 1);
            $tel      = $myts->htmlSpecialChars($tel);

            //            $price      = number_format($price, 2, ',', ' ');

            xoops_load('XoopsLocal');
            $tempXoopsLocal = new \XoopsLocal;
            //  For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
            $price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
            //  For other countries uncomment the below line and comment out the above line
            //      $price = $tempXoopsLocal->number_format($price);

            $typeprice  = $myts->htmlSpecialChars($typeprice);
            $typeusure  = $myts->htmlSpecialChars($typeusure);
            $submitter  = $myts->htmlSpecialChars($submitter);
            $town       = $myts->htmlSpecialChars($town);
            $country    = $myts->htmlSpecialChars($country);
            $contactby  = $myts->htmlSpecialChars($contactby);
            $premium    = $myts->htmlSpecialChars($premium);
            $useroffset = '';
            if ($GLOBALS['xoopsUser']) {
                $timezone   = $GLOBALS['xoopsUser']->timezone();
                $useroffset = (!empty($timezone)) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
            }
            $dates = ($useroffset * 3600) + $date;
            $dates = formatTimestamp($date, 's');

            echo '<form action="modify.php" method=post enctype="multipart/form-data">';
            echo $GLOBALS['xoopsSecurity']->getTokenHTML();
            echo '<table><tr class="head" border="2">
    <td class="head">' . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
    </tr><tr>";

            if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_diff_name']) {
                echo '<td class="head">' . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" ></td>";
            } else {
                echo '<td class="head">' . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
            }
            echo '</tr><tr>';

            if (1 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
            }
            if (2 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PM;
            }
            if (3 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
            }
            if (4 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
            }

            echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
    <option value=\"" . $contactby . '">' . $contactselect . '</option>
    <option value="1">' . _ADSLIGHT_CONTACT_BY_EMAIL . '</option>
    <option value="2">' . _ADSLIGHT_CONTACT_BY_PM . '</option>
    <option value="3">' . _ADSLIGHT_CONTACT_BY_BOTH . '</option>
    <option value="4">' . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';

            if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_diff_email']) {
                echo '<tr><td class="head">' . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" ></td>";
            } else {
                echo '<tr><td class="head">' . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" ></td>";
            }
            echo '</tr><tr>
    <td class="head">' . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" ></td>
    </tr>";
            echo '<tr>
    <td class="head">' . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" ></td>
    </tr>";
            if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_use_country']) {
                echo '<tr>
    <td class="head">' . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" ></td>
    </tr>";
            } else {
                echo '<input type="hidden" name="country" value="">';
            }

            echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
            if ('0' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_ACTIVE . '&nbsp;&nbsp; <input type="radio" name="status" value="1"';
            if ('1' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_INACTIVE . '&nbsp;&nbsp; <input type="radio" name="status" value="2"';
            if ('2' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
            echo '<tr>
    <td class="head">' . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" ></td>
    </tr>";
            echo '<tr><td class="head">' . _ADSLIGHT_PRICE2 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" > " . $GLOBALS['xoopsModuleConfig']['adslight_currency_symbol'];

            $result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
            echo ' <select name="typeprice">';
            while (false !== (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3))) {
                $sel = '';
                if ($id_price == $typeprice) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_price\" $sel>$nom_price</option>";
            }
            echo '</select></td></tr>';
            $module_id = $xoopsModule->getVar('mid');
            $groups    = ($GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;

            /** @var XoopsGroupPermHandler $gpermHandler */
            $gpermHandler = xoops_getHandler('groupperm');
            $perm_itemid  = Request::getInt('item_id', 0, 'GET');

            //If no access
            if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire  " . _ADSLIGHT_DAY . '</td>
    </tr>';
                echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" >";
            } else {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" >  " . _ADSLIGHT_DAY . '</td>
    </tr>';
            }

            /// Type d'annonce
            echo '<tr>
    <td class="head">' . _ADSLIGHT_TYPE . ' </td><td class="head"><select name="type">';

            $result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
            while (false !== (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5))) {
                $sel = '';
                if ($id_type == $type) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_type\" $sel>$nom_type</option>";
            }
            echo '</select></td></tr>';

            /// Etat de l'objet
            echo '<tr>
    <td class="head">' . _ADSLIGHT_TYPE_USURE . ' </td><td class="head"><select name="typeusure">';

            $result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
            while (false !== (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6))) {
                $sel = '';
                if ($id_usure == $typeusure) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
            }
            echo '</select></td></tr>';

            echo '<tr>
    <td class="head">' . _ADSLIGHT_CAT . ' </td><td class="head">';
            $mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
            echo '</td>
    </tr><tr>
    <td class="head">' . _ADSLIGHT_DESC . ' </td><td class="head">';
            $wysiwyg_text_area = Adslight\Utility::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
            echo $wysiwyg_text_area->render();
            echo '</td></tr>
    <td colspan=2><br><input type="submit" value="' . _ADSLIGHT_MODIFANN . '" ></td>
    </tr></table>';
            echo '<input type="hidden" name="op" value="ModAdS" >';

            $module_id = $xoopsModule->getVar('mid');
            if (is_object($GLOBALS['xoopsUser'])) {
                $groups =& $GLOBALS['xoopsUser']->getGroups();
            } else {
                $groups = XOOPS_GROUP_ANONYMOUS;
            }
            /** @var XoopsGroupPermHandler $gpermHandler */
            $gpermHandler = xoops_getHandler('groupperm');
            $perm_itemid  = Request::getInt('item_id', 0, 'POST');
            //If no access
            if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_moderated']) {
                    echo '<input type="hidden" name="valid" value="No" >';
                    echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
                } else {
                    echo '<input type="hidden" name="valid" value="Yes" >';
                }
            } else {
                echo '<input type="hidden" name="valid" value="Yes" >';
            }
            echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" >";
            echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" >";
            echo "<input type=\"hidden\" name=\"date\" value=\"$date\" >
    " . $GLOBALS['xoopsSecurity']->getTokenHTML('token') . '';
            echo '</form><br></fieldset><br>';
        }
    }
}

/**
 * @param $lid
 * @param $cat
 * @param $title
 * @param $status
 * @param $expire
 * @param $type
 * @param $desctext
 * @param $tel
 * @param $price
 * @param $typeprice
 * @param $typeusure
 * @param $date
 * @param $email
 * @param $submitter
 * @param $town
 * @param $country
 * @param $contactby
 * @param $premium
 * @param $valid
 */
function modAdS($lid, $cat, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid)
{
    global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang;

    if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['token'])) {
        redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $GLOBALS['xoopsSecurity']->getErrors());
    }
    $title     = $myts->addSlashes($title);
    $status    = $myts->addSlashes($status);
    $expire    = $myts->addSlashes($expire);
    $type      = $myts->addSlashes($type);
    $desctext  = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
    $tel       = $myts->addSlashes($tel);
    $price     = str_replace([' '], '', $price);
    $typeprice = $myts->addSlashes($typeprice);
    $typeusure = $myts->addSlashes($typeusure);
    $submitter = $myts->addSlashes($submitter);
    $town      = $myts->addSlashes($town);
    $country   = $myts->addSlashes($country);
    $contactby = $myts->addSlashes($contactby);
    $premium   = $myts->addSlashes($premium);

    $xoopsDB->query('UPDATE '
                    . $xoopsDB->prefix('adslight_listing')
                    . " SET cid='$cat', title='$title', status='$status',  expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");

    redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
}

####################################################
foreach ($_POST as $k => $v) {
    ${$k} = $v;
}
$ok = Request::getString('ok', '', 'GET');

if (!Request::hasVar('lid', 'POST') && Request::hasVar('lid', 'GET')) {
    $lid = Request::getInt('lid', 0, 'GET');
}
if (!Request::hasVar('r_lid', 'POST') && Request::hasVar('r_lid', 'GET')) {
    $r_lid = Request::getInt('r_lid', '', 'GET');
}
if (!Request::hasVar('op', 'POST') && Request::hasVar('op', 'GET')) {
    $op = Request::getString('op', '', 'GET');
}
switch ($op) {

    case 'ModAd':
        include XOOPS_ROOT_PATH . '/header.php';
        modAd($lid);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'ModAdS':
        modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
        break;

    case 'ListingDel':
        include XOOPS_ROOT_PATH . '/header.php';
        listingDel($lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'DelReply':
        include XOOPS_ROOT_PATH . '/header.php';
        delReply($r_lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    default:
        redirect_header('index.php', 1, '' . _RETURNANN);
        break;
}


1			<?php
2			/*
3			-------------------------------------------------------------------------
4			ADSLIGHT 2 : Module for Xoops
5
6			Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
7			Started with the Classifieds module and made MANY changes
8			Website : http://www.luc-bizet.fr
9			Contact : [email protected]
10			-------------------------------------------------------------------------
11			Original credits below Version History
12			##########################################################################
13			# Classified Module for Xoops #
14			# By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com #
15			# Started with the MyAds module and made MANY changes #
16			##########################################################################
17			Original Author: Pascal Le Boustouller
18			Author Website : [email protected]
19			Licence Type : GPL
20			-------------------------------------------------------------------------
21			*/
22
23			use Xmf\Request;
24			use XoopsModules\Adslight;
25
26			require_once __DIR__ . '/header.php';
27			$moduleDirName = basename(__DIR__);
28			$main_lang = '_' . strtoupper($moduleDirName);
29			//require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
30			$myts = \MyTextSanitizer::getInstance();
31			$module_id = $xoopsModule->getVar('mid');
32
33			$groups = ($GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
34			/** @var XoopsGroupPermHandler $gpermHandler */
35			$gpermHandler = xoops_getHandler('groupperm');
36			$perm_itemid = Request::getInt('item_id', 0, 'POST');
37
38			//If no access
39			if (!$gpermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
40			redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
41			}
42
43			/**
44			* @param $lid
45			* @param $ok
46			*/
47			function listingDel($lid, $ok)
48			{
49			global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
50
51			$result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
52			list($usid) = $xoopsDB->fetchRow($result);
53
54			$result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
55
56			if ($GLOBALS['xoopsUser']) {
57			$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
58			if ($usid == $currentid) {
59			if (1 == $ok) {
60			while (false !== (list($purl) = $xoopsDB->fetchRow($result1))) {
61			if ($purl) {
62			$destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
63			if (file_exists("$destination/$purl")) {
64			unlink("$destination/$purl");
65			}
66			$destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
67			if (file_exists("$destination2/thumb_$purl")) {
68			unlink("$destination2/thumb_$purl");
69			}
70			$destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
71			if (file_exists("$destination3/resized_$purl")) {
72			unlink("$destination3/resized_$purl");
73			}
74
75			$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
76			}
77			}
78			$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
79			redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
80			} else {
81			echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
82			echo '<br><div style="text-align:center">';
83			echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
84			}
85			echo '[ <a href="modify.php?op=ListingDel&lid=' . $lid . '&ok=1">' . _ADSLIGHT_OUI . '</a> \| <a href="index.php">' . _ADSLIGHT_NON . '</a> ]<br><br>';
86			echo '</td></tr></table>';
87			}
88			}
89			}
90
91			/**
92			* @param $r_lid
93			* @param $ok
94			*/
95			function delReply($r_lid, $ok)
96			{
97			global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
98
99			$result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' l LEFT JOIN ' . $xoopsDB->prefix('adslight_replies') . ' r ON l.lid=r.lid WHERE r.r_lid=' . $xoopsDB->escape($r_lid));
100			list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);
101
102			if ($GLOBALS['xoopsUser']) {
103			$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
104			if ($usid == $currentid) {
105			if (1 == $ok) {
106			$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid));
107			redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
108			} else {
109			echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
110			echo '<br><div style="text-align:center">';
111			echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
112			}
113			echo '[ <a href="modify.php?op=DelReply&r_lid=' . addslashes($r_lid) . '&ok=1">' . _ADSLIGHT_OUI . '</a> \| <a href="members.php?usid=' . addslashes($usid) . '">' . _ADSLIGHT_NON . '</a> ]<br><br>';
114			echo '</td></tr></table>';
115			}
116			}
117			}
118
119			/**
120			* @param $lid
121			*/
122			function modAd($lid)
123			{
124			global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;
125			$contactselect = '';
126			require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
127			require_once XOOPS_ROOT_PATH . '/modules/adslight/class/Utility.php';
128			echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";
129
130			require_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
131			$mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
			0 ignored issues – show Bug introduced 2018-03-16 07:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `ClassifiedsTree` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
132
133			$result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
134			list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);
135
136			$categories = Adslight\Utility::getMyItemIds('adslight_submit');
137			if (is_array($categories) && count($categories) > 0) {
138			if (!in_array($cide, $categories)) {
139			redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
140			}
141			} else { // User can't see any category
142			redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
143			}
144
145			if ($GLOBALS['xoopsUser']) {
146			$calusern = $GLOBALS['xoopsUser']->uid();
147			if ($usid == $calusern) {
148			echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
149			$title = $myts->htmlSpecialChars($title);
150			$status = $myts->htmlSpecialChars($status);
151			$expire = $myts->htmlSpecialChars($expire);
152			$type = $myts->htmlSpecialChars($type);
153			$desctext = $myts->displayTarea($desctext, 1);
154			$tel = $myts->htmlSpecialChars($tel);
155
156			// $price = number_format($price, 2, ',', ' ');
157
158			xoops_load('XoopsLocal');
159			$tempXoopsLocal = new \XoopsLocal;
160			// For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
161			$price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
162			// For other countries uncomment the below line and comment out the above line
163			// $price = $tempXoopsLocal->number_format($price);
164
165			$typeprice = $myts->htmlSpecialChars($typeprice);
166			$typeusure = $myts->htmlSpecialChars($typeusure);
167			$submitter = $myts->htmlSpecialChars($submitter);
168			$town = $myts->htmlSpecialChars($town);
169			$country = $myts->htmlSpecialChars($country);
170			$contactby = $myts->htmlSpecialChars($contactby);
171			$premium = $myts->htmlSpecialChars($premium);
172			$useroffset = '';
173			if ($GLOBALS['xoopsUser']) {
174			$timezone = $GLOBALS['xoopsUser']->timezone();
175			$useroffset = (!empty($timezone)) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
176			}
177			$dates = ($useroffset * 3600) + $date;
178			$dates = formatTimestamp($date, 's');
179
180			echo '<form action="modify.php" method=post enctype="multipart/form-data">';
181			echo $GLOBALS['xoopsSecurity']->getTokenHTML();
182			echo '<table><tr class="head" border="2">
183			<td class="head">' . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
184			</tr><tr>";
185
186			if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_diff_name']) {
187			echo '<td class="head">' . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" ></td>";
188			} else {
189			echo '<td class="head">' . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
190			}
191			echo '</tr><tr>';
192
193			if (1 == $contactby) {
194			$contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
195			}
196			if (2 == $contactby) {
197			$contactselect = _ADSLIGHT_CONTACT_BY_PM;
198			}
199			if (3 == $contactby) {
200			$contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
201			}
202			if (4 == $contactby) {
203			$contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
204			}
205
206			echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
207			<option value=\"" . $contactby . '">' . $contactselect . '</option>
208			<option value="1">' . _ADSLIGHT_CONTACT_BY_EMAIL . '</option>
209			<option value="2">' . _ADSLIGHT_CONTACT_BY_PM . '</option>
210			<option value="3">' . _ADSLIGHT_CONTACT_BY_BOTH . '</option>
211			<option value="4">' . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';
212
213			if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_diff_email']) {
214			echo '<tr><td class="head">' . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" ></td>";
215			} else {
216			echo '<tr><td class="head">' . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" ></td>";
217			}
218			echo '</tr><tr>
219			<td class="head">' . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" ></td>
220			</tr>";
221			echo '<tr>
222			<td class="head">' . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" ></td>
223			</tr>";
224			if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_use_country']) {
225			echo '<tr>
226			<td class="head">' . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" ></td>
227			</tr>";
228			} else {
229			echo '<input type="hidden" name="country" value="">';
230			}
231
232			echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
233			if ('0' == $status) {
234			echo 'checked';
235			}
236			echo '>' . _ADSLIGHT_ACTIVE . '   <input type="radio" name="status" value="1"';
237			if ('1' == $status) {
238			echo 'checked';
239			}
240			echo '>' . _ADSLIGHT_INACTIVE . '   <input type="radio" name="status" value="2"';
241			if ('2' == $status) {
242			echo 'checked';
243			}
244			echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
245			echo '<tr>
246			<td class="head">' . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" ></td>
247			</tr>";
248			echo '<tr><td class="head">' . _ADSLIGHT_PRICE2 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" > " . $GLOBALS['xoopsModuleConfig']['adslight_currency_symbol'];
249
250			$result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
251			echo ' <select name="typeprice">';
252			while (false !== (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3))) {
253			$sel = '';
254			if ($id_price == $typeprice) {
255			$sel = 'selected';
256			}
257			echo "<option value=\"$id_price\" $sel>$nom_price</option>";
258			}
259			echo '</select></td></tr>';
260			$module_id = $xoopsModule->getVar('mid');
261			$groups = ($GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
262
263			/** @var XoopsGroupPermHandler $gpermHandler */
264			$gpermHandler = xoops_getHandler('groupperm');
265			$perm_itemid = Request::getInt('item_id', 0, 'GET');
266
267			//If no access
268			if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
269			echo "<tr>
270			<td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire " . _ADSLIGHT_DAY . '</td>
271			</tr>';
272			echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" >";
273			} else {
274			echo "<tr>
275			<td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" > " . _ADSLIGHT_DAY . '</td>
276			</tr>';
277			}
278
279			/// Type d'annonce
280			echo '<tr>
281			<td class="head">' . _ADSLIGHT_TYPE . ' </td><td class="head"><select name="type">';
282
283			$result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
284			while (false !== (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5))) {
285			$sel = '';
286			if ($id_type == $type) {
287			$sel = 'selected';
288			}
289			echo "<option value=\"$id_type\" $sel>$nom_type</option>";
290			}
291			echo '</select></td></tr>';
292
293			/// Etat de l'objet
294			echo '<tr>
295			<td class="head">' . _ADSLIGHT_TYPE_USURE . ' </td><td class="head"><select name="typeusure">';
296
297			$result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
298			while (false !== (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6))) {
299			$sel = '';
300			if ($id_usure == $typeusure) {
301			$sel = 'selected';
302			}
303			echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
304			}
305			echo '</select></td></tr>';
306
307			echo '<tr>
308			<td class="head">' . _ADSLIGHT_CAT . ' </td><td class="head">';
309			$mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
310			echo '</td>
311			</tr><tr>
312			<td class="head">' . _ADSLIGHT_DESC . ' </td><td class="head">';
313			$wysiwyg_text_area = Adslight\Utility::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
314			echo $wysiwyg_text_area->render();
315			echo '</td></tr>
316			<td colspan=2><br><input type="submit" value="' . _ADSLIGHT_MODIFANN . '" ></td>
317			</tr></table>';
318			echo '<input type="hidden" name="op" value="ModAdS" >';
319
320			$module_id = $xoopsModule->getVar('mid');
321			if (is_object($GLOBALS['xoopsUser'])) {
322			$groups =& $GLOBALS['xoopsUser']->getGroups();
323			} else {
324			$groups = XOOPS_GROUP_ANONYMOUS;
325			}
326			/** @var XoopsGroupPermHandler $gpermHandler */
327			$gpermHandler = xoops_getHandler('groupperm');
328			$perm_itemid = Request::getInt('item_id', 0, 'POST');
329			//If no access
330			if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
331			if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_moderated']) {
332			echo '<input type="hidden" name="valid" value="No" >';
333			echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
334			} else {
335			echo '<input type="hidden" name="valid" value="Yes" >';
336			}
337			} else {
338			echo '<input type="hidden" name="valid" value="Yes" >';
339			}
340			echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" >";
341			echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" >";
342			echo "<input type=\"hidden\" name=\"date\" value=\"$date\" >
343			" . $GLOBALS['xoopsSecurity']->getTokenHTML('token') . '';
344			echo '</form><br></fieldset><br>';
345			}
346			}
347			}
348
349			/**
350			* @param $lid
351			* @param $cat
352			* @param $title
353			* @param $status
354			* @param $expire
355			* @param $type
356			* @param $desctext
357			* @param $tel
358			* @param $price
359			* @param $typeprice
360			* @param $typeusure
361			* @param $date
362			* @param $email
363			* @param $submitter
364			* @param $town
365			* @param $country
366			* @param $contactby
367			* @param $premium
368			* @param $valid
369			*/
370			function modAdS($lid, $cat, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid)
371			{
372			global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang;
373
374			if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['token'])) {
375			redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $GLOBALS['xoopsSecurity']->getErrors());
376			}
377			$title = $myts->addSlashes($title);
378			$status = $myts->addSlashes($status);
379			$expire = $myts->addSlashes($expire);
380			$type = $myts->addSlashes($type);
381			$desctext = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
382			$tel = $myts->addSlashes($tel);
383			$price = str_replace([' '], '', $price);
384			$typeprice = $myts->addSlashes($typeprice);
385			$typeusure = $myts->addSlashes($typeusure);
386			$submitter = $myts->addSlashes($submitter);
387			$town = $myts->addSlashes($town);
388			$country = $myts->addSlashes($country);
389			$contactby = $myts->addSlashes($contactby);
390			$premium = $myts->addSlashes($premium);
391
392			$xoopsDB->query('UPDATE '
393			. $xoopsDB->prefix('adslight_listing')
394			. " SET cid='$cat', title='$title', status='$status', expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");
395
396			redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
397			}
398
399			####################################################
400			foreach ($_POST as $k => $v) {
401			${$k} = $v;
402			}
403			$ok = Request::getString('ok', '', 'GET');
404
405			if (!Request::hasVar('lid', 'POST') && Request::hasVar('lid', 'GET')) {
406			$lid = Request::getInt('lid', 0, 'GET');
407			}
408			if (!Request::hasVar('r_lid', 'POST') && Request::hasVar('r_lid', 'GET')) {
409			$r_lid = Request::getInt('r_lid', '', 'GET');
410			}
411			if (!Request::hasVar('op', 'POST') && Request::hasVar('op', 'GET')) {
412			$op = Request::getString('op', '', 'GET');
413			}
414			switch ($op) {
415
416			case 'ModAd':
417			include XOOPS_ROOT_PATH . '/header.php';
418			modAd($lid);
419			include XOOPS_ROOT_PATH . '/footer.php';
420			break;
421
422			case 'ModAdS':
423			modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
424			break;
425
426			case 'ListingDel':
427			include XOOPS_ROOT_PATH . '/header.php';
428			listingDel($lid, $ok);
429			include XOOPS_ROOT_PATH . '/footer.php';
430			break;
431
432			case 'DelReply':
433			include XOOPS_ROOT_PATH . '/header.php';
434			delReply($r_lid, $ok);
435			include XOOPS_ROOT_PATH . '/footer.php';
436			break;
437
438			default:
439			redirect_header('index.php', 1, '' . _RETURNANN);
440			break;
441			}
442

mambax7 / adslight

Push — master ( 9d155f...5e790e )

modify.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like