Issues in modify.php - New Issues - Inspection of "xoopsSecurity part2" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( deac0a...054aa6 )

by Michael

created 2017-07-22 04:01 UTC

modify.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
-------------------------------------------------------------------------
                     ADSLIGHT 2 : Module for Xoops

        Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
        Started with the Classifieds module and made MANY changes
        Website : http://www.luc-bizet.fr
        Contact : [email protected]
-------------------------------------------------------------------------
             Original credits below Version History
##########################################################################
#                    Classified Module for Xoops                         #
#  By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com         #
#      Started with the MyAds module and made MANY changes               #
##########################################################################
 Original Author: Pascal Le Boustouller
 Author Website : [email protected]
 Licence Type   : GPL
-------------------------------------------------------------------------
*/

use Xmf\Request;

require_once __DIR__ . '/header.php';
$moduleDirName = basename(__DIR__);
$main_lang     = '_' . strtoupper($moduleDirName);
//require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';

$myts      = MyTextSanitizer::getInstance();
$module_id = $xoopsModule->getVar('mid');

$groups = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
/** @var XoopsGroupPermHandler $gpermHandler */
$gpermHandler = xoops_getHandler('groupperm');
$perm_itemid  = Request::getInt('item_id', 0, 'POST');

//If no access
if (!$gpermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
    redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
}

/**
 * @param $lid
 * @param $ok
 */
function listingDel($lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
    list($usid) = $xoopsDB->fetchRow($result);

    $result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                while (list($purl) = $xoopsDB->fetchRow($result1)) {
                    if ($purl) {
                        $destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
                        if (file_exists("$destination/$purl")) {
                            unlink("$destination/$purl");
                        }
                        $destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
                        if (file_exists("$destination2/thumb_$purl")) {
                            unlink("$destination2/thumb_$purl");
                        }
                        $destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
                        if (file_exists("$destination3/resized_$purl")) {
                            unlink("$destination3/resized_$purl");
                        }

                        $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
                    }
                }
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
                redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo "[ <a href=\"modify.php?op=ListingDel&amp;lid=" . $lid . "&amp;ok=1\">" . _ADSLIGHT_OUI . "</a> | <a href=\"index.php\">" . _ADSLIGHT_NON . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $r_lid
 * @param $ok
 */
function delReply($r_lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . ' l LEFT JOIN '
                              . $xoopsDB->prefix('adslight_replies')
                              . ' r ON l.lid=r.lid  WHERE r.r_lid='
                              . $xoopsDB->escape($r_lid));
    list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid));
                redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo "[ <a href=\"modify.php?op=DelReply&amp;r_lid="
                 . addslashes($r_lid)
                 . "&amp;ok=1\">"
                 . _ADSLIGHT_OUI
                 . "</a> | <a href=\"members.php?usid="
                 . addslashes($usid)
                 . "\">"
                 . _ADSLIGHT_NON
                 . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $lid
 */
function modAd($lid)
{
    global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;
    $contactselect = '';
    require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
    require_once XOOPS_ROOT_PATH . '/modules/adslight/class/utility.php';
    echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";

    require_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
    $mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');

    $result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . ' WHERE lid='
                              . $xoopsDB->escape($lid));
    list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);

    $categories = AdslightUtility::getMyItemIds('adslight_submit');
    if (is_array($categories) && count($categories) > 0) {
        if (!in_array($cide, $categories)) {
            redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
        }
    } else {    // User can't see any category
        redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
    }

    if ($GLOBALS['xoopsUser']) {
        $calusern = $GLOBALS['xoopsUser']->uid();
        if ($usid == $calusern) {
            echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
            $title    = $myts->htmlSpecialChars($title);
            $status   = $myts->htmlSpecialChars($status);
            $expire   = $myts->htmlSpecialChars($expire);
            $type     = $myts->htmlSpecialChars($type);
            $desctext = $myts->displayTarea($desctext, 1);
            $tel      = $myts->htmlSpecialChars($tel);

            //            $price      = number_format($price, 2, ',', ' ');

            xoops_load('XoopsLocal');
            $tempXoopsLocal = new XoopsLocal;
            //  For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
            $price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
            //  For other countries uncomment the below line and comment out the above line
            //      $price = $tempXoopsLocal->number_format($price);

            $typeprice  = $myts->htmlSpecialChars($typeprice);
            $typeusure  = $myts->htmlSpecialChars($typeusure);
            $submitter  = $myts->htmlSpecialChars($submitter);
            $town       = $myts->htmlSpecialChars($town);
            $country    = $myts->htmlSpecialChars($country);
            $contactby  = $myts->htmlSpecialChars($contactby);
            $premium    = $myts->htmlSpecialChars($premium);
            $useroffset = '';
            if ($GLOBALS['xoopsUser']) {
                $timezone   = $GLOBALS['xoopsUser']->timezone();
                $useroffset = (!empty($timezone)) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
            }
            $dates = ($useroffset * 3600) + $date;
            $dates = formatTimestamp($date, 's');

            echo "<form action=\"modify.php\" method=post enctype=\"multipart/form-data\">";
            echo $GLOBALS['xoopsSecurity']->getTokenHTML();
    echo "<table><tr class=\"head\" border=\"2\">
    <td class=\"head\">" . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
    </tr><tr>";

            if ($GLOBALS['xoopsModuleConfig']['adslight_diff_name'] == '1') {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" ></td>";
            } else {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
            }
            echo '</tr><tr>';

            if (1 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
            }
            if (2 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PM;
            }
            if (3 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
            }
            if (4 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
            }

            echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
    <option value=\"" . $contactby . "\">" . $contactselect . "</option>
    <option value=\"1\">" . _ADSLIGHT_CONTACT_BY_EMAIL . "</option>
    <option value=\"2\">" . _ADSLIGHT_CONTACT_BY_PM . "</option>
    <option value=\"3\">" . _ADSLIGHT_CONTACT_BY_BOTH . "</option>
    <option value=\"4\">" . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';

            if ($GLOBALS['xoopsModuleConfig']['adslight_diff_email'] == '1') {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" ></td>";
            } else {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" ></td>";
            }
            echo "</tr><tr>
    <td class=\"head\">" . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" ></td>
    </tr>";
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" ></td>
    </tr>";
            if ($GLOBALS['xoopsModuleConfig']['adslight_use_country'] == '1') {
                echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" ></td>
    </tr>";
            } else {
                echo "<input type=\"hidden\" name=\"country\" value=\"\">";
            }

            echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
            if ('0' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_ACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"1\"";
            if ('1' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_INACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"2\"";
            if ('2' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" ></td>
    </tr>";
            echo "<tr><td class=\"head\">"
                 . _ADSLIGHT_PRICE2
                 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" > "
                 . $GLOBALS['xoopsModuleConfig']['adslight_currency_symbol'];

            $result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
            echo " <select name=\"typeprice\">";
            while (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3)) {
                $sel = '';
                if ($id_price == $typeprice) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_price\" $sel>$nom_price</option>";
            }
            echo '</select></td></tr>';
            $module_id = $xoopsModule->getVar('mid');
            $groups    = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;

            /** @var XoopsGroupPermHandler $gpermHandler */
            $gpermHandler = xoops_getHandler('groupperm');
            $perm_itemid  = Request::getInt('item_id', 0, 'GET');

            //If no access
            if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire  " . _ADSLIGHT_DAY . '</td>
    </tr>';
                echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" >";
            } else {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" >  " . _ADSLIGHT_DAY . '</td>
    </tr>';
            }

            /// Type d'annonce
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE . " </td><td class=\"head\"><select name=\"type\">";

            $result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
            while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
                $sel = '';
                if ($id_type == $type) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_type\" $sel>$nom_type</option>";
            }
            echo '</select></td></tr>';

            /// Etat de l'objet
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE_USURE . " </td><td class=\"head\"><select name=\"typeusure\">";

            $result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
            while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
                $sel = '';
                if ($id_usure == $typeusure) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
            }
            echo '</select></td></tr>';

            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_CAT . " </td><td class=\"head\">";
            $mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
            echo "</td>
    </tr><tr>
    <td class=\"head\">" . _ADSLIGHT_DESC . " </td><td class=\"head\">";
            $wysiwyg_text_area = AdslightUtility::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
            echo $wysiwyg_text_area->render();
            echo "</td></tr>
    <td colspan=2><br><input type=\"submit\" value=\"" . _ADSLIGHT_MODIFANN . "\" ></td>
    </tr></table>";
            echo "<input type=\"hidden\" name=\"op\" value=\"ModAdS\" >";

            $module_id = $xoopsModule->getVar('mid');
            if (is_object($GLOBALS['xoopsUser'])) {
                $groups =& $GLOBALS['xoopsUser']->getGroups();
            } else {
                $groups = XOOPS_GROUP_ANONYMOUS;
            }
            /** @var XoopsGroupPermHandler $gpermHandler */
            $gpermHandler = xoops_getHandler('groupperm');
            $perm_itemid  = Request::getInt('item_id', 0, 'POST');
            //If no access
            if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                if ($GLOBALS['xoopsModuleConfig']['adslight_moderated'] == '1') {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"No\" >";
                    echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
                } else {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" >";
                }
            } else {
                echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" >";
            }
            echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" >";
            echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" >";
            echo "<input type=\"hidden\" name=\"date\" value=\"$date\" >
    " .$GLOBALS['xoopsSecurity']->getTokenHTML('token') . '';
            echo '</form><br></fieldset><br>';
        }
    }
}

/**
 * @param $lid
 * @param $cat
 * @param $title
 * @param $status
 * @param $expire
 * @param $type
 * @param $desctext
 * @param $tel
 * @param $price
 * @param $typeprice
 * @param $typeusure
 * @param $date
 * @param $email
 * @param $submitter
 * @param $town
 * @param $country
 * @param $contactby
 * @param $premium
 * @param $valid
 */
function modAdS($lid, $cat, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid)
{
    global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang;

    if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['token'])) {
        redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $GLOBALS['xoopsSecurity']->getErrors());
    }
    $title     = $myts->addSlashes($title);
    $status    = $myts->addSlashes($status);
    $expire    = $myts->addSlashes($expire);
    $type      = $myts->addSlashes($type);
    $desctext  = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
    $tel       = $myts->addSlashes($tel);
    $price     = str_replace(array(' '), '', $price);
    $typeprice = $myts->addSlashes($typeprice);
    $typeusure = $myts->addSlashes($typeusure);
    $submitter = $myts->addSlashes($submitter);
    $town      = $myts->addSlashes($town);
    $country   = $myts->addSlashes($country);
    $contactby = $myts->addSlashes($contactby);
    $premium   = $myts->addSlashes($premium);

    $xoopsDB->query('UPDATE '
                    . $xoopsDB->prefix('adslight_listing')
                    . " SET cid='$cat', title='$title', status='$status',  expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");

    redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
}

####################################################
foreach ($_POST as $k => $v) {
    ${$k} = $v;
}
$ok = Request::getString('ok', '', 'GET');

if (!Request::hasVar('lid', 'POST') && Request::hasVar('lid', 'GET')) {
    $lid = Request::getInt('lid', 0, 'GET');
}
if (!Request::hasVar('r_lid', 'POST') && Request::hasVar('r_lid', 'GET')) {
    $r_lid = Request::getInt('r_lid', '', 'GET');
}
if (!Request::hasVar('op', 'POST') && Request::hasVar('op', 'GET')) {
    $op = Request::getString('op', '', 'GET');
}
switch ($op) {

    case 'ModAd':
        include XOOPS_ROOT_PATH . '/header.php';
        modAd($lid);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'ModAdS':
        modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
        break;

    case 'ListingDel':
        include XOOPS_ROOT_PATH . '/header.php';
        listingDel($lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'DelReply':
        include XOOPS_ROOT_PATH . '/header.php';
        delReply($r_lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    default:
        redirect_header('index.php', 1, '' . _RETURNANN);
        break;
}


1		<?php
2		/*
3		-------------------------------------------------------------------------
4		ADSLIGHT 2 : Module for Xoops
5
6		Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
7		Started with the Classifieds module and made MANY changes
8		Website : http://www.luc-bizet.fr
9		Contact : [email protected]
10		-------------------------------------------------------------------------
11		Original credits below Version History
12		##########################################################################
13		# Classified Module for Xoops #
14		# By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com #
15		# Started with the MyAds module and made MANY changes #
16		##########################################################################
17		Original Author: Pascal Le Boustouller
18		Author Website : [email protected]
19		Licence Type : GPL
20		-------------------------------------------------------------------------
21		*/
22
23		use Xmf\Request;
24
25		require_once __DIR__ . '/header.php';
26		$moduleDirName = basename(__DIR__);
27		$main_lang = '_' . strtoupper($moduleDirName);
28		//require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-07-22 04:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this `38%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
29		$myts = MyTextSanitizer::getInstance();
30		$module_id = $xoopsModule->getVar('mid');
31
32		$groups = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
33		/** @var XoopsGroupPermHandler $gpermHandler */
34		$gpermHandler = xoops_getHandler('groupperm');
35		$perm_itemid = Request::getInt('item_id', 0, 'POST');
36
37		//If no access
38	View Code Duplication	if (!$gpermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
39		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
40		}
41
42		/**
43		* @param $lid
44		* @param $ok
45		*/
46		function listingDel($lid, $ok)
47		{
48		global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
49
50		$result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
51		list($usid) = $xoopsDB->fetchRow($result);
52
53		$result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
54
55		if ($GLOBALS['xoopsUser']) {
56		$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
57		if ($usid == $currentid) {
58		if ($ok == 1) {
59		while (list($purl) = $xoopsDB->fetchRow($result1)) {
60		if ($purl) {
61		$destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
62		if (file_exists("$destination/$purl")) {
63		unlink("$destination/$purl");
64		}
65		$destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
66		if (file_exists("$destination2/thumb_$purl")) {
67		unlink("$destination2/thumb_$purl");
68		}
69		$destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
70		if (file_exists("$destination3/resized_$purl")) {
71		unlink("$destination3/resized_$purl");
72		}
73
74		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
75		}
76		}
77		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
78		redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
79		} else {
80		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
81		echo '<br><div style="text-align:center">';
82		echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
83		}
84		echo "[ <a href=\"modify.php?op=ListingDel&lid=" . $lid . "&ok=1\">" . _ADSLIGHT_OUI . "</a> \| <a href=\"index.php\">" . _ADSLIGHT_NON . '</a> ]<br><br>';
85		echo '</td></tr></table>';
86		}
87		}
88		}
89
90		/**
91		* @param $r_lid
92		* @param $ok
93		*/
94		function delReply($r_lid, $ok)
95		{
96		global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
97
98		$result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM '
99		. $xoopsDB->prefix('adslight_listing')
100		. ' l LEFT JOIN '
101		. $xoopsDB->prefix('adslight_replies')
102		. ' r ON l.lid=r.lid WHERE r.r_lid='
103		. $xoopsDB->escape($r_lid));
104		list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);
105
106		if ($GLOBALS['xoopsUser']) {
107		$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
108		if ($usid == $currentid) {
109		if ($ok == 1) {
110		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid));
111		redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
112		} else {
113		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
114		echo '<br><div style="text-align:center">';
115		echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
116		}
117		echo "[ <a href=\"modify.php?op=DelReply&r_lid="
118		. addslashes($r_lid)
119		. "&ok=1\">"
120		. _ADSLIGHT_OUI
121		. "</a> \| <a href=\"members.php?usid="
122		. addslashes($usid)
123		. "\">"
124		. _ADSLIGHT_NON
125		. '</a> ]<br><br>';
126		echo '</td></tr></table>';
127		}
128		}
129		}
130
131		/**
132		* @param $lid
133		*/
134		function modAd($lid)
135		{
136		global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;
137		$contactselect = '';
138		require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
139		require_once XOOPS_ROOT_PATH . '/modules/adslight/class/utility.php';
140		echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";
141
142		require_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
143		$mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
144
145		$result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM '
146		. $xoopsDB->prefix('adslight_listing')
147		. ' WHERE lid='
148		. $xoopsDB->escape($lid));
149		list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);
150
151		$categories = AdslightUtility::getMyItemIds('adslight_submit');
152	View Code Duplication	if (is_array($categories) && count($categories) > 0) {
153		if (!in_array($cide, $categories)) {
154		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
155		}
156		} else { // User can't see any category
157		redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
158		}
159
160		if ($GLOBALS['xoopsUser']) {
161		$calusern = $GLOBALS['xoopsUser']->uid();
162		if ($usid == $calusern) {
163		echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
164		$title = $myts->htmlSpecialChars($title);
165		$status = $myts->htmlSpecialChars($status);
166		$expire = $myts->htmlSpecialChars($expire);
167		$type = $myts->htmlSpecialChars($type);
168		$desctext = $myts->displayTarea($desctext, 1);
169		$tel = $myts->htmlSpecialChars($tel);
170
171		// $price = number_format($price, 2, ',', ' ');
172
173		xoops_load('XoopsLocal');
174		$tempXoopsLocal = new XoopsLocal;
175		// For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
176		$price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
177		// For other countries uncomment the below line and comment out the above line
178		// $price = $tempXoopsLocal->number_format($price);
179
180		$typeprice = $myts->htmlSpecialChars($typeprice);
181		$typeusure = $myts->htmlSpecialChars($typeusure);
182		$submitter = $myts->htmlSpecialChars($submitter);
183		$town = $myts->htmlSpecialChars($town);
184		$country = $myts->htmlSpecialChars($country);
185		$contactby = $myts->htmlSpecialChars($contactby);
186		$premium = $myts->htmlSpecialChars($premium);
187		$useroffset = '';
188	View Code Duplication	if ($GLOBALS['xoopsUser']) {
189		$timezone = $GLOBALS['xoopsUser']->timezone();
190		$useroffset = (!empty($timezone)) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
191		}
192		$dates = ($useroffset * 3600) + $date;
193		$dates = formatTimestamp($date, 's');
194
195		echo "<form action=\"modify.php\" method=post enctype=\"multipart/form-data\">";
196		echo $GLOBALS['xoopsSecurity']->getTokenHTML();
197		echo "<table><tr class=\"head\" border=\"2\">
198		<td class=\"head\">" . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
199		</tr><tr>";
200
201		if ($GLOBALS['xoopsModuleConfig']['adslight_diff_name'] == '1') {
202		echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" ></td>";
203		} else {
204		echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
205		}
206		echo '</tr><tr>';
207
208		if (1 == $contactby) {
209		$contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
210		}
211		if (2 == $contactby) {
212		$contactselect = _ADSLIGHT_CONTACT_BY_PM;
213		}
214		if (3 == $contactby) {
215		$contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
216		}
217		if (4 == $contactby) {
218		$contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
219		}
220
221		echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
222		<option value=\"" . $contactby . "\">" . $contactselect . "</option>
223		<option value=\"1\">" . _ADSLIGHT_CONTACT_BY_EMAIL . "</option>
224		<option value=\"2\">" . _ADSLIGHT_CONTACT_BY_PM . "</option>
225		<option value=\"3\">" . _ADSLIGHT_CONTACT_BY_BOTH . "</option>
226		<option value=\"4\">" . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';
227
228		if ($GLOBALS['xoopsModuleConfig']['adslight_diff_email'] == '1') {
229		echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" ></td>";
230		} else {
231		echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" ></td>";
232		}
233		echo "</tr><tr>
234		<td class=\"head\">" . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" ></td>
235		</tr>";
236		echo "<tr>
237		<td class=\"head\">" . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" ></td>
238		</tr>";
239		if ($GLOBALS['xoopsModuleConfig']['adslight_use_country'] == '1') {
240		echo "<tr>
241		<td class=\"head\">" . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" ></td>
242		</tr>";
243		} else {
244		echo "<input type=\"hidden\" name=\"country\" value=\"\">";
245		}
246
247		echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
248		if ('0' == $status) {
249		echo 'checked';
250		}
251		echo '>' . _ADSLIGHT_ACTIVE . "   <input type=\"radio\" name=\"status\" value=\"1\"";
252		if ('1' == $status) {
253		echo 'checked';
254		}
255		echo '>' . _ADSLIGHT_INACTIVE . "   <input type=\"radio\" name=\"status\" value=\"2\"";
256		if ('2' == $status) {
257		echo 'checked';
258		}
259		echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
260		echo "<tr>
261		<td class=\"head\">" . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" ></td>
262		</tr>";
263		echo "<tr><td class=\"head\">"
264		. _ADSLIGHT_PRICE2
265		. " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" > "
266		. $GLOBALS['xoopsModuleConfig']['adslight_currency_symbol'];
267
268		$result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
269		echo " <select name=\"typeprice\">";
270		while (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3)) {
271		$sel = '';
272		if ($id_price == $typeprice) {
273		$sel = 'selected';
274		}
275		echo "<option value=\"$id_price\" $sel>$nom_price</option>";
276		}
277		echo '</select></td></tr>';
278		$module_id = $xoopsModule->getVar('mid');
279		$groups = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
280
281		/** @var XoopsGroupPermHandler $gpermHandler */
282		$gpermHandler = xoops_getHandler('groupperm');
283		$perm_itemid = Request::getInt('item_id', 0, 'GET');
284
285		//If no access
286		if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
287		echo "<tr>
288		<td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire " . _ADSLIGHT_DAY . '</td>
289		</tr>';
290		echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" >";
291		} else {
292		echo "<tr>
293		<td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" > " . _ADSLIGHT_DAY . '</td>
294		</tr>';
295		}
296
297		/// Type d'annonce
298		echo "<tr>
299		<td class=\"head\">" . _ADSLIGHT_TYPE . " </td><td class=\"head\"><select name=\"type\">";
300
301		$result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
302		while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
303		$sel = '';
304		if ($id_type == $type) {
305		$sel = 'selected';
306		}
307		echo "<option value=\"$id_type\" $sel>$nom_type</option>";
308		}
309		echo '</select></td></tr>';
310
311		/// Etat de l'objet
312		echo "<tr>
313		<td class=\"head\">" . _ADSLIGHT_TYPE_USURE . " </td><td class=\"head\"><select name=\"typeusure\">";
314
315		$result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
316		while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
317		$sel = '';
318		if ($id_usure == $typeusure) {
319		$sel = 'selected';
320		}
321		echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
322		}
323		echo '</select></td></tr>';
324
325		echo "<tr>
326		<td class=\"head\">" . _ADSLIGHT_CAT . " </td><td class=\"head\">";
327		$mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
328		echo "</td>
329		</tr><tr>
330		<td class=\"head\">" . _ADSLIGHT_DESC . " </td><td class=\"head\">";
331		$wysiwyg_text_area = AdslightUtility::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
332		echo $wysiwyg_text_area->render();
333		echo "</td></tr>
334		<td colspan=2><br><input type=\"submit\" value=\"" . _ADSLIGHT_MODIFANN . "\" ></td>
335		</tr></table>";
336		echo "<input type=\"hidden\" name=\"op\" value=\"ModAdS\" >";
337
338		$module_id = $xoopsModule->getVar('mid');
339	View Code Duplication	if (is_object($GLOBALS['xoopsUser'])) {
340		$groups =& $GLOBALS['xoopsUser']->getGroups();
341		} else {
342		$groups = XOOPS_GROUP_ANONYMOUS;
343		}
344		/** @var XoopsGroupPermHandler $gpermHandler */
345		$gpermHandler = xoops_getHandler('groupperm');
346		$perm_itemid = Request::getInt('item_id', 0, 'POST');
347		//If no access
348		if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
349		if ($GLOBALS['xoopsModuleConfig']['adslight_moderated'] == '1') {
350		echo "<input type=\"hidden\" name=\"valid\" value=\"No\" >";
351		echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
352		} else {
353		echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" >";
354		}
355		} else {
356		echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" >";
357		}
358		echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" >";
359		echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" >";
360		echo "<input type=\"hidden\" name=\"date\" value=\"$date\" >
361		" .$GLOBALS['xoopsSecurity']->getTokenHTML('token') . '';
362		echo '</form><br></fieldset><br>';
363		}
364		}
365		}
366
367		/**
368		* @param $lid
369		* @param $cat
370		* @param $title
371		* @param $status
372		* @param $expire
373		* @param $type
374		* @param $desctext
375		* @param $tel
376		* @param $price
377		* @param $typeprice
378		* @param $typeusure
379		* @param $date
380		* @param $email
381		* @param $submitter
382		* @param $town
383		* @param $country
384		* @param $contactby
385		* @param $premium
386		* @param $valid
387		*/
388		function modAdS($lid, $cat, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid)
389		{
390		global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang;
391
392	View Code Duplication	if (!$GLOBALS['xoopsSecurity']->check(true, $_REQUEST['token'])) {
393		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $GLOBALS['xoopsSecurity']->getErrors());
394		}
395		$title = $myts->addSlashes($title);
396		$status = $myts->addSlashes($status);
397		$expire = $myts->addSlashes($expire);
398		$type = $myts->addSlashes($type);
399		$desctext = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
400		$tel = $myts->addSlashes($tel);
401		$price = str_replace(array(' '), '', $price);
402		$typeprice = $myts->addSlashes($typeprice);
403		$typeusure = $myts->addSlashes($typeusure);
404		$submitter = $myts->addSlashes($submitter);
405		$town = $myts->addSlashes($town);
406		$country = $myts->addSlashes($country);
407		$contactby = $myts->addSlashes($contactby);
408		$premium = $myts->addSlashes($premium);
409
410		$xoopsDB->query('UPDATE '
411		. $xoopsDB->prefix('adslight_listing')
412		. " SET cid='$cat', title='$title', status='$status', expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");
413
414		redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
415		}
416
417		####################################################
418		foreach ($_POST as $k => $v) {
419		${$k} = $v;
420		}
421		$ok = Request::getString('ok', '', 'GET');
422
423	View Code Duplication	if (!Request::hasVar('lid', 'POST') && Request::hasVar('lid', 'GET')) {
424		$lid = Request::getInt('lid', 0, 'GET');
425		}
426	View Code Duplication	if (!Request::hasVar('r_lid', 'POST') && Request::hasVar('r_lid', 'GET')) {
427		$r_lid = Request::getInt('r_lid', '', 'GET');
428		}
429	View Code Duplication	if (!Request::hasVar('op', 'POST') && Request::hasVar('op', 'GET')) {
430		$op = Request::getString('op', '', 'GET');
431		}
432		switch ($op) {
433
434		case 'ModAd':
435		include XOOPS_ROOT_PATH . '/header.php';
436		modAd($lid);
437		include XOOPS_ROOT_PATH . '/footer.php';
438		break;
439
440		case 'ModAdS':
441		modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
442		break;
443
444		case 'ListingDel':
445		include XOOPS_ROOT_PATH . '/header.php';
446		listingDel($lid, $ok);
447		include XOOPS_ROOT_PATH . '/footer.php';
448		break;
449
450		case 'DelReply':
451		include XOOPS_ROOT_PATH . '/header.php';
452		delReply($r_lid, $ok);
453		include XOOPS_ROOT_PATH . '/footer.php';
454		break;
455
456		default:
457		redirect_header('index.php', 1, '' . _RETURNANN);
458		break;
459		}
460

mambax7 / adslight

Push — master ( deac0a...054aa6 )

modify.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like