Issues in modify.php - New Issues - Inspection of "XOOPS 2.5.8, PHP7" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Completed
Push — master ( 0424ea...923121 )

by Michael
created 2016-04-29 08:04 UTC
modify.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
<?php

/*
-------------------------------------------------------------------------
                     ADSLIGHT 2 : Module for Xoops

        Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
        Started with the Classifieds module and made MANY changes
        Website : http://www.luc-bizet.fr
        Contact : [email protected]
-------------------------------------------------------------------------
             Original credits below Version History
##########################################################################
#                    Classified Module for Xoops                         #
#  By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com         #
#      Started with the MyAds module and made MANY changes               #
##########################################################################
 Original Author: Pascal Le Boustouller
 Author Website : [email protected]
 Licence Type   : GPL
-------------------------------------------------------------------------
*/

include_once __DIR__ . '/header.php';
$moduleDirName = basename(__DIR__);
$main_lang     = '_' . strtoupper($moduleDirName);
require_once(XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php');
$myts      = MyTextSanitizer::getInstance();
$module_id = $xoopsModule->getVar('mid');

if (is_object($xoopsUser)) {
    $groups = $xoopsUser->getGroups();
} else {
    $groups = XOOPS_GROUP_ANONYMOUS;
}
$gperm_handler = xoops_getHandler('groupperm');
if (isset($_POST['item_id'])) {
    $perm_itemid = (int)$_POST['item_id'];
} else {
    $perm_itemid = 0;
}
//If no access
if (!$gperm_handler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {

    redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
}

/**
 * @param $lid
 * @param $ok
 */
function ListingDel($lid, $ok)
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
{
    global $xoopsDB, $xoopsUser, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('select usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' where lid=' . $xoopsDB->escape($lid) . '');
    list($usid) = $xoopsDB->fetchRow($result);

    $result1 = $xoopsDB->query('select url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' where lid=' . $xoopsDB->escape($lid) . '');

    if ($xoopsUser) {
        $currentid = $xoopsUser->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                while (list($purl) = $xoopsDB->fetchRow($result1)) {
                    if ($purl) {
                        $destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
                        if (file_exists("$destination/$purl")) {
                            unlink("$destination/$purl");
                        }
                        $destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
                        if (file_exists("$destination2/thumb_$purl")) {
                            unlink("$destination2/thumb_$purl");
                        }
                        $destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
                        if (file_exists("$destination3/resized_$purl")) {
                            unlink("$destination3/resized_$purl");
                        }

                        $xoopsDB->queryF('delete from ' . $xoopsDB->prefix('adslight_pictures') . ' where lid=' . $xoopsDB->escape($lid) . '');
                    }
                }
                $xoopsDB->queryF('delete from ' . $xoopsDB->prefix('adslight_listing') . ' where lid=' . $xoopsDB->escape($lid) . '');
                redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><center>';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong><br><br>';
            }
            echo "[ <a href=\"modify.php?op=ListingDel&amp;lid=" . $lid . "&amp;ok=1\">" . _ADSLIGHT_OUI . "</a> | <a href=\"index.php\">" . _ADSLIGHT_NON . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $r_lid
 * @param $ok
 */
function DelReply($r_lid, $ok)
{
    global $xoopsDB, $xoopsUser, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('select l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM ' .
                              $xoopsDB->prefix('adslight_listing') .
                              ' l LEFT JOIN ' .
                              $xoopsDB->prefix('adslight_replies') .
                              ' r ON l.lid=r.lid  where r.r_lid=' .
                              $xoopsDB->escape($r_lid) .
                              '');
    list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);

    if ($xoopsUser) {
        $currentid = $xoopsUser->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                $xoopsDB->queryF('delete from ' . $xoopsDB->prefix('adslight_replies') . ' where r_lid=' . $xoopsDB->escape($r_lid) . '');
                redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><center>';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong><br><br>';
            }
            echo "[ <a href=\"modify.php?op=DelReply&amp;r_lid=" .
                 addslashes($r_lid) .
                 "&amp;ok=1\">" .
                 _ADSLIGHT_OUI .
                 "</a> | <a href=\"members.php?usid=" .
                 addslashes($usid) .
                 "\">" .
                 _ADSLIGHT_NON .
                 '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $lid
 */
function ModAd($lid)
{
    global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsModuleConfig, $xoopsUser, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;

    include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
    include_once XOOPS_ROOT_PATH . '/modules/adslight/include/functions.php';
    echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";

    include_once(XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php');
    $mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');

    $result = $xoopsDB->query('select lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid from ' .
                              $xoopsDB->prefix('adslight_listing') .
                              ' where lid=' .
                              $xoopsDB->escape($lid) .
                              '');
    list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) =
        $xoopsDB->fetchRow($result);

    $categories = adslight_MygetItemIds('adslight_submit');
    if (is_array($categories) && count($categories) > 0) {
        if (!in_array($cide, $categories)) {
            redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
        }
    } else {    // User can't see any category
        redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
    }

    if ($xoopsUser) {
        $calusern = $xoopsUser->uid();
        if ($usid == $calusern) {
            echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
            $title      = $myts->htmlSpecialChars($title);
            $status     = $myts->htmlSpecialChars($status);
            $expire     = $myts->htmlSpecialChars($expire);
            $type       = $myts->htmlSpecialChars($type);
            $desctext   = $myts->displayTarea($desctext, 1);
            $tel        = $myts->htmlSpecialChars($tel);
            $price      = number_format($price, 2, ',', ' ');
            $typeprice  = $myts->htmlSpecialChars($typeprice);
            $typeusure  = $myts->htmlSpecialChars($typeusure);
            $submitter  = $myts->htmlSpecialChars($submitter);
            $town       = $myts->htmlSpecialChars($town);
            $country    = $myts->htmlSpecialChars($country);
            $contactby  = $myts->htmlSpecialChars($contactby);
            $premium    = $myts->htmlSpecialChars($premium);
            $useroffset = '';
            if ($xoopsUser) {
                $timezone = $xoopsUser->timezone();
                if (isset($timezone)) {
                    $useroffset = $xoopsUser->timezone();
                } else {
                    $useroffset = $xoopsConfig['default_TZ'];
                }
            }
            $dates = ($useroffset * 3600) + $date;
            $dates = formatTimestamp($date, 's');

            echo "<form action=\"modify.php\" method=post enctype=\"multipart/form-data\">
    <table><tr class=\"head\" border=\"2\">
    <td class=\"head\">" . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
    </tr><tr>";

            if ($xoopsModuleConfig['adslight_diff_name'] == '1') {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" /></td>";
            } else {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
            }
            echo '</tr><tr>';

            if ($contactby == 1) {
                $contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
            }
            if ($contactby == 2) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PM;
            }
            if ($contactby == 3) {
                $contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
            }
            if ($contactby == 4) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
            }

            echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
    <option value=\"" . $contactby . "\">" . $contactselect . "</option>
    <option value=\"1\">" . _ADSLIGHT_CONTACT_BY_EMAIL . "</option>
    <option value=\"2\">" . _ADSLIGHT_CONTACT_BY_PM . "</option>
    <option value=\"3\">" . _ADSLIGHT_CONTACT_BY_BOTH . "</option>
    <option value=\"4\">" . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';

            if ($xoopsModuleConfig['adslight_diff_email'] == '1') {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" /></td>";
            } else {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" /></td>";
            }
            echo "</tr><tr>
    <td class=\"head\">" . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" /></td>
    </tr>";
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" /></td>
    </tr>";
            if ($xoopsModuleConfig['adslight_use_country'] == '1') {
                echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" /></td>
    </tr>";
            } else {
                echo "<input type=\"hidden\" name=\"country\" value=\"\">";
            }

            echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
            if ($status == '0') {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_ACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"1\"";
            if ($status == '1') {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_INACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"2\"";
            if ($status == '2') {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" /></td>
    </tr>";
            echo "<tr><td class=\"head\">" . _ADSLIGHT_PRICE2 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" /> " . $xoopsModuleConfig['adslight_money'];

            $result3 = $xoopsDB->query('select nom_price, id_price from ' . $xoopsDB->prefix('adslight_price') . ' order by id_price');
            echo " <select name=\"typeprice\">";
            while (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3)) {
                $sel = '';
                if ($id_price == $typeprice) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_price\" $sel>$nom_price</option>";
            }
            echo '</select></td></tr>';
            $module_id = $xoopsModule->getVar('mid');
            if (is_object($xoopsUser)) {
                $groups = $xoopsUser->getGroups();
            } else {
                $groups = XOOPS_GROUP_ANONYMOUS;
            }
            $gperm_handler = xoops_getHandler('groupperm');
            if (isset($_POST['item_id'])) {
                $perm_itemid = (int)$_POST['item_id'];
            } else {
                $perm_itemid = 0;
            }
            //If no access
            if (!$gperm_handler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire  " . _ADSLIGHT_DAY . '</td>
    </tr>';
                echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" />";
            } else {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" />  " . _ADSLIGHT_DAY . '</td>
    </tr>';
            }

            /// Type d'annonce
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE . " </td><td class=\"head\"><select name=\"type\">";

            $result5 = $xoopsDB->query('select nom_type, id_type from ' . $xoopsDB->prefix('adslight_type') . ' order by nom_type');
            while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
                $sel = '';
                if ($id_type == $type) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_type\" $sel>$nom_type</option>";
            }
            echo '</select></td></tr>';

            /// Etat de l'objet
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE_USURE . " </td><td class=\"head\"><select name=\"typeusure\">";

            $result6 = $xoopsDB->query('select nom_usure, id_usure from ' . $xoopsDB->prefix('adslight_usure') . ' order by nom_usure');
            while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
                $sel = '';
                if ($id_usure == $typeusure) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
            }
            echo '</select></td></tr>';

            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_CAT . " </td><td class=\"head\">";
            $mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
            echo "</td>
    </tr><tr>
    <td class=\"head\">" . _ADSLIGHT_DESC . " </td><td class=\"head\">";
            $wysiwyg_text_area = adslight_getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
            echo $wysiwyg_text_area->render();
            echo "</td></tr>
    <td colspan=2><br><input type=\"submit\" value=\"" . _ADSLIGHT_MODIFANN . "\" /></td>
    </tr></table>";
            echo "<input type=\"hidden\" name=\"op\" value=\"ModAdS\" />";

            $module_id = $xoopsModule->getVar('mid');
            if (is_object($xoopsUser)) {
                $groups = $xoopsUser->getGroups();
            } else {
                $groups = XOOPS_GROUP_ANONYMOUS;
            }
            $gperm_handler = xoops_getHandler('groupperm');
            if (isset($_POST['item_id'])) {
                $perm_itemid = (int)$_POST['item_id'];
            } else {
                $perm_itemid = 0;
            }
            //If no access
            if (!$gperm_handler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                if ($xoopsModuleConfig['adslight_moderated'] == '1') {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"No\" />";
                    echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
                } else {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
                }
            } else {
                echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
            }
            echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" />";
            echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" />";
            echo "<input type=\"hidden\" name=\"date\" value=\"$date\" />
    " . $GLOBALS['xoopsGTicket']->getTicketHtml(__LINE__, 1800, 'token') . '';
            echo '</form><br></fieldset><br>';
        }
    }
}

/**
 * @param $lid
 * @param $cat
 * @param $title
 * @param $status
 * @param $expire
 * @param $type
 * @param $desctext
 * @param $tel
 * @param $price
 * @param $typeprice
 * @param $typeusure
 * @param $date
 * @param $email
 * @param $submitter
 * @param $town
 * @param $country
 * @param $contactby
 * @param $premium
 * @param $valid
 */
function ModAdS($lid, $cat, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid)
{
    global $xoopsDB, $xoopsConfig, $xoopsModuleConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang, $xoopsGTicket;

    if (!$xoopsGTicket->check(true, 'token')) {
        redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $xoopsGTicket->getErrors());
    }
    $title     = $myts->addSlashes($title);
    $status    = $myts->addSlashes($status);
    $expire    = $myts->addSlashes($expire);
    $type      = $myts->addSlashes($type);
    $desctext  = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
    $tel       = $myts->addSlashes($tel);
    $price     = str_replace(array(' '), '', $price);
    $typeprice = $myts->addSlashes($typeprice);
    $typeusure = $myts->addSlashes($typeusure);
    $submitter = $myts->addSlashes($submitter);
    $town      = $myts->addSlashes($town);
    $country   = $myts->addSlashes($country);
    $contactby = $myts->addSlashes($contactby);
    $premium   = $myts->addSlashes($premium);

    $xoopsDB->query('update ' .
                    $xoopsDB->prefix('adslight_listing') .
                    " set cid='$cat', title='$title', status='$status',  expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' where lid=$lid");

    redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
}

####################################################
foreach ($_POST as $k => $v) {
    ${$k} = $v;
}
$ok = isset($_GET['ok']) ? $_GET['ok'] : '';

if (!isset($_POST['lid']) && isset($_GET['lid'])) {
    $lid = $_GET['lid'];
}
if (!isset($_POST['r_lid']) && isset($_GET['r_lid'])) {
    $r_lid = $_GET['r_lid'];
}
if (!isset($_POST['op']) && isset($_GET['op'])) {
    $op = $_GET['op'];
}
switch ($op) {

    case 'ModAd':
        include(XOOPS_ROOT_PATH . '/header.php');
        ModAd($lid);
        include(XOOPS_ROOT_PATH . '/footer.php');
        break;

    case 'ModAdS':
        ModAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
        break;

    case 'ListingDel':
        include(XOOPS_ROOT_PATH . '/header.php');
        ListingDel($lid, $ok);
        include(XOOPS_ROOT_PATH . '/footer.php');
        break;

    case 'DelReply':
        include(XOOPS_ROOT_PATH . '/header.php');
        DelReply($r_lid, $ok);
        include(XOOPS_ROOT_PATH . '/footer.php');
        break;

    default:
        redirect_header('index.php', 1, '' . _RETURNANN . '');
        break;
}

mambax7 / adslight

Push — master ( 0424ea...923121 )

modify.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like
