Issues in modify.php - Fixed Issues - Inspection of "$GLOBALS" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (71f789)

by Michael

created 2016-09-30 20:18 UTC

modify.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
-------------------------------------------------------------------------
                     ADSLIGHT 2 : Module for Xoops

        Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
        Started with the Classifieds module and made MANY changes
        Website : http://www.luc-bizet.fr
        Contact : [email protected]
-------------------------------------------------------------------------
             Original credits below Version History
##########################################################################
#                    Classified Module for Xoops                         #
#  By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com         #
#      Started with the MyAds module and made MANY changes               #
##########################################################################
 Original Author: Pascal Le Boustouller
 Author Website : [email protected]
 Licence Type   : GPL
-------------------------------------------------------------------------
*/

include_once __DIR__ . '/header.php';
$moduleDirName = basename(__DIR__);
$main_lang     = '_' . strtoupper($moduleDirName);
require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
$myts      = MyTextSanitizer::getInstance();
$module_id = $xoopsModule->getVar('mid');

$groups        = ($xoopsUser instanceof XoopsUser) ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS;
$gperm_handler = xoops_getHandler('groupperm');
$perm_itemid   = XoopsRequest::getInt('item_id', 0, 'POST');

//If no access
if (!$gperm_handler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {

    redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
}

/**
 * @param $lid
 * @param $ok
 */
function listingDel($lid, $ok)
{
    global $xoopsDB, $xoopsUser, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid) . '');
    list($usid) = $xoopsDB->fetchRow($result);

    $result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid) . '');

    if ($xoopsUser) {
        $currentid = $xoopsUser->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                while (list($purl) = $xoopsDB->fetchRow($result1)) {
                    if ($purl) {
                        $destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
                        if (file_exists("$destination/$purl")) {
                            unlink("$destination/$purl");
                        }
                        $destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
                        if (file_exists("$destination2/thumb_$purl")) {
                            unlink("$destination2/thumb_$purl");
                        }
                        $destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
                        if (file_exists("$destination3/resized_$purl")) {
                            unlink("$destination3/resized_$purl");
                        }

                        $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid) . '');
                    }
                }
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid) . '');
                redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo "[ <a href=\"modify.php?op=ListingDel&amp;lid=" . $lid . "&amp;ok=1\">" . _ADSLIGHT_OUI . "</a> | <a href=\"index.php\">" . _ADSLIGHT_NON . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $r_lid
 * @param $ok
 */
function delReply($r_lid, $ok)
{
    global $xoopsDB, $xoopsUser, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
function myFunction($a, $b) {
    // Do something
}

    $result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . ' l LEFT JOIN '
                              . $xoopsDB->prefix('adslight_replies')
                              . ' r ON l.lid=r.lid  WHERE r.r_lid='
                              . $xoopsDB->escape($r_lid)
                              . '');
    list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);

    if ($xoopsUser) {
        $currentid = $xoopsUser->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid) . '');
                redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo "[ <a href=\"modify.php?op=DelReply&amp;r_lid="
                 . addslashes($r_lid)
                 . "&amp;ok=1\">"
                 . _ADSLIGHT_OUI
                 . "</a> | <a href=\"members.php?usid="
                 . addslashes($usid)
                 . "\">"
                 . _ADSLIGHT_NON
                 . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $lid
 */
function modAd($lid)
{
    global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsModuleConfig, $xoopsUser, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;

    include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
    include_once XOOPS_ROOT_PATH . '/modules/adslight/class/utilities.php';
    echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";

    include_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
    $mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');

    $result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . ' WHERE lid='
                              . $xoopsDB->escape($lid)
                              . '');
    list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);

    $categories = AdslightUtilities::getMyItemIds('adslight_submit');
    if (is_array($categories) && count($categories) > 0) {
        if (!in_array($cide, $categories)) {
            redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
        }
    } else {    // User can't see any category
        redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
    }

    if ($xoopsUser) {
        $calusern = $xoopsUser->uid();
        if ($usid == $calusern) {
            echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
            $title      = $myts->htmlSpecialChars($title);
            $status     = $myts->htmlSpecialChars($status);
            $expire     = $myts->htmlSpecialChars($expire);
            $type       = $myts->htmlSpecialChars($type);
            $desctext   = $myts->displayTarea($desctext, 1);
            $tel        = $myts->htmlSpecialChars($tel);
            $price      = number_format($price, 2, ',', ' ');
            $typeprice  = $myts->htmlSpecialChars($typeprice);
            $typeusure  = $myts->htmlSpecialChars($typeusure);
            $submitter  = $myts->htmlSpecialChars($submitter);
            $town       = $myts->htmlSpecialChars($town);
            $country    = $myts->htmlSpecialChars($country);
            $contactby  = $myts->htmlSpecialChars($contactby);
            $premium    = $myts->htmlSpecialChars($premium);
            $useroffset = '';
            if ($xoopsUser) {
                $timezone   = $xoopsUser->timezone();
                $useroffset = (!empty($timezone)) ? $xoopsUser->timezone() : $xoopsConfig['default_TZ'];
            }
            $dates = ($useroffset * 3600) + $date;
            $dates = formatTimestamp($date, 's');

            echo "<form action=\"modify.php\" method=post enctype=\"multipart/form-data\">
    <table><tr class=\"head\" border=\"2\">
    <td class=\"head\">" . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
    </tr><tr>";

            if ($xoopsModuleConfig['adslight_diff_name'] == '1') {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" /></td>";
            } else {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
            }
            echo '</tr><tr>';

            if (1 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
            }
            if (2 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PM;
            }
            if (3 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
            }
            if (4 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
            }

            echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
    <option value=\"" . $contactby . "\">" . $contactselect . "</option>
    <option value=\"1\">" . _ADSLIGHT_CONTACT_BY_EMAIL . "</option>
    <option value=\"2\">" . _ADSLIGHT_CONTACT_BY_PM . "</option>
    <option value=\"3\">" . _ADSLIGHT_CONTACT_BY_BOTH . "</option>
    <option value=\"4\">" . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';

            if ($xoopsModuleConfig['adslight_diff_email'] == '1') {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" /></td>";
            } else {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" /></td>";
            }
            echo "</tr><tr>
    <td class=\"head\">" . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" /></td>
    </tr>";
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" /></td>
    </tr>";
            if ($xoopsModuleConfig['adslight_use_country'] == '1') {
                echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" /></td>
    </tr>";
            } else {
                echo "<input type=\"hidden\" name=\"country\" value=\"\">";
            }

            echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
            if ('0' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_ACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"1\"";
            if ('1' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_INACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"2\"";
            if ('2' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" /></td>
    </tr>";
            echo "<tr><td class=\"head\">" . _ADSLIGHT_PRICE2 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" /> " . $xoopsModuleConfig['adslight_money'];

            $result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
            echo " <select name=\"typeprice\">";
            while (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3)) {
                $sel = '';
                if ($id_price == $typeprice) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_price\" $sel>$nom_price</option>";
            }
            echo '</select></td></tr>';
            $module_id = $xoopsModule->getVar('mid');
            $groups    = ($xoopsUser instanceof XoopsUser) ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS;

            $gperm_handler = xoops_getHandler('groupperm');
            $perm_itemid   = XoopsRequest::getInt('item_id', 0, 'GET');

            //If no access
            if (!$gperm_handler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire  " . _ADSLIGHT_DAY . '</td>
    </tr>';
                echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" />";
            } else {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" />  " . _ADSLIGHT_DAY . '</td>
    </tr>';
            }

            /// Type d'annonce
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE . " </td><td class=\"head\"><select name=\"type\">";

            $result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
            while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
                $sel = '';
                if ($id_type == $type) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_type\" $sel>$nom_type</option>";
            }
            echo '</select></td></tr>';

            /// Etat de l'objet
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE_USURE . " </td><td class=\"head\"><select name=\"typeusure\">";

            $result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
            while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
                $sel = '';
                if ($id_usure == $typeusure) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
            }
            echo '</select></td></tr>';

            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_CAT . " </td><td class=\"head\">";
            $mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
            echo "</td>
    </tr><tr>
    <td class=\"head\">" . _ADSLIGHT_DESC . " </td><td class=\"head\">";
            $wysiwyg_text_area = AdslightUtilities::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
            echo $wysiwyg_text_area->render();
            echo "</td></tr>
    <td colspan=2><br><input type=\"submit\" value=\"" . _ADSLIGHT_MODIFANN . "\" /></td>
    </tr></table>";
            echo "<input type=\"hidden\" name=\"op\" value=\"ModAdS\" />";

            $module_id = $xoopsModule->getVar('mid');
            if (is_object($xoopsUser)) {
                $groups =& $xoopsUser->getGroups();
            } else {
                $groups = XOOPS_GROUP_ANONYMOUS;
            }
            $gperm_handler = xoops_getHandler('groupperm');
            if (isset($_POST['item_id'])) {
                $perm_itemid = (int)$_POST['item_id'];
            } else {
                $perm_itemid = 0;
            }
            //If no access
            if (!$gperm_handler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                if ($xoopsModuleConfig['adslight_moderated'] == '1') {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"No\" />";
                    echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
                } else {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
                }
            } else {
                echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
            }
            echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" />";
            echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" />";
            echo "<input type=\"hidden\" name=\"date\" value=\"$date\" />
    " . $GLOBALS['xoopsGTicket']->getTicketHtml(__LINE__, 1800, 'token') . '';
            echo '</form><br></fieldset><br>';
        }
    }
}

/**
 * @param $lid
 * @param $cat
 * @param $title
 * @param $status
 * @param $expire
 * @param $type
 * @param $desctext
 * @param $tel
 * @param $price
 * @param $typeprice
 * @param $typeusure
 * @param $date
 * @param $email
 * @param $submitter
 * @param $town
 * @param $country
 * @param $contactby
 * @param $premium
 * @param $valid
 */
function modAdS(
    $lid,
    $cat,
    $title,
    $status,
    $expire,
    $type,
    $desctext,
    $tel,
    $price,
    $typeprice,
    $typeusure,
    $date,
    $email,
    $submitter,
    $town,
    $country,
    $contactby,
    $premium,
    $valid
) {
    global $xoopsDB, $xoopsConfig, $xoopsModuleConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang, $xoopsGTicket;

    if (!$xoopsGTicket->check(true, 'token')) {
        redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $xoopsGTicket->getErrors());
    }
    $title     = $myts->addSlashes($title);
    $status    = $myts->addSlashes($status);
    $expire    = $myts->addSlashes($expire);
    $type      = $myts->addSlashes($type);
    $desctext  = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
    $tel       = $myts->addSlashes($tel);
    $price     = str_replace(array(' '), '', $price);
    $typeprice = $myts->addSlashes($typeprice);
    $typeusure = $myts->addSlashes($typeusure);
    $submitter = $myts->addSlashes($submitter);
    $town      = $myts->addSlashes($town);
    $country   = $myts->addSlashes($country);
    $contactby = $myts->addSlashes($contactby);
    $premium   = $myts->addSlashes($premium);

    $xoopsDB->query('UPDATE '
                    . $xoopsDB->prefix('adslight_listing')
                    . " SET cid='$cat', title='$title', status='$status',  expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");

    redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
}

####################################################
foreach ($_POST as $k => $v) {
    ${$k} = $v;
}
$ok = isset($_GET['ok']) ? $_GET['ok'] : '';

if (!isset($_POST['lid']) && isset($_GET['lid'])) {
    $lid = $_GET['lid'];
}
if (!isset($_POST['r_lid']) && isset($_GET['r_lid'])) {
    $r_lid = $_GET['r_lid'];
}
if (!isset($_POST['op']) && isset($_GET['op'])) {
    $op = $_GET['op'];
}
switch ($op) {

    case 'ModAd':
        include XOOPS_ROOT_PATH . '/header.php';
        modAd($lid);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'ModAdS':
        modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
        break;

    case 'ListingDel':
        include XOOPS_ROOT_PATH . '/header.php';
        listingDel($lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'DelReply':
        include XOOPS_ROOT_PATH . '/header.php';
        delReply($r_lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    default:
        redirect_header('index.php', 1, '' . _RETURNANN . '');
        break;
}


Branch — master (71f789)

modify.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1		<?php
2		/*
3		-------------------------------------------------------------------------
4		ADSLIGHT 2 : Module for Xoops
5
6		Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
7		Started with the Classifieds module and made MANY changes
8		Website : http://www.luc-bizet.fr
9		Contact : [email protected]
10		-------------------------------------------------------------------------
11		Original credits below Version History
12		##########################################################################
13		# Classified Module for Xoops #
14		# By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com #
15		# Started with the MyAds module and made MANY changes #
16		##########################################################################
17		Original Author: Pascal Le Boustouller
18		Author Website : [email protected]
19		Licence Type : GPL
20		-------------------------------------------------------------------------
21		*/
22
23		include_once __DIR__ . '/header.php';
24		$moduleDirName = basename(__DIR__);
25		$main_lang = '_' . strtoupper($moduleDirName);
26		require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
27		$myts = MyTextSanitizer::getInstance();
28		$module_id = $xoopsModule->getVar('mid');
29
30		$groups = ($xoopsUser instanceof XoopsUser) ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS;
31		$gperm_handler = xoops_getHandler('groupperm');
32		$perm_itemid = XoopsRequest::getInt('item_id', 0, 'POST');
33
34		//If no access
35	View Code Duplication	if (!$gperm_handler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
		1 ignored issue – show Duplication introduced 2016-01-18 09:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
36		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
37		}
38
39		/**
40		* @param $lid
41		* @param $ok
42		*/
43		function listingDel($lid, $ok)
44		{
45		global $xoopsDB, $xoopsUser, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
46
47		$result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid) . '');
48		list($usid) = $xoopsDB->fetchRow($result);
49
50		$result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid) . '');
51
52		if ($xoopsUser) {
53		$currentid = $xoopsUser->getVar('uid', 'E');
54		if ($usid == $currentid) {
55		if ($ok == 1) {
56		while (list($purl) = $xoopsDB->fetchRow($result1)) {
57		if ($purl) {
58		$destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
59		if (file_exists("$destination/$purl")) {
60		unlink("$destination/$purl");
61		}
62		$destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
63		if (file_exists("$destination2/thumb_$purl")) {
64		unlink("$destination2/thumb_$purl");
65		}
66		$destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
67		if (file_exists("$destination3/resized_$purl")) {
68		unlink("$destination3/resized_$purl");
69		}
70
71		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid) . '');
72		}
73		}
74		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid) . '');
75		redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
76		} else {
77		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
78		echo '<br><div style="text-align:center">';
79		echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
80		}
81		echo "[ <a href=\"modify.php?op=ListingDel&lid=" . $lid . "&ok=1\">" . _ADSLIGHT_OUI . "</a> \| <a href=\"index.php\">" . _ADSLIGHT_NON . '</a> ]<br><br>';
82		echo '</td></tr></table>';
83		}
84		}
85		}
86
87		/**
88		* @param $r_lid
89		* @param $ok
90		*/
91		function delReply($r_lid, $ok)
92		{
93		global $xoopsDB, $xoopsUser, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
		1 ignored issue – show Compatibility Best Practice introduced 2016-01-18 09:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
94
95		$result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM '
96		. $xoopsDB->prefix('adslight_listing')
97		. ' l LEFT JOIN '
98		. $xoopsDB->prefix('adslight_replies')
99		. ' r ON l.lid=r.lid WHERE r.r_lid='
100		. $xoopsDB->escape($r_lid)
101		. '');
102		list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);
103
104		if ($xoopsUser) {
105		$currentid = $xoopsUser->getVar('uid', 'E');
106		if ($usid == $currentid) {
107		if ($ok == 1) {
108		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid) . '');
109		redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
110		} else {
111		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
112		echo '<br><div style="text-align:center">';
113		echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
114		}
115		echo "[ <a href=\"modify.php?op=DelReply&r_lid="
116		. addslashes($r_lid)
117		. "&ok=1\">"
118		. _ADSLIGHT_OUI
119		. "</a> \| <a href=\"members.php?usid="
120		. addslashes($usid)
121		. "\">"
122		. _ADSLIGHT_NON
123		. '</a> ]<br><br>';
124		echo '</td></tr></table>';
125		}
126		}
127		}
128
129		/**
130		* @param $lid
131		*/
132		function modAd($lid)
133		{
134		global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsModuleConfig, $xoopsUser, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;
135
136		include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
137		include_once XOOPS_ROOT_PATH . '/modules/adslight/class/utilities.php';
138		echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";
139
140		include_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
141		$mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
142
143		$result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM '
144		. $xoopsDB->prefix('adslight_listing')
145		. ' WHERE lid='
146		. $xoopsDB->escape($lid)
147		. '');
148		list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);
149
150		$categories = AdslightUtilities::getMyItemIds('adslight_submit');
151	View Code Duplication	if (is_array($categories) && count($categories) > 0) {
152		if (!in_array($cide, $categories)) {
153		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
154		}
155		} else { // User can't see any category
156		redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
157		}
158
159		if ($xoopsUser) {
160		$calusern = $xoopsUser->uid();
161		if ($usid == $calusern) {
162		echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
163		$title = $myts->htmlSpecialChars($title);
164		$status = $myts->htmlSpecialChars($status);
165		$expire = $myts->htmlSpecialChars($expire);
166		$type = $myts->htmlSpecialChars($type);
167		$desctext = $myts->displayTarea($desctext, 1);
168		$tel = $myts->htmlSpecialChars($tel);
169		$price = number_format($price, 2, ',', ' ');
170		$typeprice = $myts->htmlSpecialChars($typeprice);
171		$typeusure = $myts->htmlSpecialChars($typeusure);
172		$submitter = $myts->htmlSpecialChars($submitter);
173		$town = $myts->htmlSpecialChars($town);
174		$country = $myts->htmlSpecialChars($country);
175		$contactby = $myts->htmlSpecialChars($contactby);
176		$premium = $myts->htmlSpecialChars($premium);
177		$useroffset = '';
178	View Code Duplication	if ($xoopsUser) {
179		$timezone = $xoopsUser->timezone();
180		$useroffset = (!empty($timezone)) ? $xoopsUser->timezone() : $xoopsConfig['default_TZ'];
181		}
182		$dates = ($useroffset * 3600) + $date;
183		$dates = formatTimestamp($date, 's');
184
185		echo "<form action=\"modify.php\" method=post enctype=\"multipart/form-data\">
186		<table><tr class=\"head\" border=\"2\">
187		<td class=\"head\">" . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
188		</tr><tr>";
189
190		if ($xoopsModuleConfig['adslight_diff_name'] == '1') {
191		echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" /></td>";
192		} else {
193		echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
194		}
195		echo '</tr><tr>';
196
197		if (1 == $contactby) {
198		$contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
199		}
200		if (2 == $contactby) {
201		$contactselect = _ADSLIGHT_CONTACT_BY_PM;
202		}
203		if (3 == $contactby) {
204		$contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
205		}
206		if (4 == $contactby) {
207		$contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
208		}
209
210		echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
211		<option value=\"" . $contactby . "\">" . $contactselect . "</option>
212		<option value=\"1\">" . _ADSLIGHT_CONTACT_BY_EMAIL . "</option>
213		<option value=\"2\">" . _ADSLIGHT_CONTACT_BY_PM . "</option>
214		<option value=\"3\">" . _ADSLIGHT_CONTACT_BY_BOTH . "</option>
215		<option value=\"4\">" . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';
216
217		if ($xoopsModuleConfig['adslight_diff_email'] == '1') {
218		echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" /></td>";
219		} else {
220		echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" /></td>";
221		}
222		echo "</tr><tr>
223		<td class=\"head\">" . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" /></td>
224		</tr>";
225		echo "<tr>
226		<td class=\"head\">" . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" /></td>
227		</tr>";
228		if ($xoopsModuleConfig['adslight_use_country'] == '1') {
229		echo "<tr>
230		<td class=\"head\">" . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" /></td>
231		</tr>";
232		} else {
233		echo "<input type=\"hidden\" name=\"country\" value=\"\">";
234		}
235
236		echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
237		if ('0' == $status) {
238		echo 'checked';
239		}
240		echo '>' . _ADSLIGHT_ACTIVE . "   <input type=\"radio\" name=\"status\" value=\"1\"";
241		if ('1' == $status) {
242		echo 'checked';
243		}
244		echo '>' . _ADSLIGHT_INACTIVE . "   <input type=\"radio\" name=\"status\" value=\"2\"";
245		if ('2' == $status) {
246		echo 'checked';
247		}
248		echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
249		echo "<tr>
250		<td class=\"head\">" . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" /></td>
251		</tr>";
252		echo "<tr><td class=\"head\">" . _ADSLIGHT_PRICE2 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" /> " . $xoopsModuleConfig['adslight_money'];
253
254		$result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
255		echo " <select name=\"typeprice\">";
256		while (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3)) {
257		$sel = '';
258		if ($id_price == $typeprice) {
259		$sel = 'selected';
260		}
261		echo "<option value=\"$id_price\" $sel>$nom_price</option>";
262		}
263		echo '</select></td></tr>';
264		$module_id = $xoopsModule->getVar('mid');
265		$groups = ($xoopsUser instanceof XoopsUser) ? $xoopsUser->getGroups() : XOOPS_GROUP_ANONYMOUS;
266
267		$gperm_handler = xoops_getHandler('groupperm');
268		$perm_itemid = XoopsRequest::getInt('item_id', 0, 'GET');
269
270		//If no access
271		if (!$gperm_handler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
272		echo "<tr>
273		<td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire " . _ADSLIGHT_DAY . '</td>
274		</tr>';
275		echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" />";
276		} else {
277		echo "<tr>
278		<td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" /> " . _ADSLIGHT_DAY . '</td>
279		</tr>';
280		}
281
282		/// Type d'annonce
283		echo "<tr>
284		<td class=\"head\">" . _ADSLIGHT_TYPE . " </td><td class=\"head\"><select name=\"type\">";
285
286		$result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
287		while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
288		$sel = '';
289		if ($id_type == $type) {
290		$sel = 'selected';
291		}
292		echo "<option value=\"$id_type\" $sel>$nom_type</option>";
293		}
294		echo '</select></td></tr>';
295
296		/// Etat de l'objet
297		echo "<tr>
298		<td class=\"head\">" . _ADSLIGHT_TYPE_USURE . " </td><td class=\"head\"><select name=\"typeusure\">";
299
300		$result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
301		while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
302		$sel = '';
303		if ($id_usure == $typeusure) {
304		$sel = 'selected';
305		}
306		echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
307		}
308		echo '</select></td></tr>';
309
310		echo "<tr>
311		<td class=\"head\">" . _ADSLIGHT_CAT . " </td><td class=\"head\">";
312		$mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
313		echo "</td>
314		</tr><tr>
315		<td class=\"head\">" . _ADSLIGHT_DESC . " </td><td class=\"head\">";
316		$wysiwyg_text_area = AdslightUtilities::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
317		echo $wysiwyg_text_area->render();
318		echo "</td></tr>
319		<td colspan=2><br><input type=\"submit\" value=\"" . _ADSLIGHT_MODIFANN . "\" /></td>
320		</tr></table>";
321		echo "<input type=\"hidden\" name=\"op\" value=\"ModAdS\" />";
322
323		$module_id = $xoopsModule->getVar('mid');
324		if (is_object($xoopsUser)) {
325		$groups =& $xoopsUser->getGroups();
326		} else {
327		$groups = XOOPS_GROUP_ANONYMOUS;
328		}
329		$gperm_handler = xoops_getHandler('groupperm');
330		if (isset($_POST['item_id'])) {
331		$perm_itemid = (int)$_POST['item_id'];
332		} else {
333		$perm_itemid = 0;
334		}
335		//If no access
336		if (!$gperm_handler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
337		if ($xoopsModuleConfig['adslight_moderated'] == '1') {
338		echo "<input type=\"hidden\" name=\"valid\" value=\"No\" />";
339		echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
340		} else {
341		echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
342		}
343		} else {
344		echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
345		}
346		echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" />";
347		echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" />";
348		echo "<input type=\"hidden\" name=\"date\" value=\"$date\" />
349		" . $GLOBALS['xoopsGTicket']->getTicketHtml(__LINE__, 1800, 'token') . '';
350		echo '</form><br></fieldset><br>';
351		}
352		}
353		}
354
355		/**
356		* @param $lid
357		* @param $cat
358		* @param $title
359		* @param $status
360		* @param $expire
361		* @param $type
362		* @param $desctext
363		* @param $tel
364		* @param $price
365		* @param $typeprice
366		* @param $typeusure
367		* @param $date
368		* @param $email
369		* @param $submitter
370		* @param $town
371		* @param $country
372		* @param $contactby
373		* @param $premium
374		* @param $valid
375		*/
376		function modAdS(
377		$lid,
378		$cat,
379		$title,
380		$status,
381		$expire,
382		$type,
383		$desctext,
384		$tel,
385		$price,
386		$typeprice,
387		$typeusure,
388		$date,
389		$email,
390		$submitter,
391		$town,
392		$country,
393		$contactby,
394		$premium,
395		$valid
396		) {
397		global $xoopsDB, $xoopsConfig, $xoopsModuleConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang, $xoopsGTicket;
398
399		if (!$xoopsGTicket->check(true, 'token')) {
400		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $xoopsGTicket->getErrors());
401		}
402		$title = $myts->addSlashes($title);
403		$status = $myts->addSlashes($status);
404		$expire = $myts->addSlashes($expire);
405		$type = $myts->addSlashes($type);
406		$desctext = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
407		$tel = $myts->addSlashes($tel);
408		$price = str_replace(array(' '), '', $price);
409		$typeprice = $myts->addSlashes($typeprice);
410		$typeusure = $myts->addSlashes($typeusure);
411		$submitter = $myts->addSlashes($submitter);
412		$town = $myts->addSlashes($town);
413		$country = $myts->addSlashes($country);
414		$contactby = $myts->addSlashes($contactby);
415		$premium = $myts->addSlashes($premium);
416
417		$xoopsDB->query('UPDATE '
418		. $xoopsDB->prefix('adslight_listing')
419		. " SET cid='$cat', title='$title', status='$status', expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");
420
421		redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
422		}
423
424		####################################################
425		foreach ($_POST as $k => $v) {
426		${$k} = $v;
427		}
428		$ok = isset($_GET['ok']) ? $_GET['ok'] : '';
429
430		if (!isset($_POST['lid']) && isset($_GET['lid'])) {
431		$lid = $_GET['lid'];
432		}
433		if (!isset($_POST['r_lid']) && isset($_GET['r_lid'])) {
434		$r_lid = $_GET['r_lid'];
435		}
436		if (!isset($_POST['op']) && isset($_GET['op'])) {
437		$op = $_GET['op'];
438		}
439		switch ($op) {
440
441		case 'ModAd':
442		include XOOPS_ROOT_PATH . '/header.php';
443		modAd($lid);
444		include XOOPS_ROOT_PATH . '/footer.php';
445		break;
446
447		case 'ModAdS':
448		modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
449		break;
450
451		case 'ListingDel':
452		include XOOPS_ROOT_PATH . '/header.php';
453		listingDel($lid, $ok);
454		include XOOPS_ROOT_PATH . '/footer.php';
455		break;
456
457		case 'DelReply':
458		include XOOPS_ROOT_PATH . '/header.php';
459		delReply($r_lid, $ok);
460		include XOOPS_ROOT_PATH . '/footer.php';
461		break;
462
463		default:
464		redirect_header('index.php', 1, '' . _RETURNANN . '');
465		break;
466		}
467

mambax7 / adslight

Branch — master (71f789)

modify.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like