Issues in modify.php - Fixed Issues - Inspection of "2.3 RC2" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 7fde14...e7cdb3 )

by Michael

created 2019-04-15 06:15 UTC

modify.php (4 issues)

Labels

Bug 4

Severity

Major 4

<?php
/*
-------------------------------------------------------------------------
                     ADSLIGHT 2 : Module for Xoops

        Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
        Started with the Classifieds module and made MANY changes
        Website : http://www.luc-bizet.fr
        Contact : [email protected]
-------------------------------------------------------------------------
             Original credits below Version History
##########################################################################
#                    Classified Module for Xoops                         #
#  By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com         #
#      Started with the MyAds module and made MANY changes               #
##########################################################################
 Original Author: Pascal Le Boustouller
 Author Website : [email protected]
 Licence Type   : GPL
-------------------------------------------------------------------------
*/

use Xmf\Request;
use XoopsModules\Adslight;

require_once __DIR__ . '/header.php';
$moduleDirName = basename(__DIR__);
$main_lang     = '_' . mb_strtoupper($moduleDirName);
//require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
$myts      = \MyTextSanitizer::getInstance();
$module_id = $xoopsModule->getVar('mid');

$groups = ($GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
/** @var \XoopsGroupPermHandler $grouppermHandler */
$grouppermHandler = xoops_getHandler('groupperm');
$perm_itemid      = Request::getInt('item_id', 0, 'POST');

//If no access
if (!$grouppermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
    redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
}

/**
 * @param $lid
 * @param $ok
 */
function listingDel($lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
    list($usid) = $xoopsDB->fetchRow($result);

    $result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if (1 == $ok) {
                while (false !== (list($purl) = $xoopsDB->fetchRow($result1))) {
                    if ($purl) {
                        $destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
                        if (file_exists("$destination/$purl")) {
                            unlink("$destination/$purl");
                        }
                        $destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
                        if (file_exists("$destination2/thumb_$purl")) {
                            unlink("$destination2/thumb_$purl");
                        }
                        $destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
                        if (file_exists("$destination3/resized_$purl")) {
                            unlink("$destination3/resized_$purl");
                        }

                        $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
                    }
                }
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
                redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo '[ <a href="modify.php?op=ListingDel&amp;lid=' . $lid . '&amp;ok=1">' . _ADSLIGHT_OUI . '</a> | <a href="index.php">' . _ADSLIGHT_NON . '</a> ]<br><br>';

            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $r_lid
 * @param $ok
 */
function delReply($r_lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' l LEFT JOIN ' . $xoopsDB->prefix('adslight_replies') . ' r ON l.lid=r.lid  WHERE r.r_lid=' . $xoopsDB->escape($r_lid));
    list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if (1 == $ok) {
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid));
                redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo '[ <a href="modify.php?op=DelReply&amp;r_lid=' . addslashes($r_lid) . '&amp;ok=1">' . _ADSLIGHT_OUI . '</a> | <a href="members.php?usid=' . addslashes($usid) . '">' . _ADSLIGHT_NON . '</a> ]<br><br>';

            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $lid
 */
function modAd($lid)
{
    global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;
    $contactselect = '';
    require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';

    echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";

    $mytree = new Adslight\ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');

    $result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
    list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);

    $categories = Adslight\Utility::getMyItemIds('adslight_submit');
    if (is_array($categories) && count($categories) > 0) {
        if (!in_array((int)$cide, $categories, true)) {
            redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
        }
    } else {    // User can't see any category
        redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
    }

    if ($GLOBALS['xoopsUser']) {
        $calusern = $GLOBALS['xoopsUser']->uid();
        if ($usid == $calusern) {
            echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
            $title    = $myts->htmlSpecialChars($title);
            $status   = $myts->htmlSpecialChars($status);
            $expire   = $myts->htmlSpecialChars($expire);
            $type     = $myts->htmlSpecialChars($type);
            $desctext = $myts->displayTarea($desctext, 1);
            $tel      = $myts->htmlSpecialChars($tel);

            //            $price      = number_format($price, 2, ',', ' ');

            xoops_load('XoopsLocal');
            $tempXoopsLocal = new \XoopsLocal();
            //  For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
            $price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
            //  For other countries uncomment the below line and comment out the above line
            //      $price = $tempXoopsLocal->number_format($price);

            $typeprice  = $myts->htmlSpecialChars($typeprice);
            $typeusure  = $myts->htmlSpecialChars($typeusure);
            $submitter  = $myts->htmlSpecialChars($submitter);
            $town       = $myts->htmlSpecialChars($town);
            $country    = $myts->htmlSpecialChars($country);
            $contactby  = $myts->htmlSpecialChars($contactby);
            $premium    = $myts->htmlSpecialChars($premium);
            $useroffset = '';
            if ($GLOBALS['xoopsUser']) {
                $timezone   = $GLOBALS['xoopsUser']->timezone();
                $useroffset = !empty($timezone) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
            }
            $dates = ($useroffset * 3600) + $date;
            $dates = formatTimestamp($date, 's');

            echo '<form action="modify.php" method=post enctype="multipart/form-data">';
            echo $GLOBALS['xoopsSecurity']->getTokenHTML();
            echo '<table><tr class="head" border="2">
    <td class="head">' . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
    </tr><tr>";

            if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_diff_name']) {
                echo '<td class="head">' . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" ></td>";
            } else {
                echo '<td class="head">' . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
            }
            echo '</tr><tr>';

            if (1 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
            }
            if (2 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PM;
            }
            if (3 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
            }
            if (4 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
            }

            echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
    <option value=\"" . $contactby . '">' . $contactselect . '</option>
    <option value="1">' . _ADSLIGHT_CONTACT_BY_EMAIL . '</option>
    <option value="2">' . _ADSLIGHT_CONTACT_BY_PM . '</option>
    <option value="3">' . _ADSLIGHT_CONTACT_BY_BOTH . '</option>
    <option value="4">' . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';

            if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_diff_email']) {
                echo '<tr><td class="head">' . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" ></td>";
            } else {
                echo '<tr><td class="head">' . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" ></td>";
            }
            echo '</tr><tr>
    <td class="head">' . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" ></td>
    </tr>";
            echo '<tr>
    <td class="head">' . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" ></td>
    </tr>";
            if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_use_country']) {
                echo '<tr>
    <td class="head">' . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" ></td>
    </tr>";
            } else {
                echo '<input type="hidden" name="country" value="">';
            }

            echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
            if ('0' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_ACTIVE . '&nbsp;&nbsp; <input type="radio" name="status" value="1"';
            if ('1' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_INACTIVE . '&nbsp;&nbsp; <input type="radio" name="status" value="2"';
            if ('2' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
            echo '<tr>
    <td class="head">' . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" ></td>
    </tr>";
            echo '<tr><td class="head">' . _ADSLIGHT_PRICE2 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" > " . $GLOBALS['xoopsModuleConfig']['adslight_currency_symbol'];

            $result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
            echo ' <select name="typeprice">';
            while (false !== (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3))) {
                $sel = '';
                if ($id_price == $typeprice) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_price\" $sel>$nom_price</option>";
            }
            echo '</select></td></tr>';
            $module_id = $xoopsModule->getVar('mid');
            $groups    = ($GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;

            /** @var \XoopsGroupPermHandler $grouppermHandler */
            $grouppermHandler = xoops_getHandler('groupperm');
            $perm_itemid      = Request::getInt('item_id', 0, 'GET');

            //If no access
            if (!$grouppermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire  " . _ADSLIGHT_DAY . '</td>
    </tr>';
                echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" >";
            } else {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" >  " . _ADSLIGHT_DAY . '</td>
    </tr>';
            }

            /// Type d'annonce
            echo '<tr>
    <td class="head">' . _ADSLIGHT_TYPE . ' </td><td class="head"><select name="type">';

            $result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
            while (false !== (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5))) {
                $sel = '';
                if ($id_type == $type) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_type\" $sel>$nom_type</option>";
            }
            echo '</select></td></tr>';

            /// Etat de l'objet
            echo '<tr>
    <td class="head">' . _ADSLIGHT_TYPE_USURE . ' </td><td class="head"><select name="typeusure">';

            $result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
            while (false !== (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6))) {
                $sel = '';
                if ($id_usure == $typeusure) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
            }
            echo '</select></td></tr>';

            echo '<tr>
    <td class="head">' . _ADSLIGHT_CAT . ' </td><td class="head">';
            $mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
            echo '</td>
    </tr><tr>
    <td class="head">' . _ADSLIGHT_DESC . ' </td><td class="head">';
            $wysiwyg_text_area = Adslight\Utility::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
            echo $wysiwyg_text_area->render();
            echo '</td></tr>
    <td colspan=2><br><input type="submit" value="' . _ADSLIGHT_MODIFANN . '" ></td>
    </tr></table>';
            echo '<input type="hidden" name="op" value="ModAdS" >';

            $module_id = $xoopsModule->getVar('mid');
            if (is_object($GLOBALS['xoopsUser'])) {
                $groups = &$GLOBALS['xoopsUser']->getGroups();
            } else {
                $groups = XOOPS_GROUP_ANONYMOUS;
            }
            /** @var \XoopsGroupPermHandler $grouppermHandler */
            $grouppermHandler = xoops_getHandler('groupperm');
            $perm_itemid      = Request::getInt('item_id', 0, 'POST');
            //If no access
            if (!$grouppermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_moderated']) {
                    echo '<input type="hidden" name="valid" value="No" >';
                    echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
                } else {
                    echo '<input type="hidden" name="valid" value="Yes" >';
                }
            } else {
                echo '<input type="hidden" name="valid" value="Yes" >';
            }
            echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" >";
            echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" >";
            echo "<input type=\"hidden\" name=\"date\" value=\"$date\" >
    " . $GLOBALS['xoopsSecurity']->getTokenHTML() . '';
            echo '</form><br></fieldset><br>';
        }
    }
}

/**
 * @param $lid
 * @param $cat
 * @param $title
 * @param $status
 * @param $expire
 * @param $type
 * @param $desctext
 * @param $tel
 * @param $price
 * @param $typeprice
 * @param $typeusure
 * @param $date
 * @param $email
 * @param $submitter
 * @param $town
 * @param $country
 * @param $contactby
 * @param $premium
 * @param $valid
 */
function modAdS($lid, $cat, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid)
{
    global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang;

    if (!$GLOBALS['xoopsSecurity']->check()) {
        redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $GLOBALS['xoopsSecurity']->getErrors());
    }
    $title     = $myts->addSlashes($title);
    $status    = $myts->addSlashes($status);
    $expire    = $myts->addSlashes($expire);
    $type      = $myts->addSlashes($type);
    $desctext  = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
    $tel       = $myts->addSlashes($tel);
    $price     = str_replace([' '], '', $price);
    $typeprice = $myts->addSlashes($typeprice);
    $typeusure = $myts->addSlashes($typeusure);
    $submitter = $myts->addSlashes($submitter);
    $town      = $myts->addSlashes($town);
    $country   = $myts->addSlashes($country);
    $contactby = $myts->addSlashes($contactby);
    $premium   = $myts->addSlashes($premium);

    $xoopsDB->query('UPDATE '
                    . $xoopsDB->prefix('adslight_listing')
                    . " SET cid='$cat', title='$title', status='$status',  expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");

    redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
}

####################################################
foreach ($_POST as $k => $v) {
    ${$k} = $v;
}
$ok = Request::getString('ok', '', 'GET');

if (!Request::hasVar('lid', 'POST') && Request::hasVar('lid', 'GET')) {
    $lid = Request::getInt('lid', 0, 'GET');
}
if (!Request::hasVar('r_lid', 'POST') && Request::hasVar('r_lid', 'GET')) {
    $r_lid = Request::getInt('r_lid', '', 'GET');
}
if (!Request::hasVar('op', 'POST') && Request::hasVar('op', 'GET')) {
    $op = Request::getString('op', '', 'GET');
}
switch ($op) {
    case 'ModAd':
        require_once XOOPS_ROOT_PATH . '/header.php';
        modAd($lid);
        require_once XOOPS_ROOT_PATH . '/footer.php';
        break;
    case 'ModAdS':
        modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
        break;
    case 'ListingDel':
        require_once XOOPS_ROOT_PATH . '/header.php';
        listingDel($lid, $ok);
        require_once XOOPS_ROOT_PATH . '/footer.php';
        break;
    case 'DelReply':
        require_once XOOPS_ROOT_PATH . '/header.php';
        delReply($r_lid, $ok);
        require_once XOOPS_ROOT_PATH . '/footer.php';
        break;
    default:
        redirect_header('index.php', 1, '' . _RETURNANN);
        break;
}


1			<?php
2			/*
3			-------------------------------------------------------------------------
4			ADSLIGHT 2 : Module for Xoops
5
6			Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
7			Started with the Classifieds module and made MANY changes
8			Website : http://www.luc-bizet.fr
9			Contact : [email protected]
10			-------------------------------------------------------------------------
11			Original credits below Version History
12			##########################################################################
13			# Classified Module for Xoops #
14			# By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com #
15			# Started with the MyAds module and made MANY changes #
16			##########################################################################
17			Original Author: Pascal Le Boustouller
18			Author Website : [email protected]
19			Licence Type : GPL
20			-------------------------------------------------------------------------
21			*/
22
23			use Xmf\Request;
24			use XoopsModules\Adslight;
25
26			require_once __DIR__ . '/header.php';
27			$moduleDirName = basename(__DIR__);
28			$main_lang = '_' . mb_strtoupper($moduleDirName);
29			//require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
30			$myts = \MyTextSanitizer::getInstance();
31			$module_id = $xoopsModule->getVar('mid');
32
33			$groups = ($GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
34			/** @var \XoopsGroupPermHandler $grouppermHandler */
35			$grouppermHandler = xoops_getHandler('groupperm');
36			$perm_itemid = Request::getInt('item_id', 0, 'POST');
37
38			//If no access
39			if (!$grouppermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
40			redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
41			}
42
43			/**
44			* @param $lid
45			* @param $ok
46			*/
47			function listingDel($lid, $ok)
48			{
49			global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
50
51			$result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
52			list($usid) = $xoopsDB->fetchRow($result);
53
54			$result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
55
56			if ($GLOBALS['xoopsUser']) {
57			$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
58			if ($usid == $currentid) {
59			if (1 == $ok) {
60			while (false !== (list($purl) = $xoopsDB->fetchRow($result1))) {
61			if ($purl) {
62			$destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
63			if (file_exists("$destination/$purl")) {
64			unlink("$destination/$purl");
65			}
66			$destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
67			if (file_exists("$destination2/thumb_$purl")) {
68			unlink("$destination2/thumb_$purl");
69			}
70			$destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
71			if (file_exists("$destination3/resized_$purl")) {
72			unlink("$destination3/resized_$purl");
73			}
74
75			$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
76			}
77			}
78			$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
79			redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
80			} else {
81			echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
82			echo '<br><div style="text-align:center">';
83			echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
84			}
85			echo '[ <a href="modify.php?op=ListingDel&lid=' . $lid . '&ok=1">' . _ADSLIGHT_OUI . '</a> \| <a href="index.php">' . _ADSLIGHT_NON . '</a> ]<br><br>';
			0 ignored issues – show Bug introduced 2018-03-16 07:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `_ADSLIGHT_OUI` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history... Bug introduced 2018-03-16 07:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `_ADSLIGHT_NON` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
86			echo '</td></tr></table>';
87			}
88			}
89			}
90
91			/**
92			* @param $r_lid
93			* @param $ok
94			*/
95			function delReply($r_lid, $ok)
96			{
97			global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
98
99			$result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' l LEFT JOIN ' . $xoopsDB->prefix('adslight_replies') . ' r ON l.lid=r.lid WHERE r.r_lid=' . $xoopsDB->escape($r_lid));
100			list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);
101
102			if ($GLOBALS['xoopsUser']) {
103			$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
104			if ($usid == $currentid) {
105			if (1 == $ok) {
106			$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid));
107			redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
108			} else {
109			echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
110			echo '<br><div style="text-align:center">';
111			echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
112			}
113			echo '[ <a href="modify.php?op=DelReply&r_lid=' . addslashes($r_lid) . '&ok=1">' . _ADSLIGHT_OUI . '</a> \| <a href="members.php?usid=' . addslashes($usid) . '">' . _ADSLIGHT_NON . '</a> ]<br><br>';
			0 ignored issues – show Bug introduced 2018-03-16 07:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `_ADSLIGHT_OUI` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history... Bug introduced 2018-03-16 07:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `_ADSLIGHT_NON` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
114			echo '</td></tr></table>';
115			}
116			}
117			}
118
119			/**
120			* @param $lid
121			*/
122			function modAd($lid)
123			{
124			global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;
125			$contactselect = '';
126			require_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
127
128			echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";
129
130			$mytree = new Adslight\ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
131
132			$result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
133			list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);
134
135			$categories = Adslight\Utility::getMyItemIds('adslight_submit');
136			if (is_array($categories) && count($categories) > 0) {
137			if (!in_array((int)$cide, $categories, true)) {
138			redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
139			}
140			} else { // User can't see any category
141			redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
142			}
143
144			if ($GLOBALS['xoopsUser']) {
145			$calusern = $GLOBALS['xoopsUser']->uid();
146			if ($usid == $calusern) {
147			echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
148			$title = $myts->htmlSpecialChars($title);
149			$status = $myts->htmlSpecialChars($status);
150			$expire = $myts->htmlSpecialChars($expire);
151			$type = $myts->htmlSpecialChars($type);
152			$desctext = $myts->displayTarea($desctext, 1);
153			$tel = $myts->htmlSpecialChars($tel);
154
155			// $price = number_format($price, 2, ',', ' ');
156
157			xoops_load('XoopsLocal');
158			$tempXoopsLocal = new \XoopsLocal();
159			// For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
160			$price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
161			// For other countries uncomment the below line and comment out the above line
162			// $price = $tempXoopsLocal->number_format($price);
163
164			$typeprice = $myts->htmlSpecialChars($typeprice);
165			$typeusure = $myts->htmlSpecialChars($typeusure);
166			$submitter = $myts->htmlSpecialChars($submitter);
167			$town = $myts->htmlSpecialChars($town);
168			$country = $myts->htmlSpecialChars($country);
169			$contactby = $myts->htmlSpecialChars($contactby);
170			$premium = $myts->htmlSpecialChars($premium);
171			$useroffset = '';
172			if ($GLOBALS['xoopsUser']) {
173			$timezone = $GLOBALS['xoopsUser']->timezone();
174			$useroffset = !empty($timezone) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
175			}
176			$dates = ($useroffset * 3600) + $date;
177			$dates = formatTimestamp($date, 's');
178
179			echo '<form action="modify.php" method=post enctype="multipart/form-data">';
180			echo $GLOBALS['xoopsSecurity']->getTokenHTML();
181			echo '<table><tr class="head" border="2">
182			<td class="head">' . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
183			</tr><tr>";
184
185			if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_diff_name']) {
186			echo '<td class="head">' . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" ></td>";
187			} else {
188			echo '<td class="head">' . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
189			}
190			echo '</tr><tr>';
191
192			if (1 == $contactby) {
193			$contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
194			}
195			if (2 == $contactby) {
196			$contactselect = _ADSLIGHT_CONTACT_BY_PM;
197			}
198			if (3 == $contactby) {
199			$contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
200			}
201			if (4 == $contactby) {
202			$contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
203			}
204
205			echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
206			<option value=\"" . $contactby . '">' . $contactselect . '</option>
207			<option value="1">' . _ADSLIGHT_CONTACT_BY_EMAIL . '</option>
208			<option value="2">' . _ADSLIGHT_CONTACT_BY_PM . '</option>
209			<option value="3">' . _ADSLIGHT_CONTACT_BY_BOTH . '</option>
210			<option value="4">' . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';
211
212			if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_diff_email']) {
213			echo '<tr><td class="head">' . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" ></td>";
214			} else {
215			echo '<tr><td class="head">' . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" ></td>";
216			}
217			echo '</tr><tr>
218			<td class="head">' . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" ></td>
219			</tr>";
220			echo '<tr>
221			<td class="head">' . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" ></td>
222			</tr>";
223			if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_use_country']) {
224			echo '<tr>
225			<td class="head">' . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" ></td>
226			</tr>";
227			} else {
228			echo '<input type="hidden" name="country" value="">';
229			}
230
231			echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
232			if ('0' == $status) {
233			echo 'checked';
234			}
235			echo '>' . _ADSLIGHT_ACTIVE . '   <input type="radio" name="status" value="1"';
236			if ('1' == $status) {
237			echo 'checked';
238			}
239			echo '>' . _ADSLIGHT_INACTIVE . '   <input type="radio" name="status" value="2"';
240			if ('2' == $status) {
241			echo 'checked';
242			}
243			echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
244			echo '<tr>
245			<td class="head">' . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" ></td>
246			</tr>";
247			echo '<tr><td class="head">' . _ADSLIGHT_PRICE2 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" > " . $GLOBALS['xoopsModuleConfig']['adslight_currency_symbol'];
248
249			$result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
250			echo ' <select name="typeprice">';
251			while (false !== (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3))) {
252			$sel = '';
253			if ($id_price == $typeprice) {
254			$sel = 'selected';
255			}
256			echo "<option value=\"$id_price\" $sel>$nom_price</option>";
257			}
258			echo '</select></td></tr>';
259			$module_id = $xoopsModule->getVar('mid');
260			$groups = ($GLOBALS['xoopsUser'] instanceof \XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
261
262			/** @var \XoopsGroupPermHandler $grouppermHandler */
263			$grouppermHandler = xoops_getHandler('groupperm');
264			$perm_itemid = Request::getInt('item_id', 0, 'GET');
265
266			//If no access
267			if (!$grouppermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
268			echo "<tr>
269			<td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire " . _ADSLIGHT_DAY . '</td>
270			</tr>';
271			echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" >";
272			} else {
273			echo "<tr>
274			<td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" > " . _ADSLIGHT_DAY . '</td>
275			</tr>';
276			}
277
278			/// Type d'annonce
279			echo '<tr>
280			<td class="head">' . _ADSLIGHT_TYPE . ' </td><td class="head"><select name="type">';
281
282			$result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
283			while (false !== (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5))) {
284			$sel = '';
285			if ($id_type == $type) {
286			$sel = 'selected';
287			}
288			echo "<option value=\"$id_type\" $sel>$nom_type</option>";
289			}
290			echo '</select></td></tr>';
291
292			/// Etat de l'objet
293			echo '<tr>
294			<td class="head">' . _ADSLIGHT_TYPE_USURE . ' </td><td class="head"><select name="typeusure">';
295
296			$result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
297			while (false !== (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6))) {
298			$sel = '';
299			if ($id_usure == $typeusure) {
300			$sel = 'selected';
301			}
302			echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
303			}
304			echo '</select></td></tr>';
305
306			echo '<tr>
307			<td class="head">' . _ADSLIGHT_CAT . ' </td><td class="head">';
308			$mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
309			echo '</td>
310			</tr><tr>
311			<td class="head">' . _ADSLIGHT_DESC . ' </td><td class="head">';
312			$wysiwyg_text_area = Adslight\Utility::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
313			echo $wysiwyg_text_area->render();
314			echo '</td></tr>
315			<td colspan=2><br><input type="submit" value="' . _ADSLIGHT_MODIFANN . '" ></td>
316			</tr></table>';
317			echo '<input type="hidden" name="op" value="ModAdS" >';
318
319			$module_id = $xoopsModule->getVar('mid');
320			if (is_object($GLOBALS['xoopsUser'])) {
321			$groups = &$GLOBALS['xoopsUser']->getGroups();
322			} else {
323			$groups = XOOPS_GROUP_ANONYMOUS;
324			}
325			/** @var \XoopsGroupPermHandler $grouppermHandler */
326			$grouppermHandler = xoops_getHandler('groupperm');
327			$perm_itemid = Request::getInt('item_id', 0, 'POST');
328			//If no access
329			if (!$grouppermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
330			if ('1' == $GLOBALS['xoopsModuleConfig']['adslight_moderated']) {
331			echo '<input type="hidden" name="valid" value="No" >';
332			echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
333			} else {
334			echo '<input type="hidden" name="valid" value="Yes" >';
335			}
336			} else {
337			echo '<input type="hidden" name="valid" value="Yes" >';
338			}
339			echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" >";
340			echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" >";
341			echo "<input type=\"hidden\" name=\"date\" value=\"$date\" >
342			" . $GLOBALS['xoopsSecurity']->getTokenHTML() . '';
343			echo '</form><br></fieldset><br>';
344			}
345			}
346			}
347
348			/**
349			* @param $lid
350			* @param $cat
351			* @param $title
352			* @param $status
353			* @param $expire
354			* @param $type
355			* @param $desctext
356			* @param $tel
357			* @param $price
358			* @param $typeprice
359			* @param $typeusure
360			* @param $date
361			* @param $email
362			* @param $submitter
363			* @param $town
364			* @param $country
365			* @param $contactby
366			* @param $premium
367			* @param $valid
368			*/
369			function modAdS($lid, $cat, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid)
370			{
371			global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang;
372
373			if (!$GLOBALS['xoopsSecurity']->check()) {
374			redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $GLOBALS['xoopsSecurity']->getErrors());
375			}
376			$title = $myts->addSlashes($title);
377			$status = $myts->addSlashes($status);
378			$expire = $myts->addSlashes($expire);
379			$type = $myts->addSlashes($type);
380			$desctext = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
381			$tel = $myts->addSlashes($tel);
382			$price = str_replace([' '], '', $price);
383			$typeprice = $myts->addSlashes($typeprice);
384			$typeusure = $myts->addSlashes($typeusure);
385			$submitter = $myts->addSlashes($submitter);
386			$town = $myts->addSlashes($town);
387			$country = $myts->addSlashes($country);
388			$contactby = $myts->addSlashes($contactby);
389			$premium = $myts->addSlashes($premium);
390
391			$xoopsDB->query('UPDATE '
392			. $xoopsDB->prefix('adslight_listing')
393			. " SET cid='$cat', title='$title', status='$status', expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");
394
395			redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
396			}
397
398			####################################################
399			foreach ($_POST as $k => $v) {
400			${$k} = $v;
401			}
402			$ok = Request::getString('ok', '', 'GET');
403
404			if (!Request::hasVar('lid', 'POST') && Request::hasVar('lid', 'GET')) {
405			$lid = Request::getInt('lid', 0, 'GET');
406			}
407			if (!Request::hasVar('r_lid', 'POST') && Request::hasVar('r_lid', 'GET')) {
408			$r_lid = Request::getInt('r_lid', '', 'GET');
409			}
410			if (!Request::hasVar('op', 'POST') && Request::hasVar('op', 'GET')) {
411			$op = Request::getString('op', '', 'GET');
412			}
413			switch ($op) {
414			case 'ModAd':
415			require_once XOOPS_ROOT_PATH . '/header.php';
416			modAd($lid);
417			require_once XOOPS_ROOT_PATH . '/footer.php';
418			break;
419			case 'ModAdS':
420			modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
421			break;
422			case 'ListingDel':
423			require_once XOOPS_ROOT_PATH . '/header.php';
424			listingDel($lid, $ok);
425			require_once XOOPS_ROOT_PATH . '/footer.php';
426			break;
427			case 'DelReply':
428			require_once XOOPS_ROOT_PATH . '/header.php';
429			delReply($r_lid, $ok);
430			require_once XOOPS_ROOT_PATH . '/footer.php';
431			break;
432			default:
433			redirect_header('index.php', 1, '' . _RETURNANN);
434			break;
435			}
436

mambax7 / adslight

Push — master ( 7fde14...e7cdb3 )

modify.php (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like