Issues in modify_ads.php - New Issues - Inspection of "XoopsRequest" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( a25b3b...67bb37 )

by Michael

created 2016-10-01 12:05 UTC

admin/modify_ads.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
-------------------------------------------------------------------------
                     ADSLIGHT 2 : Module for Xoops

        Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
        Started with the Classifieds module and made MANY changes
        Website : http://www.luc-bizet.fr
        Contact : [email protected]
-------------------------------------------------------------------------
             Original credits below Version History
##########################################################################
#                    Classified Module for Xoops                         #
#  By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com         #
#      Started with the MyAds module and made MANY changes               #
##########################################################################
 Original Author: Pascal Le Boustouller
 Author Website : [email protected]
 Licence Type   : GPL
-------------------------------------------------------------------------
*/

include_once __DIR__ . '/admin_header.php';

$op = XoopsRequest::getString('op', 'liste');

/**
 * Main Ad Display
 *
 * @return void
 */
function index()
{
    global $xoopsDB, $xoopsConfig, $xoopsModule, $myts, $desctext, $moduleDirName, $admin_lang;

    //    $mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');

    //    include_once __DIR__ . '/admin_header.php';
    xoops_cp_header();
    //    loadModuleAdminMenu(0, "");

    // photo dir setting checker
    $photo_dir         = $GLOBALS['xoopsModuleConfig']['adslight_path_upload'];
    $photo_thumb_dir   = $GLOBALS['xoopsModuleConfig']['adslight_path_upload'] . '/thumbs';
    $photo_resized_dir = $GLOBALS['xoopsModuleConfig']['adslight_path_upload'] . '/midsize';
    if (!is_dir($photo_dir)) {
        mkdir($photo_dir);
    }
    if (!is_dir($photo_thumb_dir)) {
        mkdir($photo_thumb_dir);
    }
    if (!is_dir($photo_resized_dir)) {
        mkdir($photo_resized_dir);
    }
    if (!is_writable($photo_dir) || !is_readable($photo_dir)) {
        echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _AM_ADSLIGHT_CHECKER . '</legend><br>';
        echo "<span style='color: #FF0000;'><b>" . _AM_ADSLIGHT_DIRPERMS . '' . $photo_dir . "</b></span><br><br>\n";
        echo '</fieldset><br>';
    }

    if (!is_writable($photo_thumb_dir) || !is_readable($photo_thumb_dir)) {
        echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _AM_ADSLIGHT_CHECKER . '</legend><br>';
        echo "<span style='color: #FF0000;'><b>" . _AM_ADSLIGHT_DIRPERMS . '' . $photo_thumb_dir . "</b></span><br><br>\n";
        echo '</fieldset><br>';
    }

    if (!is_writable($photo_resized_dir) || !is_readable($photo_resized_dir)) {
        echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _AM_ADSLIGHT_CHECKER . '</legend><br>';
        echo "<span style='color: #FF0000;'><b>" . _AM_ADSLIGHT_DIRPERMS . '' . $photo_resized_dir . "</b></span><br><br>\n";
        echo '</fieldset><br>';
    }

    $result  = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, town, country, contactby, premium, photo, usid FROM '
                               . $xoopsDB->prefix('adslight_listing')
                               . " WHERE valid='no' ORDER BY lid");
    $numrows = $xoopsDB->getRowsNum($result);
    if ($numrows > 0) {

        ///////// Il y a [..] Annonces en attente d'être approuvées //////
        echo "<table class='outer' border=0 cellspacing=5 cellpadding=0><tr><td width=40>";
        echo "<img src='../assets/images/admin/error_button.png' border=0 /></td><td>";
        echo "<span style='color:#00B4C4;'><b>" . _AM_ADSLIGHT_THEREIS . "</b></span> <b>$numrows</b> <span style='color:#00B4C4'>" . _AM_ADSLIGHT_WAIT . '</b></span>';
        echo '</td></tr></table><br>';
    } else {
        echo "<table class='outer' width='50%' border='0'><tr><td width=40>";
        echo "<img src='../assets/images/admin/search_button_green_32.png' border=0 alt=\"._AM_ADSLIGHT_RELEASEOK.\" /></td><td>";
        echo "<span style='color: #00B4C4;'><b>" . _AM_ADSLIGHT_NOANNVAL . '</b></span>';
        echo '</td></tr></table><br>';
    }

    // Modify Annonces
    list($numrows) = $xoopsDB->fetchRow($xoopsDB->query('SELECT COUNT(*) FROM ' . $xoopsDB->prefix('adslight_listing') . ''));
    if ($numrows > 0) {
        echo "<table width='100%' border='0' class='outer'><tr class='bg4'><td valign='top'>";
        echo "<form method=\"post\" action=\"modify_ads.php\">"
             . '<b>'
             . _AM_ADSLIGHT_MODANN
             . '</b><br><br>'
             . ''
             . _AM_ADSLIGHT_NUMANN
             . " <input type=\"text\" name=\"lid\" size=\"12\" maxlength=\"11\">&nbsp;&nbsp;"
             . "<input type=\"hidden\" name=\"op\" value=\"ModifyAds\">"
             . "<input type=\"submit\" value=\""
             . _AM_ADSLIGHT_MODIF
             . "\">"
             . '</form><br>';
        echo '</td></tr></table><br>';
    }

    echo "<table width='100%' border='0' cellspacing='1' cellpadding='8' style='border: 2px solid #DFE0E0;'><tr class='bg4'><td valign='top'>";
    echo "<a href=\"map.php\">" . _AM_ADSLIGHT_GESTCAT . "</a> | <a href=\"../index.php\">" . _AM_ADSLIGHT_ACCESMYANN . '</a>';
    echo '</td></tr></table><br>';

    xoops_cp_footer();
}

#  function modifyAds
#####################################################
/**
 * @param $lid
 */
function modifyAds($lid)
{
    global $xoopsDB, $xoopsModule, $xoopsConfig, $myts, $desctext, $moduleDirName, $admin_lang;

    $mytree        = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
    $contactselect = '';
    //    include_once __DIR__ . '/admin_header.php';
    xoops_cp_header();
    //    loadModuleAdminMenu(0, "");
    $id_price  = '';
    $nom_price = '';
    $lid       = (int)$lid;

    echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _AM_ADSLIGHT_MODANN . '</legend>';

    $result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, town, country, contactby, premium, valid, photo FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . " WHERE lid=$lid");

    while (list($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid, $photo) = $xoopsDB->fetchRow($result)) {

        $title     = $myts->htmlSpecialChars($title);
        $status    = $myts->htmlSpecialChars($status);
        $expire    = $myts->htmlSpecialChars($expire);
        $type      = $myts->htmlSpecialChars($type);
        $desctext  = $myts->displayTarea($desctext, 1, 1, 1);
        $tel       = $myts->htmlSpecialChars($tel);
//        $price     = number_format($price, 2, ',', ' ');


        xoops_load('XoopsLocal');
        $tempXoopsLocal = new XoopsLocal;
        //  For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
        $price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
        //  For other countries uncomment the below line and comment out the above line
        //      $price = $tempXoopsLocal->number_format($price);



        $typeprice = $myts->htmlSpecialChars($typeprice);
        $typeusure = $myts->htmlSpecialChars($typeusure);
        $submitter = $myts->htmlSpecialChars($submitter);
        $town      = $myts->htmlSpecialChars($town);
        $country   = $myts->htmlSpecialChars($country);
        $contactby = $myts->htmlSpecialChars($contactby);
        $premium   = $myts->htmlSpecialChars($premium);

        $date2 = formatTimestamp($date, 's');

        echo "<form action=\"modify_ads.php\" method=post>
            <table border=0><tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_NUMANN . " </td><td>$lid &nbsp;" . _AM_ADSLIGHT_ADDED_ON . "&nbsp; $date2</td>
            </tr><tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_SENDBY . " </td><td>$submitter</td>
            </tr><tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_EMAIL . " </td><td><input type=\"text\" name=\"email\" size=\"40\" value=\"$email\"></td>
            </tr><tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_TEL . " </td><td><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\"></td>
            </tr><tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_TOWN . " </td><td><input type=\"text\" name=\"town\" size=\"40\" value=\"$town\"></td>
            </tr><tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_COUNTRY . " </td><td><input type=\"text\" name=\"country\" size=\"40\" value=\"$country\"></td>
            </tr></tr><tr class='head' border='1'>";

        if ($contactby == 1) {
            $contactselect = _AM_ADSLIGHT_CONTACT_BY_EMAIL;
        }
        if ($contactby == 2) {
            $contactselect = _AM_ADSLIGHT_CONTACT_BY_PM;
        }
        if ($contactby == 3) {
            $contactselect = _AM_ADSLIGHT_CONTACT_BY_BOTH;
        }
        if ($contactby == 4) {
            $contactselect = _AM_ADSLIGHT_CONTACT_BY_PHONE;
        }

        echo " <td class='head'>" . _AM_ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
    <option value=\"" . $contactby . "\">" . $contactselect . "</option>
    <option value=\"1\">" . _AM_ADSLIGHT_CONTACT_BY_EMAIL . "</option>
    <option value=\"2\">" . _AM_ADSLIGHT_CONTACT_BY_PM . "</option>
    <option value=\"3\">" . _AM_ADSLIGHT_CONTACT_BY_BOTH . "</option>
    <option value=\"4\">" . _AM_ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';

        echo "<tr><td class='head'>" . _AM_ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
        if ($status == '0') {
            echo 'checked';
        }
        echo '>' . _AM_ADSLIGHT_ACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"1\"";
        if ($status == '1') {
            echo 'checked';
        }
        echo '>' . _AM_ADSLIGHT_INACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"2\"";
        if ($status == '2') {
            echo 'checked';
        }
        echo '>' . _AM_ADSLIGHT_SOLD . '</td></tr>';

        echo "<tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_TITLE2 . " </td><td><input type=\"text\" name=\"title\" size=\"40\" value=\"$title\"></td>
            </tr><tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_PREMIUM . " </td><td><input type=\"text\" name=\"premium\" size=\"3\" value=\"$premium\"></td>
            </tr><tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_EXPIRE . " </td><td><input type=\"text\" name=\"expire\" size=\"40\" value=\"$expire\"></td>
            </tr>";
        ////// Type d'annonce
        echo "<tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_TYPE . " </td><td><select name=\"type\">";

        $result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
        while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
            $sel = '';
            if ($id_type == $type) {
                $sel = 'selected';
            }
            echo "<option value=\"{$id_type}\"{$sel}>{$nom_type}</option>";
        }
        echo '</select></td></tr>';

        ////// Etat d'usure
        echo "<tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_TYPE_USURE . " </td><td><select name=\"typeusure\">";

        $result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
        while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
            $sel = '';
            if ($id_usure == $typeusure) {
                $sel = 'selected';
            }
            echo "<option value=\"{$id_usure}\"{$sel}>{$nom_usure}</option>";
        }
        echo '</select></td></tr>';

        /////// Price
        echo "<tr class='head' border='1'><td>"
             . _AM_ADSLIGHT_PRICE2
             . " </td><td><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\"> "
             . $GLOBALS['xoopsModuleConfig']['adslight_money']
             . '';

        //////// Price type

        $resultx = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY nom_price');

        echo " <select name=\"typeprice\"><option value=\"$id_price\">$nom_price</option>";
        while (list($nom_price, $id_price) = $xoopsDB->fetchRow($resultx)) {
            $sel = '';
            if ($id_price == $typeprice) {
                $sel = 'selected';
            }
            echo "<option value=\"{$id_price}\"{$sel}>{$nom_price}</option>";
        }
        echo '</select></td>';

        /////// Category

        echo "<tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_CAT2 . ' </td><td>';
        $mytree->makeMySelBox('title', 'title', $cid);
        echo "</td>
            </tr><tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_DESC . ' </td><td>';

        $wysiwyg_text_area = AdslightUtilities::getEditor('', 'desctext', $desctext, '100%', '200px', 'small');
        echo $wysiwyg_text_area->render();

        echo '</td></tr>';

        echo "<tr class='head' border='1'>
            <td>" . _AM_ADSLIGHT_PHOTO1 . " </td><td><input type=\"text\" name=\"photo\" size=\"50\" value=\"$photo\"></td>
            </tr><tr>";
        $time = time();
        echo "</tr><tr class='head' border='1'>
            <td>&nbsp;</td><td><select name=\"op\">
            <option value=\"ModifyAdsS\"> " . _AM_ADSLIGHT_MODIF . "
            <option value=\"ListingDel\"> " . _AM_ADSLIGHT_DEL . "
            </select><input type=\"submit\" value=\"" . _AM_ADSLIGHT_GO . "\"></td>
            </tr></table>";
        echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\">";
        echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\">";
        echo "<input type=\"hidden\" name=\"date\" value=\"$time\">";
        echo "<input type=\"hidden\" name=\"submitter\" value=\"$submitter\">
        </form><br>";
        echo '</fieldset><br>';
        xoops_cp_footer();
    }
}

#  function modifyAdsS
#####################################################

/**
 * @param $lid
 * @param $cat
 * @param $title
 * @param $status
 * @param $expire
 * @param $type
 * @param $desctext
 * @param $tel
 * @param $price
 * @param $typeprice
 * @param $typeusure
 * @param $date
 * @param $email
 * @param $submitter
 * @param $town
 * @param $country
 * @param $contactby
 * @param $premium
 * @param $valid
 * @param $photo
 */
function modifyAdsS(
    $lid,
    $cat,
    $title,
    $status,
    $expire,
    $type,
    $desctext,
    $tel,
    $price,
    $typeprice,
    $typeusure,
    $date,
    $email,
    $submitter,
    $town,
    $country,
    $contactby,
    $premium,
    $valid,
    $photo
) {
    global $xoopsDB, $xoopsConfig, $myts, $moduleDirName, $admin_lang;

    $lid   = (int)$lid;
    $cat   = (int)$cat;
    $title = $myts->htmlSpecialChars($title);
    //    $status    = $myts->htmlSpecialChars($status);
    $status    = (int)$status;
    $expire    = $myts->htmlSpecialChars($expire);
    $type      = $myts->htmlSpecialChars($type);
    $desctext  = $myts->displayTarea($desctext, 1, 1, 1);
    $tel       = $myts->htmlSpecialChars($tel);
    $price     = str_replace(array(' '), '', $price);
    $typeprice = $myts->htmlSpecialChars($typeprice);
    $typeusure = $myts->htmlSpecialChars($typeusure);
    $submitter = $myts->htmlSpecialChars($submitter);
    $town      = $myts->htmlSpecialChars($town);
    $country   = $myts->htmlSpecialChars($country);
    $contactby = $myts->htmlSpecialChars($contactby);
    $premium   = $myts->htmlSpecialChars($premium);

    $xoopsDB->query('UPDATE '
                    . $xoopsDB->prefix('adslight_listing')
                    . " SET cid='$cat', title='$title', status='$status', expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', date='$date', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid', photo='$photo' WHERE lid=$lid");

    redirect_header('modify_ads.php', 1, _AM_ADSLIGHT_ANNMOD);
}

/**
 * Delete Listing
 *
 * @param  int    $lid
 * @param  string $photo
 * @return void
 */
function listingDel($lid, $photo)
{
    global $xoopsDB, $moduleDirName, $admin_lang;

    $lid = (int)$lid;

    $result2 = $xoopsDB->query('SELECT p.url FROM '
                               . $xoopsDB->prefix('adslight_listing')
                               . ' l LEFT JOIN '
                               . $xoopsDB->prefix('adslight_pictures')
                               . ' p  ON l.lid=p.lid WHERE l.lid='
                               . $xoopsDB->escape($lid));

    while (list($purl) = $xoopsDB->fetchRow($result2)) {
        if ($purl) {
            $destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
            if (file_exists("$destination/$purl")) {
                unlink("$destination/$purl");
            }
            $destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
            if (file_exists("$destination2/thumb_$purl")) {
                unlink("$destination2/thumb_$purl");
            }
            $destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
            if (file_exists("$destination3/resized_$purl")) {
                unlink("$destination3/resized_$purl");
            }
            $xoopsDB->query('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . " WHERE lid={$lid}");
        }
    }

    $xoopsDB->query('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . " WHERE lid={$lid}");

    redirect_header('modify_ads.php', 1, _AM_ADSLIGHT_ANNDEL);
}

#####################################################
#####################################################
//@todo REMOVE THIS ASAP. This code is extremely unsafe
foreach ($_POST as $k => $v) {
    ${$k} = $v;
}
$pa  = XoopsRequest::getString('pa', '', 'GET');
$lid = XoopsRequest::getInt('lid', 0);
$op  = XoopsRequest::getString('op', '');

switch ($op) {
    case 'IndexView':
        indexView($lid);
        break;

    case 'ListingDel':
        listingDel($lid, $photo);
        break;

    case 'ModifyAds':
        modifyAds($lid);
        break;

    case 'ModifyAdsS':
        modifyAdsS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid, $photo);
        break;

    default:
        index();
        break;
}


1		<?php
2		/*
3		-------------------------------------------------------------------------
4		ADSLIGHT 2 : Module for Xoops
5
6		Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
7		Started with the Classifieds module and made MANY changes
8		Website : http://www.luc-bizet.fr
9		Contact : [email protected]
10		-------------------------------------------------------------------------
11		Original credits below Version History
12		##########################################################################
13		# Classified Module for Xoops #
14		# By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com #
15		# Started with the MyAds module and made MANY changes #
16		##########################################################################
17		Original Author: Pascal Le Boustouller
18		Author Website : [email protected]
19		Licence Type : GPL
20		-------------------------------------------------------------------------
21		*/
22
23		include_once __DIR__ . '/admin_header.php';
24
25		$op = XoopsRequest::getString('op', 'liste');
26
27		/**
28		* Main Ad Display
29		*
30		* @return void
31		*/
32		function index()
33		{
34		global $xoopsDB, $xoopsConfig, $xoopsModule, $myts, $desctext, $moduleDirName, $admin_lang;
35
36		// $mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
37
38		// include_once __DIR__ . '/admin_header.php';
39		xoops_cp_header();
40		// loadModuleAdminMenu(0, "");
41
42		// photo dir setting checker
43		$photo_dir = $GLOBALS['xoopsModuleConfig']['adslight_path_upload'];
44		$photo_thumb_dir = $GLOBALS['xoopsModuleConfig']['adslight_path_upload'] . '/thumbs';
45		$photo_resized_dir = $GLOBALS['xoopsModuleConfig']['adslight_path_upload'] . '/midsize';
46		if (!is_dir($photo_dir)) {
47		mkdir($photo_dir);
48		}
49		if (!is_dir($photo_thumb_dir)) {
50		mkdir($photo_thumb_dir);
51		}
52		if (!is_dir($photo_resized_dir)) {
53		mkdir($photo_resized_dir);
54		}
55	View Code Duplication	if (!is_writable($photo_dir) \|\| !is_readable($photo_dir)) {
56		echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _AM_ADSLIGHT_CHECKER . '</legend><br>';
57		echo "<span style='color: #FF0000;'><b>" . _AM_ADSLIGHT_DIRPERMS . '' . $photo_dir . "</b></span><br><br>\n";
58		echo '</fieldset><br>';
59		}
60
61	View Code Duplication	if (!is_writable($photo_thumb_dir) \|\| !is_readable($photo_thumb_dir)) {
62		echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _AM_ADSLIGHT_CHECKER . '</legend><br>';
63		echo "<span style='color: #FF0000;'><b>" . _AM_ADSLIGHT_DIRPERMS . '' . $photo_thumb_dir . "</b></span><br><br>\n";
64		echo '</fieldset><br>';
65		}
66
67	View Code Duplication	if (!is_writable($photo_resized_dir) \|\| !is_readable($photo_resized_dir)) {
68		echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _AM_ADSLIGHT_CHECKER . '</legend><br>';
69		echo "<span style='color: #FF0000;'><b>" . _AM_ADSLIGHT_DIRPERMS . '' . $photo_resized_dir . "</b></span><br><br>\n";
70		echo '</fieldset><br>';
71		}
72
73		$result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, town, country, contactby, premium, photo, usid FROM '
74		. $xoopsDB->prefix('adslight_listing')
75		. " WHERE valid='no' ORDER BY lid");
76		$numrows = $xoopsDB->getRowsNum($result);
77	View Code Duplication	if ($numrows > 0) {
78
79		///////// Il y a [..] Annonces en attente d'être approuvées //////
80		echo "<table class='outer' border=0 cellspacing=5 cellpadding=0><tr><td width=40>";
81		echo "<img src='../assets/images/admin/error_button.png' border=0 /></td><td>";
82		echo "<span style='color:#00B4C4;'><b>" . _AM_ADSLIGHT_THEREIS . "</b></span> <b>$numrows</b> <span style='color:#00B4C4'>" . _AM_ADSLIGHT_WAIT . '</b></span>';
83		echo '</td></tr></table><br>';
84		} else {
85		echo "<table class='outer' width='50%' border='0'><tr><td width=40>";
86		echo "<img src='../assets/images/admin/search_button_green_32.png' border=0 alt=\"._AM_ADSLIGHT_RELEASEOK.\" /></td><td>";
87		echo "<span style='color: #00B4C4;'><b>" . _AM_ADSLIGHT_NOANNVAL . '</b></span>';
88		echo '</td></tr></table><br>';
89		}
90
91		// Modify Annonces
92		list($numrows) = $xoopsDB->fetchRow($xoopsDB->query('SELECT COUNT(*) FROM ' . $xoopsDB->prefix('adslight_listing') . ''));
93	View Code Duplication	if ($numrows > 0) {
94		echo "<table width='100%' border='0' class='outer'><tr class='bg4'><td valign='top'>";
95		echo "<form method=\"post\" action=\"modify_ads.php\">"
96		. '<b>'
97		. _AM_ADSLIGHT_MODANN
98		. '</b><br><br>'
99		. ''
100		. _AM_ADSLIGHT_NUMANN
101		. " <input type=\"text\" name=\"lid\" size=\"12\" maxlength=\"11\">  "
102		. "<input type=\"hidden\" name=\"op\" value=\"ModifyAds\">"
103		. "<input type=\"submit\" value=\""
104		. _AM_ADSLIGHT_MODIF
105		. "\">"
106		. '</form><br>';
107		echo '</td></tr></table><br>';
108		}
109
110		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8' style='border: 2px solid #DFE0E0;'><tr class='bg4'><td valign='top'>";
111		echo "<a href=\"map.php\">" . _AM_ADSLIGHT_GESTCAT . "</a> \| <a href=\"../index.php\">" . _AM_ADSLIGHT_ACCESMYANN . '</a>';
112		echo '</td></tr></table><br>';
113
114		xoops_cp_footer();
115		}
116
117		# function modifyAds
118		#####################################################
119		/**
120		* @param $lid
121		*/
122		function modifyAds($lid)
123		{
124		global $xoopsDB, $xoopsModule, $xoopsConfig, $myts, $desctext, $moduleDirName, $admin_lang;
125
126		$mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
127		$contactselect = '';
128		// include_once __DIR__ . '/admin_header.php';
129		xoops_cp_header();
130		// loadModuleAdminMenu(0, "");
131		$id_price = '';
132		$nom_price = '';
133		$lid = (int)$lid;
134
135		echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _AM_ADSLIGHT_MODANN . '</legend>';
136
137		$result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, town, country, contactby, premium, valid, photo FROM '
138		. $xoopsDB->prefix('adslight_listing')
139		. " WHERE lid=$lid");
140
141	View Code Duplication	while (list($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid, $photo) = $xoopsDB->fetchRow($result)) {
		1 ignored issue – show Duplication introduced 2016-10-01 12:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
142		$title = $myts->htmlSpecialChars($title);
143		$status = $myts->htmlSpecialChars($status);
144		$expire = $myts->htmlSpecialChars($expire);
145		$type = $myts->htmlSpecialChars($type);
146		$desctext = $myts->displayTarea($desctext, 1, 1, 1);
147		$tel = $myts->htmlSpecialChars($tel);
148		// $price = number_format($price, 2, ',', ' ');
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-10-01 12:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this `58%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
149
150		xoops_load('XoopsLocal');
151		$tempXoopsLocal = new XoopsLocal;
152		// For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
153		$price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
154		// For other countries uncomment the below line and comment out the above line
155		// $price = $tempXoopsLocal->number_format($price);
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-10-01 12:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this `59%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
156
157
158		$typeprice = $myts->htmlSpecialChars($typeprice);
159		$typeusure = $myts->htmlSpecialChars($typeusure);
160		$submitter = $myts->htmlSpecialChars($submitter);
161		$town = $myts->htmlSpecialChars($town);
162		$country = $myts->htmlSpecialChars($country);
163		$contactby = $myts->htmlSpecialChars($contactby);
164		$premium = $myts->htmlSpecialChars($premium);
165
166		$date2 = formatTimestamp($date, 's');
167
168		echo "<form action=\"modify_ads.php\" method=post>
169		<table border=0><tr class='head' border='1'>
170		<td>" . _AM_ADSLIGHT_NUMANN . " </td><td>$lid  " . _AM_ADSLIGHT_ADDED_ON . "  $date2</td>
171		</tr><tr class='head' border='1'>
172		<td>" . _AM_ADSLIGHT_SENDBY . " </td><td>$submitter</td>
173		</tr><tr class='head' border='1'>
174		<td>" . _AM_ADSLIGHT_EMAIL . " </td><td><input type=\"text\" name=\"email\" size=\"40\" value=\"$email\"></td>
175		</tr><tr class='head' border='1'>
176		<td>" . _AM_ADSLIGHT_TEL . " </td><td><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\"></td>
177		</tr><tr class='head' border='1'>
178		<td>" . _AM_ADSLIGHT_TOWN . " </td><td><input type=\"text\" name=\"town\" size=\"40\" value=\"$town\"></td>
179		</tr><tr class='head' border='1'>
180		<td>" . _AM_ADSLIGHT_COUNTRY . " </td><td><input type=\"text\" name=\"country\" size=\"40\" value=\"$country\"></td>
181		</tr></tr><tr class='head' border='1'>";
182
183		if ($contactby == 1) {
184		$contactselect = _AM_ADSLIGHT_CONTACT_BY_EMAIL;
185		}
186		if ($contactby == 2) {
187		$contactselect = _AM_ADSLIGHT_CONTACT_BY_PM;
188		}
189		if ($contactby == 3) {
190		$contactselect = _AM_ADSLIGHT_CONTACT_BY_BOTH;
191		}
192		if ($contactby == 4) {
193		$contactselect = _AM_ADSLIGHT_CONTACT_BY_PHONE;
194		}
195
196		echo " <td class='head'>" . _AM_ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
197		<option value=\"" . $contactby . "\">" . $contactselect . "</option>
198		<option value=\"1\">" . _AM_ADSLIGHT_CONTACT_BY_EMAIL . "</option>
199		<option value=\"2\">" . _AM_ADSLIGHT_CONTACT_BY_PM . "</option>
200		<option value=\"3\">" . _AM_ADSLIGHT_CONTACT_BY_BOTH . "</option>
201		<option value=\"4\">" . _AM_ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';
202
203		echo "<tr><td class='head'>" . _AM_ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
204		if ($status == '0') {
205		echo 'checked';
206		}
207		echo '>' . _AM_ADSLIGHT_ACTIVE . "   <input type=\"radio\" name=\"status\" value=\"1\"";
208		if ($status == '1') {
209		echo 'checked';
210		}
211		echo '>' . _AM_ADSLIGHT_INACTIVE . "   <input type=\"radio\" name=\"status\" value=\"2\"";
212		if ($status == '2') {
213		echo 'checked';
214		}
215		echo '>' . _AM_ADSLIGHT_SOLD . '</td></tr>';
216
217		echo "<tr class='head' border='1'>
218		<td>" . _AM_ADSLIGHT_TITLE2 . " </td><td><input type=\"text\" name=\"title\" size=\"40\" value=\"$title\"></td>
219		</tr><tr class='head' border='1'>
220		<td>" . _AM_ADSLIGHT_PREMIUM . " </td><td><input type=\"text\" name=\"premium\" size=\"3\" value=\"$premium\"></td>
221		</tr><tr class='head' border='1'>
222		<td>" . _AM_ADSLIGHT_EXPIRE . " </td><td><input type=\"text\" name=\"expire\" size=\"40\" value=\"$expire\"></td>
223		</tr>";
224		////// Type d'annonce
225		echo "<tr class='head' border='1'>
226		<td>" . _AM_ADSLIGHT_TYPE . " </td><td><select name=\"type\">";
227
228		$result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
229		while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
230		$sel = '';
231		if ($id_type == $type) {
232		$sel = 'selected';
233		}
234		echo "<option value=\"{$id_type}\"{$sel}>{$nom_type}</option>";
235		}
236		echo '</select></td></tr>';
237
238		////// Etat d'usure
239		echo "<tr class='head' border='1'>
240		<td>" . _AM_ADSLIGHT_TYPE_USURE . " </td><td><select name=\"typeusure\">";
241
242		$result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
243		while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
244		$sel = '';
245		if ($id_usure == $typeusure) {
246		$sel = 'selected';
247		}
248		echo "<option value=\"{$id_usure}\"{$sel}>{$nom_usure}</option>";
249		}
250		echo '</select></td></tr>';
251
252		/////// Price
253		echo "<tr class='head' border='1'><td>"
254		. _AM_ADSLIGHT_PRICE2
255		. " </td><td><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\"> "
256		. $GLOBALS['xoopsModuleConfig']['adslight_money']
257		. '';
258
259		//////// Price type
260
261		$resultx = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY nom_price');
262
263		echo " <select name=\"typeprice\"><option value=\"$id_price\">$nom_price</option>";
264		while (list($nom_price, $id_price) = $xoopsDB->fetchRow($resultx)) {
265		$sel = '';
266		if ($id_price == $typeprice) {
267		$sel = 'selected';
268		}
269		echo "<option value=\"{$id_price}\"{$sel}>{$nom_price}</option>";
270		}
271		echo '</select></td>';
272
273		/////// Category
274
275		echo "<tr class='head' border='1'>
276		<td>" . _AM_ADSLIGHT_CAT2 . ' </td><td>';
277		$mytree->makeMySelBox('title', 'title', $cid);
278		echo "</td>
279		</tr><tr class='head' border='1'>
280		<td>" . _AM_ADSLIGHT_DESC . ' </td><td>';
281
282		$wysiwyg_text_area = AdslightUtilities::getEditor('', 'desctext', $desctext, '100%', '200px', 'small');
283		echo $wysiwyg_text_area->render();
284
285		echo '</td></tr>';
286
287		echo "<tr class='head' border='1'>
288		<td>" . _AM_ADSLIGHT_PHOTO1 . " </td><td><input type=\"text\" name=\"photo\" size=\"50\" value=\"$photo\"></td>
289		</tr><tr>";
290		$time = time();
291		echo "</tr><tr class='head' border='1'>
292		<td> </td><td><select name=\"op\">
293		<option value=\"ModifyAdsS\"> " . _AM_ADSLIGHT_MODIF . "
294		<option value=\"ListingDel\"> " . _AM_ADSLIGHT_DEL . "
295		</select><input type=\"submit\" value=\"" . _AM_ADSLIGHT_GO . "\"></td>
296		</tr></table>";
297		echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\">";
298		echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\">";
299		echo "<input type=\"hidden\" name=\"date\" value=\"$time\">";
300		echo "<input type=\"hidden\" name=\"submitter\" value=\"$submitter\">
301		</form><br>";
302		echo '</fieldset><br>';
303		xoops_cp_footer();
304		}
305		}
306
307		# function modifyAdsS
308		#####################################################
309
310		/**
311		* @param $lid
312		* @param $cat
313		* @param $title
314		* @param $status
315		* @param $expire
316		* @param $type
317		* @param $desctext
318		* @param $tel
319		* @param $price
320		* @param $typeprice
321		* @param $typeusure
322		* @param $date
323		* @param $email
324		* @param $submitter
325		* @param $town
326		* @param $country
327		* @param $contactby
328		* @param $premium
329		* @param $valid
330		* @param $photo
331		*/
332		function modifyAdsS(
333		$lid,
334		$cat,
335		$title,
336		$status,
337		$expire,
338		$type,
339		$desctext,
340		$tel,
341		$price,
342		$typeprice,
343		$typeusure,
344		$date,
345		$email,
346		$submitter,
347		$town,
348		$country,
349		$contactby,
350		$premium,
351		$valid,
352		$photo
353		) {
354		global $xoopsDB, $xoopsConfig, $myts, $moduleDirName, $admin_lang;
355
356		$lid = (int)$lid;
357		$cat = (int)$cat;
358		$title = $myts->htmlSpecialChars($title);
359		// $status = $myts->htmlSpecialChars($status);
360		$status = (int)$status;
361		$expire = $myts->htmlSpecialChars($expire);
362		$type = $myts->htmlSpecialChars($type);
363		$desctext = $myts->displayTarea($desctext, 1, 1, 1);
364		$tel = $myts->htmlSpecialChars($tel);
365		$price = str_replace(array(' '), '', $price);
366		$typeprice = $myts->htmlSpecialChars($typeprice);
367		$typeusure = $myts->htmlSpecialChars($typeusure);
368		$submitter = $myts->htmlSpecialChars($submitter);
369		$town = $myts->htmlSpecialChars($town);
370		$country = $myts->htmlSpecialChars($country);
371		$contactby = $myts->htmlSpecialChars($contactby);
372		$premium = $myts->htmlSpecialChars($premium);
373
374		$xoopsDB->query('UPDATE '
375		. $xoopsDB->prefix('adslight_listing')
376		. " SET cid='$cat', title='$title', status='$status', expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', date='$date', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid', photo='$photo' WHERE lid=$lid");
377
378		redirect_header('modify_ads.php', 1, _AM_ADSLIGHT_ANNMOD);
379		}
380
381		/**
382		* Delete Listing
383		*
384		* @param int $lid
385		* @param string $photo
386		* @return void
387		*/
388	View Code Duplication	function listingDel($lid, $photo)
389		{
390		global $xoopsDB, $moduleDirName, $admin_lang;
391
392		$lid = (int)$lid;
393
394		$result2 = $xoopsDB->query('SELECT p.url FROM '
395		. $xoopsDB->prefix('adslight_listing')
396		. ' l LEFT JOIN '
397		. $xoopsDB->prefix('adslight_pictures')
398		. ' p ON l.lid=p.lid WHERE l.lid='
399		. $xoopsDB->escape($lid));
400
401		while (list($purl) = $xoopsDB->fetchRow($result2)) {
402		if ($purl) {
403		$destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
404		if (file_exists("$destination/$purl")) {
405		unlink("$destination/$purl");
406		}
407		$destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
408		if (file_exists("$destination2/thumb_$purl")) {
409		unlink("$destination2/thumb_$purl");
410		}
411		$destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
412		if (file_exists("$destination3/resized_$purl")) {
413		unlink("$destination3/resized_$purl");
414		}
415		$xoopsDB->query('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . " WHERE lid={$lid}");
416		}
417		}
418
419		$xoopsDB->query('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . " WHERE lid={$lid}");
420
421		redirect_header('modify_ads.php', 1, _AM_ADSLIGHT_ANNDEL);
422		}
423
424		#####################################################
425		#####################################################
426		//@todo REMOVE THIS ASAP. This code is extremely unsafe
427		foreach ($_POST as $k => $v) {
428		${$k} = $v;
429		}
430		$pa = XoopsRequest::getString('pa', '', 'GET');
431		$lid = XoopsRequest::getInt('lid', 0);
432		$op = XoopsRequest::getString('op', '');
433
434		switch ($op) {
435		case 'IndexView':
436		indexView($lid);
437		break;
438
439		case 'ListingDel':
440		listingDel($lid, $photo);
441		break;
442
443		case 'ModifyAds':
444		modifyAds($lid);
445		break;
446
447		case 'ModifyAdsS':
448		modifyAdsS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid, $photo);
449		break;
450
451		default:
452		index();
453		break;
454		}
455

mambax7 / adslight

Push — master ( a25b3b...67bb37 )

admin/modify_ads.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like