Issues in modify.php - Fixed Issues - Inspection of "XoopsRequest" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( a25b3b...67bb37 )

by Michael

created 2016-10-01 12:05 UTC

modify.php (1 issue)

Labels

Coding Style 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
-------------------------------------------------------------------------
                     ADSLIGHT 2 : Module for Xoops

        Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
        Started with the Classifieds module and made MANY changes
        Website : http://www.luc-bizet.fr
        Contact : [email protected]
-------------------------------------------------------------------------
             Original credits below Version History
##########################################################################
#                    Classified Module for Xoops                         #
#  By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com         #
#      Started with the MyAds module and made MANY changes               #
##########################################################################
 Original Author: Pascal Le Boustouller
 Author Website : [email protected]
 Licence Type   : GPL
-------------------------------------------------------------------------
*/

include_once __DIR__ . '/header.php';
$moduleDirName = basename(__DIR__);
$main_lang     = '_' . strtoupper($moduleDirName);
require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
$myts      = MyTextSanitizer::getInstance();
$module_id = $xoopsModule->getVar('mid');

$groups        = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
$gpermHandler = xoops_getHandler('groupperm');
$perm_itemid   = XoopsRequest::getInt('item_id', 0, 'POST');

//If no access
if (!$gpermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
    redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
}

/**
 * @param $lid
 * @param $ok
 */
function listingDel($lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid) );
    list($usid) = $xoopsDB->fetchRow($result);

    $result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid) );

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                while (list($purl) = $xoopsDB->fetchRow($result1)) {
                    if ($purl) {
                        $destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
                        if (file_exists("$destination/$purl")) {
                            unlink("$destination/$purl");
                        }
                        $destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
                        if (file_exists("$destination2/thumb_$purl")) {
                            unlink("$destination2/thumb_$purl");
                        }
                        $destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
                        if (file_exists("$destination3/resized_$purl")) {
                            unlink("$destination3/resized_$purl");
                        }

                        $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid) );
                    }
                }
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid) );
                redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo "[ <a href=\"modify.php?op=ListingDel&amp;lid=" . $lid . "&amp;ok=1\">" . _ADSLIGHT_OUI . "</a> | <a href=\"index.php\">" . _ADSLIGHT_NON . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $r_lid
 * @param $ok
 */
function delReply($r_lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . ' l LEFT JOIN '
                              . $xoopsDB->prefix('adslight_replies')
                              . ' r ON l.lid=r.lid  WHERE r.r_lid='
                              . $xoopsDB->escape($r_lid));
    list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid) );
                redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo "[ <a href=\"modify.php?op=DelReply&amp;r_lid="
                 . addslashes($r_lid)
                 . "&amp;ok=1\">"
                 . _ADSLIGHT_OUI
                 . "</a> | <a href=\"members.php?usid="
                 . addslashes($usid)
                 . "\">"
                 . _ADSLIGHT_NON
                 . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $lid
 */
function modAd($lid)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
{
    global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;

    include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
    include_once XOOPS_ROOT_PATH . '/modules/adslight/class/utilities.php';
    echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";

    include_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
    $mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');

    $result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . ' WHERE lid='
                              . $xoopsDB->escape($lid));
    list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);

    $categories = AdslightUtilities::getMyItemIds('adslight_submit');
    if (is_array($categories) && count($categories) > 0) {
        if (!in_array($cide, $categories)) {
            redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
        }
    } else {    // User can't see any category
        redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
    }

    if ($GLOBALS['xoopsUser']) {
        $calusern = $GLOBALS['xoopsUser']->uid();
        if ($usid == $calusern) {
            echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
            $title      = $myts->htmlSpecialChars($title);
            $status     = $myts->htmlSpecialChars($status);
            $expire     = $myts->htmlSpecialChars($expire);
            $type       = $myts->htmlSpecialChars($type);
            $desctext   = $myts->displayTarea($desctext, 1);
            $tel        = $myts->htmlSpecialChars($tel);
            $price      = number_format($price, 2, ',', ' ');
            $typeprice  = $myts->htmlSpecialChars($typeprice);
            $typeusure  = $myts->htmlSpecialChars($typeusure);
            $submitter  = $myts->htmlSpecialChars($submitter);
            $town       = $myts->htmlSpecialChars($town);
            $country    = $myts->htmlSpecialChars($country);
            $contactby  = $myts->htmlSpecialChars($contactby);
            $premium    = $myts->htmlSpecialChars($premium);
            $useroffset = '';
            if ($GLOBALS['xoopsUser']) {
                $timezone   = $GLOBALS['xoopsUser']->timezone();
                $useroffset = (!empty($timezone)) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
            }
            $dates = ($useroffset * 3600) + $date;
            $dates = formatTimestamp($date, 's');

            echo "<form action=\"modify.php\" method=post enctype=\"multipart/form-data\">
    <table><tr class=\"head\" border=\"2\">
    <td class=\"head\">" . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
    </tr><tr>";

            if ($GLOBALS['xoopsModuleConfig']['adslight_diff_name'] == '1') {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" /></td>";
            } else {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
            }
            echo '</tr><tr>';

            if (1 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
            }
            if (2 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PM;
            }
            if (3 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
            }
            if (4 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
            }

            echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
    <option value=\"" . $contactby . "\">" . $contactselect . "</option>
    <option value=\"1\">" . _ADSLIGHT_CONTACT_BY_EMAIL . "</option>
    <option value=\"2\">" . _ADSLIGHT_CONTACT_BY_PM . "</option>
    <option value=\"3\">" . _ADSLIGHT_CONTACT_BY_BOTH . "</option>
    <option value=\"4\">" . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';

            if ($GLOBALS['xoopsModuleConfig']['adslight_diff_email'] == '1') {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" /></td>";
            } else {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" /></td>";
            }
            echo "</tr><tr>
    <td class=\"head\">" . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" /></td>
    </tr>";
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" /></td>
    </tr>";
            if ($GLOBALS['xoopsModuleConfig']['adslight_use_country'] == '1') {
                echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" /></td>
    </tr>";
            } else {
                echo "<input type=\"hidden\" name=\"country\" value=\"\">";
            }

            echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
            if ('0' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_ACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"1\"";
            if ('1' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_INACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"2\"";
            if ('2' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" /></td>
    </tr>";
            echo "<tr><td class=\"head\">" . _ADSLIGHT_PRICE2 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" /> " . $GLOBALS['xoopsModuleConfig']['adslight_money'];

            $result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
            echo " <select name=\"typeprice\">";
            while (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3)) {
                $sel = '';
                if ($id_price == $typeprice) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_price\" $sel>$nom_price</option>";
            }
            echo '</select></td></tr>';
            $module_id = $xoopsModule->getVar('mid');
            $groups    = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;

            $gpermHandler = xoops_getHandler('groupperm');
            $perm_itemid   = XoopsRequest::getInt('item_id', 0, 'GET');

            //If no access
            if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire  " . _ADSLIGHT_DAY . '</td>
    </tr>';
                echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" />";
            } else {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" />  " . _ADSLIGHT_DAY . '</td>
    </tr>';
            }

            /// Type d'annonce
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE . " </td><td class=\"head\"><select name=\"type\">";

            $result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
            while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
                $sel = '';
                if ($id_type == $type) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_type\" $sel>$nom_type</option>";
            }
            echo '</select></td></tr>';

            /// Etat de l'objet
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE_USURE . " </td><td class=\"head\"><select name=\"typeusure\">";

            $result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
            while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
                $sel = '';
                if ($id_usure == $typeusure) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
            }
            echo '</select></td></tr>';

            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_CAT . " </td><td class=\"head\">";
            $mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
            echo "</td>
    </tr><tr>
    <td class=\"head\">" . _ADSLIGHT_DESC . " </td><td class=\"head\">";
            $wysiwyg_text_area = AdslightUtilities::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
            echo $wysiwyg_text_area->render();
            echo "</td></tr>
    <td colspan=2><br><input type=\"submit\" value=\"" . _ADSLIGHT_MODIFANN . "\" /></td>
    </tr></table>";
            echo "<input type=\"hidden\" name=\"op\" value=\"ModAdS\" />";

            $module_id = $xoopsModule->getVar('mid');
            if (is_object($GLOBALS['xoopsUser'])) {
                $groups =& $GLOBALS['xoopsUser']->getGroups();
            } else {
                $groups = XOOPS_GROUP_ANONYMOUS;
            }
            $gpermHandler = xoops_getHandler('groupperm');
            if (isset($_POST['item_id'])) {
                $perm_itemid = (int)$_POST['item_id'];
            } else {
                $perm_itemid = 0;
            }
            //If no access
            if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                if ($GLOBALS['xoopsModuleConfig']['adslight_moderated'] == '1') {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"No\" />";
                    echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
                } else {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
                }
            } else {
                echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
            }
            echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" />";
            echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" />";
            echo "<input type=\"hidden\" name=\"date\" value=\"$date\" />
    " . $GLOBALS['xoopsGTicket']->getTicketHtml(__LINE__, 1800, 'token') . '';
            echo '</form><br></fieldset><br>';
        }
    }
}

/**
 * @param $lid
 * @param $cat
 * @param $title
 * @param $status
 * @param $expire
 * @param $type
 * @param $desctext
 * @param $tel
 * @param $price
 * @param $typeprice
 * @param $typeusure
 * @param $date
 * @param $email
 * @param $submitter
 * @param $town
 * @param $country
 * @param $contactby
 * @param $premium
 * @param $valid
 */
function modAdS(
    $lid,
    $cat,
    $title,
    $status,
    $expire,
    $type,
    $desctext,
    $tel,
    $price,
    $typeprice,
    $typeusure,
    $date,
    $email,
    $submitter,
    $town,
    $country,
    $contactby,
    $premium,
    $valid
) {
    global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang, $xoopsGTicket;

    if (!$xoopsGTicket->check(true, 'token')) {
        redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $xoopsGTicket->getErrors());
    }
    $title     = $myts->addSlashes($title);
    $status    = $myts->addSlashes($status);
    $expire    = $myts->addSlashes($expire);
    $type      = $myts->addSlashes($type);
    $desctext  = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
    $tel       = $myts->addSlashes($tel);
    $price     = str_replace(array(' '), '', $price);
    $typeprice = $myts->addSlashes($typeprice);
    $typeusure = $myts->addSlashes($typeusure);
    $submitter = $myts->addSlashes($submitter);
    $town      = $myts->addSlashes($town);
    $country   = $myts->addSlashes($country);
    $contactby = $myts->addSlashes($contactby);
    $premium   = $myts->addSlashes($premium);

    $xoopsDB->query('UPDATE '
                    . $xoopsDB->prefix('adslight_listing')
                    . " SET cid='$cat', title='$title', status='$status',  expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");

    redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
}

####################################################
foreach ($_POST as $k => $v) {
    ${$k} = $v;
}
$ok = isset($_GET['ok']) ? $_GET['ok'] : '';

if (!isset($_POST['lid']) && isset($_GET['lid'])) {
    $lid = $_GET['lid'];
}
if (!isset($_POST['r_lid']) && isset($_GET['r_lid'])) {
    $r_lid = $_GET['r_lid'];
}
if (!isset($_POST['op']) && isset($_GET['op'])) {
    $op = $_GET['op'];
}
switch ($op) {

    case 'ModAd':
        include XOOPS_ROOT_PATH . '/header.php';
        modAd($lid);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'ModAdS':
        modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
        break;

    case 'ListingDel':
        include XOOPS_ROOT_PATH . '/header.php';
        listingDel($lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'DelReply':
        include XOOPS_ROOT_PATH . '/header.php';
        delReply($r_lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    default:
        redirect_header('index.php', 1, '' . _RETURNANN);
        break;
}


1		<?php
2		/*
3		-------------------------------------------------------------------------
4		ADSLIGHT 2 : Module for Xoops
5
6		Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
7		Started with the Classifieds module and made MANY changes
8		Website : http://www.luc-bizet.fr
9		Contact : [email protected]
10		-------------------------------------------------------------------------
11		Original credits below Version History
12		##########################################################################
13		# Classified Module for Xoops #
14		# By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com #
15		# Started with the MyAds module and made MANY changes #
16		##########################################################################
17		Original Author: Pascal Le Boustouller
18		Author Website : [email protected]
19		Licence Type : GPL
20		-------------------------------------------------------------------------
21		*/
22
23		include_once __DIR__ . '/header.php';
24		$moduleDirName = basename(__DIR__);
25		$main_lang = '_' . strtoupper($moduleDirName);
26		require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
27		$myts = MyTextSanitizer::getInstance();
28		$module_id = $xoopsModule->getVar('mid');
29
30		$groups = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
31		$gpermHandler = xoops_getHandler('groupperm');
32		$perm_itemid = XoopsRequest::getInt('item_id', 0, 'POST');
33
34		//If no access
35	View Code Duplication	if (!$gpermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
36		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
37		}
38
39		/**
40		* @param $lid
41		* @param $ok
42		*/
43		function listingDel($lid, $ok)
44		{
45		global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
46
47		$result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid) );
48		list($usid) = $xoopsDB->fetchRow($result);
49
50		$result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid) );
51
52		if ($GLOBALS['xoopsUser']) {
53		$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
54		if ($usid == $currentid) {
55		if ($ok == 1) {
56		while (list($purl) = $xoopsDB->fetchRow($result1)) {
57		if ($purl) {
58		$destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
59		if (file_exists("$destination/$purl")) {
60		unlink("$destination/$purl");
61		}
62		$destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
63		if (file_exists("$destination2/thumb_$purl")) {
64		unlink("$destination2/thumb_$purl");
65		}
66		$destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
67		if (file_exists("$destination3/resized_$purl")) {
68		unlink("$destination3/resized_$purl");
69		}
70
71		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid) );
72		}
73		}
74		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid) );
75		redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
76		} else {
77		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
78		echo '<br><div style="text-align:center">';
79		echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
80		}
81		echo "[ <a href=\"modify.php?op=ListingDel&lid=" . $lid . "&ok=1\">" . _ADSLIGHT_OUI . "</a> \| <a href=\"index.php\">" . _ADSLIGHT_NON . '</a> ]<br><br>';
82		echo '</td></tr></table>';
83		}
84		}
85		}
86
87		/**
88		* @param $r_lid
89		* @param $ok
90		*/
91		function delReply($r_lid, $ok)
92		{
93		global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
94
95		$result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM '
96		. $xoopsDB->prefix('adslight_listing')
97		. ' l LEFT JOIN '
98		. $xoopsDB->prefix('adslight_replies')
99		. ' r ON l.lid=r.lid WHERE r.r_lid='
100		. $xoopsDB->escape($r_lid));
101		list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);
102
103		if ($GLOBALS['xoopsUser']) {
104		$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
105		if ($usid == $currentid) {
106		if ($ok == 1) {
107		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid) );
108		redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
109		} else {
110		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
111		echo '<br><div style="text-align:center">';
112		echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
113		}
114		echo "[ <a href=\"modify.php?op=DelReply&r_lid="
115		. addslashes($r_lid)
116		. "&ok=1\">"
117		. _ADSLIGHT_OUI
118		. "</a> \| <a href=\"members.php?usid="
119		. addslashes($usid)
120		. "\">"
121		. _ADSLIGHT_NON
122		. '</a> ]<br><br>';
123		echo '</td></tr></table>';
124		}
125		}
126		}
127
128		/**
129		* @param $lid
130		*/
131		function modAd($lid)
		0 ignored issues – show Coding Style introduced 2016-09-29 09:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this `modAd` uses the super-global variable `$_POST` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
132		{
133		global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;
134
135		include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
136		include_once XOOPS_ROOT_PATH . '/modules/adslight/class/utilities.php';
137		echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";
138
139		include_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
140		$mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
141
142		$result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM '
143		. $xoopsDB->prefix('adslight_listing')
144		. ' WHERE lid='
145		. $xoopsDB->escape($lid));
146		list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);
147
148		$categories = AdslightUtilities::getMyItemIds('adslight_submit');
149	View Code Duplication	if (is_array($categories) && count($categories) > 0) {
150		if (!in_array($cide, $categories)) {
151		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
152		}
153		} else { // User can't see any category
154		redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
155		}
156
157		if ($GLOBALS['xoopsUser']) {
158		$calusern = $GLOBALS['xoopsUser']->uid();
159		if ($usid == $calusern) {
160		echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
161		$title = $myts->htmlSpecialChars($title);
162		$status = $myts->htmlSpecialChars($status);
163		$expire = $myts->htmlSpecialChars($expire);
164		$type = $myts->htmlSpecialChars($type);
165		$desctext = $myts->displayTarea($desctext, 1);
166		$tel = $myts->htmlSpecialChars($tel);
167		$price = number_format($price, 2, ',', ' ');
168		$typeprice = $myts->htmlSpecialChars($typeprice);
169		$typeusure = $myts->htmlSpecialChars($typeusure);
170		$submitter = $myts->htmlSpecialChars($submitter);
171		$town = $myts->htmlSpecialChars($town);
172		$country = $myts->htmlSpecialChars($country);
173		$contactby = $myts->htmlSpecialChars($contactby);
174		$premium = $myts->htmlSpecialChars($premium);
175		$useroffset = '';
176	View Code Duplication	if ($GLOBALS['xoopsUser']) {
177		$timezone = $GLOBALS['xoopsUser']->timezone();
178		$useroffset = (!empty($timezone)) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
179		}
180		$dates = ($useroffset * 3600) + $date;
181		$dates = formatTimestamp($date, 's');
182
183		echo "<form action=\"modify.php\" method=post enctype=\"multipart/form-data\">
184		<table><tr class=\"head\" border=\"2\">
185		<td class=\"head\">" . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
186		</tr><tr>";
187
188		if ($GLOBALS['xoopsModuleConfig']['adslight_diff_name'] == '1') {
189		echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" /></td>";
190		} else {
191		echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
192		}
193		echo '</tr><tr>';
194
195		if (1 == $contactby) {
196		$contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
197		}
198		if (2 == $contactby) {
199		$contactselect = _ADSLIGHT_CONTACT_BY_PM;
200		}
201		if (3 == $contactby) {
202		$contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
203		}
204		if (4 == $contactby) {
205		$contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
206		}
207
208		echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
209		<option value=\"" . $contactby . "\">" . $contactselect . "</option>
210		<option value=\"1\">" . _ADSLIGHT_CONTACT_BY_EMAIL . "</option>
211		<option value=\"2\">" . _ADSLIGHT_CONTACT_BY_PM . "</option>
212		<option value=\"3\">" . _ADSLIGHT_CONTACT_BY_BOTH . "</option>
213		<option value=\"4\">" . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';
214
215		if ($GLOBALS['xoopsModuleConfig']['adslight_diff_email'] == '1') {
216		echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" /></td>";
217		} else {
218		echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" /></td>";
219		}
220		echo "</tr><tr>
221		<td class=\"head\">" . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" /></td>
222		</tr>";
223		echo "<tr>
224		<td class=\"head\">" . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" /></td>
225		</tr>";
226		if ($GLOBALS['xoopsModuleConfig']['adslight_use_country'] == '1') {
227		echo "<tr>
228		<td class=\"head\">" . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" /></td>
229		</tr>";
230		} else {
231		echo "<input type=\"hidden\" name=\"country\" value=\"\">";
232		}
233
234		echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
235		if ('0' == $status) {
236		echo 'checked';
237		}
238		echo '>' . _ADSLIGHT_ACTIVE . "   <input type=\"radio\" name=\"status\" value=\"1\"";
239		if ('1' == $status) {
240		echo 'checked';
241		}
242		echo '>' . _ADSLIGHT_INACTIVE . "   <input type=\"radio\" name=\"status\" value=\"2\"";
243		if ('2' == $status) {
244		echo 'checked';
245		}
246		echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
247		echo "<tr>
248		<td class=\"head\">" . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" /></td>
249		</tr>";
250		echo "<tr><td class=\"head\">" . _ADSLIGHT_PRICE2 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" /> " . $GLOBALS['xoopsModuleConfig']['adslight_money'];
251
252		$result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
253		echo " <select name=\"typeprice\">";
254		while (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3)) {
255		$sel = '';
256		if ($id_price == $typeprice) {
257		$sel = 'selected';
258		}
259		echo "<option value=\"$id_price\" $sel>$nom_price</option>";
260		}
261		echo '</select></td></tr>';
262		$module_id = $xoopsModule->getVar('mid');
263		$groups = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
264
265		$gpermHandler = xoops_getHandler('groupperm');
266		$perm_itemid = XoopsRequest::getInt('item_id', 0, 'GET');
267
268		//If no access
269		if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
270		echo "<tr>
271		<td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire " . _ADSLIGHT_DAY . '</td>
272		</tr>';
273		echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" />";
274		} else {
275		echo "<tr>
276		<td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" /> " . _ADSLIGHT_DAY . '</td>
277		</tr>';
278		}
279
280		/// Type d'annonce
281		echo "<tr>
282		<td class=\"head\">" . _ADSLIGHT_TYPE . " </td><td class=\"head\"><select name=\"type\">";
283
284		$result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
285		while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
286		$sel = '';
287		if ($id_type == $type) {
288		$sel = 'selected';
289		}
290		echo "<option value=\"$id_type\" $sel>$nom_type</option>";
291		}
292		echo '</select></td></tr>';
293
294		/// Etat de l'objet
295		echo "<tr>
296		<td class=\"head\">" . _ADSLIGHT_TYPE_USURE . " </td><td class=\"head\"><select name=\"typeusure\">";
297
298		$result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
299		while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
300		$sel = '';
301		if ($id_usure == $typeusure) {
302		$sel = 'selected';
303		}
304		echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
305		}
306		echo '</select></td></tr>';
307
308		echo "<tr>
309		<td class=\"head\">" . _ADSLIGHT_CAT . " </td><td class=\"head\">";
310		$mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
311		echo "</td>
312		</tr><tr>
313		<td class=\"head\">" . _ADSLIGHT_DESC . " </td><td class=\"head\">";
314		$wysiwyg_text_area = AdslightUtilities::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
315		echo $wysiwyg_text_area->render();
316		echo "</td></tr>
317		<td colspan=2><br><input type=\"submit\" value=\"" . _ADSLIGHT_MODIFANN . "\" /></td>
318		</tr></table>";
319		echo "<input type=\"hidden\" name=\"op\" value=\"ModAdS\" />";
320
321		$module_id = $xoopsModule->getVar('mid');
322	View Code Duplication	if (is_object($GLOBALS['xoopsUser'])) {
323		$groups =& $GLOBALS['xoopsUser']->getGroups();
324		} else {
325		$groups = XOOPS_GROUP_ANONYMOUS;
326		}
327		$gpermHandler = xoops_getHandler('groupperm');
328		if (isset($_POST['item_id'])) {
329		$perm_itemid = (int)$_POST['item_id'];
330		} else {
331		$perm_itemid = 0;
332		}
333		//If no access
334		if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
335		if ($GLOBALS['xoopsModuleConfig']['adslight_moderated'] == '1') {
336		echo "<input type=\"hidden\" name=\"valid\" value=\"No\" />";
337		echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
338		} else {
339		echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
340		}
341		} else {
342		echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
343		}
344		echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" />";
345		echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" />";
346		echo "<input type=\"hidden\" name=\"date\" value=\"$date\" />
347		" . $GLOBALS['xoopsGTicket']->getTicketHtml(__LINE__, 1800, 'token') . '';
348		echo '</form><br></fieldset><br>';
349		}
350		}
351		}
352
353		/**
354		* @param $lid
355		* @param $cat
356		* @param $title
357		* @param $status
358		* @param $expire
359		* @param $type
360		* @param $desctext
361		* @param $tel
362		* @param $price
363		* @param $typeprice
364		* @param $typeusure
365		* @param $date
366		* @param $email
367		* @param $submitter
368		* @param $town
369		* @param $country
370		* @param $contactby
371		* @param $premium
372		* @param $valid
373		*/
374		function modAdS(
375		$lid,
376		$cat,
377		$title,
378		$status,
379		$expire,
380		$type,
381		$desctext,
382		$tel,
383		$price,
384		$typeprice,
385		$typeusure,
386		$date,
387		$email,
388		$submitter,
389		$town,
390		$country,
391		$contactby,
392		$premium,
393		$valid
394		) {
395		global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang, $xoopsGTicket;
396
397		if (!$xoopsGTicket->check(true, 'token')) {
398		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $xoopsGTicket->getErrors());
399		}
400		$title = $myts->addSlashes($title);
401		$status = $myts->addSlashes($status);
402		$expire = $myts->addSlashes($expire);
403		$type = $myts->addSlashes($type);
404		$desctext = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
405		$tel = $myts->addSlashes($tel);
406		$price = str_replace(array(' '), '', $price);
407		$typeprice = $myts->addSlashes($typeprice);
408		$typeusure = $myts->addSlashes($typeusure);
409		$submitter = $myts->addSlashes($submitter);
410		$town = $myts->addSlashes($town);
411		$country = $myts->addSlashes($country);
412		$contactby = $myts->addSlashes($contactby);
413		$premium = $myts->addSlashes($premium);
414
415		$xoopsDB->query('UPDATE '
416		. $xoopsDB->prefix('adslight_listing')
417		. " SET cid='$cat', title='$title', status='$status', expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");
418
419		redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
420		}
421
422		####################################################
423		foreach ($_POST as $k => $v) {
424		${$k} = $v;
425		}
426		$ok = isset($_GET['ok']) ? $_GET['ok'] : '';
427
428		if (!isset($_POST['lid']) && isset($_GET['lid'])) {
429		$lid = $_GET['lid'];
430		}
431		if (!isset($_POST['r_lid']) && isset($_GET['r_lid'])) {
432		$r_lid = $_GET['r_lid'];
433		}
434		if (!isset($_POST['op']) && isset($_GET['op'])) {
435		$op = $_GET['op'];
436		}
437		switch ($op) {
438
439		case 'ModAd':
440		include XOOPS_ROOT_PATH . '/header.php';
441		modAd($lid);
442		include XOOPS_ROOT_PATH . '/footer.php';
443		break;
444
445		case 'ModAdS':
446		modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
447		break;
448
449		case 'ListingDel':
450		include XOOPS_ROOT_PATH . '/header.php';
451		listingDel($lid, $ok);
452		include XOOPS_ROOT_PATH . '/footer.php';
453		break;
454
455		case 'DelReply':
456		include XOOPS_ROOT_PATH . '/header.php';
457		delReply($r_lid, $ok);
458		include XOOPS_ROOT_PATH . '/footer.php';
459		break;
460
461		default:
462		redirect_header('index.php', 1, '' . _RETURNANN);
463		break;
464		}
465

mambax7 / adslight

Push — master ( a25b3b...67bb37 )

modify.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like