Issues in modify.php - New Issues - Inspection of "XoopsRequest" - mambax7/adslight - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( a25b3b...67bb37 )

by Michael

created 2016-10-01 12:05 UTC

modify.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
-------------------------------------------------------------------------
                     ADSLIGHT 2 : Module for Xoops

        Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
        Started with the Classifieds module and made MANY changes
        Website : http://www.luc-bizet.fr
        Contact : [email protected]
-------------------------------------------------------------------------
             Original credits below Version History
##########################################################################
#                    Classified Module for Xoops                         #
#  By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com         #
#      Started with the MyAds module and made MANY changes               #
##########################################################################
 Original Author: Pascal Le Boustouller
 Author Website : [email protected]
 Licence Type   : GPL
-------------------------------------------------------------------------
*/

include_once __DIR__ . '/header.php';
$moduleDirName = basename(__DIR__);
$main_lang     = '_' . strtoupper($moduleDirName);
require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
$myts      = MyTextSanitizer::getInstance();
$module_id = $xoopsModule->getVar('mid');

$groups       = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
$gpermHandler = xoops_getHandler('groupperm');
$perm_itemid  = XoopsRequest::getInt('item_id', 0, 'POST');

//If no access
if (!$gpermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
    redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
}

/**
 * @param $lid
 * @param $ok
 */
function listingDel($lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
    list($usid) = $xoopsDB->fetchRow($result);

    $result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                while (list($purl) = $xoopsDB->fetchRow($result1)) {
                    if ($purl) {
                        $destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
                        if (file_exists("$destination/$purl")) {
                            unlink("$destination/$purl");
                        }
                        $destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
                        if (file_exists("$destination2/thumb_$purl")) {
                            unlink("$destination2/thumb_$purl");
                        }
                        $destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
                        if (file_exists("$destination3/resized_$purl")) {
                            unlink("$destination3/resized_$purl");
                        }

                        $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
                    }
                }
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
                redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo "[ <a href=\"modify.php?op=ListingDel&amp;lid=" . $lid . "&amp;ok=1\">" . _ADSLIGHT_OUI . "</a> | <a href=\"index.php\">" . _ADSLIGHT_NON . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $r_lid
 * @param $ok
 */
function delReply($r_lid, $ok)
{
    global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;

    $result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . ' l LEFT JOIN '
                              . $xoopsDB->prefix('adslight_replies')
                              . ' r ON l.lid=r.lid  WHERE r.r_lid='
                              . $xoopsDB->escape($r_lid));
    list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);

    if ($GLOBALS['xoopsUser']) {
        $currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
        if ($usid == $currentid) {
            if ($ok == 1) {
                $xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid));
                redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
            } else {
                echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
                echo '<br><div style="text-align:center">';
                echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
            }
            echo "[ <a href=\"modify.php?op=DelReply&amp;r_lid="
                 . addslashes($r_lid)
                 . "&amp;ok=1\">"
                 . _ADSLIGHT_OUI
                 . "</a> | <a href=\"members.php?usid="
                 . addslashes($usid)
                 . "\">"
                 . _ADSLIGHT_NON
                 . '</a> ]<br><br>';
            echo '</td></tr></table>';
        }
    }
}

/**
 * @param $lid
 */
function modAd($lid)
{
    global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;

    include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
    include_once XOOPS_ROOT_PATH . '/modules/adslight/class/utilities.php';
    echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";

    include_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
    $mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');

    $result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM '
                              . $xoopsDB->prefix('adslight_listing')
                              . ' WHERE lid='
                              . $xoopsDB->escape($lid));
    list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);

    $categories = AdslightUtilities::getMyItemIds('adslight_submit');
    if (is_array($categories) && count($categories) > 0) {
        if (!in_array($cide, $categories)) {
            redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
        }
    } else {    // User can't see any category
        redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
    }


    if ($GLOBALS['xoopsUser']) {
        $calusern = $GLOBALS['xoopsUser']->uid();
        if ($usid == $calusern) {
            echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
            $title      = $myts->htmlSpecialChars($title);
            $status     = $myts->htmlSpecialChars($status);
            $expire     = $myts->htmlSpecialChars($expire);
            $type       = $myts->htmlSpecialChars($type);
            $desctext   = $myts->displayTarea($desctext, 1);
            $tel        = $myts->htmlSpecialChars($tel);

//            $price      = number_format($price, 2, ',', ' ');


            xoops_load('XoopsLocal');
            $tempXoopsLocal = new XoopsLocal;
            //  For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
            $price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
            //  For other countries uncomment the below line and comment out the above line
            //      $price = $tempXoopsLocal->number_format($price);



            $typeprice  = $myts->htmlSpecialChars($typeprice);
            $typeusure  = $myts->htmlSpecialChars($typeusure);
            $submitter  = $myts->htmlSpecialChars($submitter);
            $town       = $myts->htmlSpecialChars($town);
            $country    = $myts->htmlSpecialChars($country);
            $contactby  = $myts->htmlSpecialChars($contactby);
            $premium    = $myts->htmlSpecialChars($premium);
            $useroffset = '';
            if ($GLOBALS['xoopsUser']) {
                $timezone   = $GLOBALS['xoopsUser']->timezone();
                $useroffset = (!empty($timezone)) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
            }
            $dates = ($useroffset * 3600) + $date;
            $dates = formatTimestamp($date, 's');

            echo "<form action=\"modify.php\" method=post enctype=\"multipart/form-data\">
    <table><tr class=\"head\" border=\"2\">
    <td class=\"head\">" . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
    </tr><tr>";

            if ($GLOBALS['xoopsModuleConfig']['adslight_diff_name'] == '1') {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" /></td>";
            } else {
                echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
            }
            echo '</tr><tr>';

            if (1 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
            }
            if (2 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PM;
            }
            if (3 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
            }
            if (4 == $contactby) {
                $contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
            }

            echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
    <option value=\"" . $contactby . "\">" . $contactselect . "</option>
    <option value=\"1\">" . _ADSLIGHT_CONTACT_BY_EMAIL . "</option>
    <option value=\"2\">" . _ADSLIGHT_CONTACT_BY_PM . "</option>
    <option value=\"3\">" . _ADSLIGHT_CONTACT_BY_BOTH . "</option>
    <option value=\"4\">" . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';

            if ($GLOBALS['xoopsModuleConfig']['adslight_diff_email'] == '1') {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" /></td>";
            } else {
                echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" /></td>";
            }
            echo "</tr><tr>
    <td class=\"head\">" . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" /></td>
    </tr>";
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" /></td>
    </tr>";
            if ($GLOBALS['xoopsModuleConfig']['adslight_use_country'] == '1') {
                echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" /></td>
    </tr>";
            } else {
                echo "<input type=\"hidden\" name=\"country\" value=\"\">";
            }

            echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
            if ('0' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_ACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"1\"";
            if ('1' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_INACTIVE . "&nbsp;&nbsp; <input type=\"radio\" name=\"status\" value=\"2\"";
            if ('2' == $status) {
                echo 'checked';
            }
            echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" /></td>
    </tr>";
            echo "<tr><td class=\"head\">"
                 . _ADSLIGHT_PRICE2
                 . " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" /> "
                 . $GLOBALS['xoopsModuleConfig']['adslight_money'];

            $result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
            echo " <select name=\"typeprice\">";
            while (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3)) {
                $sel = '';
                if ($id_price == $typeprice) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_price\" $sel>$nom_price</option>";
            }
            echo '</select></td></tr>';
            $module_id = $xoopsModule->getVar('mid');
            $groups    = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;

            $gpermHandler = xoops_getHandler('groupperm');
            $perm_itemid  = XoopsRequest::getInt('item_id', 0, 'GET');

            //If no access
            if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire  " . _ADSLIGHT_DAY . '</td>
    </tr>';
                echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" />";
            } else {
                echo "<tr>
    <td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" />  " . _ADSLIGHT_DAY . '</td>
    </tr>';
            }

            /// Type d'annonce
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE . " </td><td class=\"head\"><select name=\"type\">";

            $result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
            while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
                $sel = '';
                if ($id_type == $type) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_type\" $sel>$nom_type</option>";
            }
            echo '</select></td></tr>';

            /// Etat de l'objet
            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_TYPE_USURE . " </td><td class=\"head\"><select name=\"typeusure\">";

            $result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
            while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
                $sel = '';
                if ($id_usure == $typeusure) {
                    $sel = 'selected';
                }
                echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
            }
            echo '</select></td></tr>';

            echo "<tr>
    <td class=\"head\">" . _ADSLIGHT_CAT . " </td><td class=\"head\">";
            $mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
            echo "</td>
    </tr><tr>
    <td class=\"head\">" . _ADSLIGHT_DESC . " </td><td class=\"head\">";
            $wysiwyg_text_area = AdslightUtilities::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
            echo $wysiwyg_text_area->render();
            echo "</td></tr>
    <td colspan=2><br><input type=\"submit\" value=\"" . _ADSLIGHT_MODIFANN . "\" /></td>
    </tr></table>";
            echo "<input type=\"hidden\" name=\"op\" value=\"ModAdS\" />";

            $module_id = $xoopsModule->getVar('mid');
            if (is_object($GLOBALS['xoopsUser'])) {
                $groups =& $GLOBALS['xoopsUser']->getGroups();
            } else {
                $groups = XOOPS_GROUP_ANONYMOUS;
            }
            $gpermHandler = xoops_getHandler('groupperm');
            $perm_itemid = XoopsRequest::getInt('item_id', 0, 'POST');
            //If no access
            if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
                if ($GLOBALS['xoopsModuleConfig']['adslight_moderated'] == '1') {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"No\" />";
                    echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
                } else {
                    echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
                }
            } else {
                echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
            }
            echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" />";
            echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" />";
            echo "<input type=\"hidden\" name=\"date\" value=\"$date\" />
    " . $GLOBALS['xoopsGTicket']->getTicketHtml(__LINE__, 1800, 'token') . '';
            echo '</form><br></fieldset><br>';
        }
    }
}

/**
 * @param $lid
 * @param $cat
 * @param $title
 * @param $status
 * @param $expire
 * @param $type
 * @param $desctext
 * @param $tel
 * @param $price
 * @param $typeprice
 * @param $typeusure
 * @param $date
 * @param $email
 * @param $submitter
 * @param $town
 * @param $country
 * @param $contactby
 * @param $premium
 * @param $valid
 */
function modAdS(
    $lid,
    $cat,
    $title,
    $status,
    $expire,
    $type,
    $desctext,
    $tel,
    $price,
    $typeprice,
    $typeusure,
    $date,
    $email,
    $submitter,
    $town,
    $country,
    $contactby,
    $premium,
    $valid
) {
    global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang, $xoopsGTicket;

    if (!$xoopsGTicket->check(true, 'token')) {
        redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $xoopsGTicket->getErrors());
    }
    $title     = $myts->addSlashes($title);
    $status    = $myts->addSlashes($status);
    $expire    = $myts->addSlashes($expire);
    $type      = $myts->addSlashes($type);
    $desctext  = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
    $tel       = $myts->addSlashes($tel);
    $price     = str_replace(array(' '), '', $price);
    $typeprice = $myts->addSlashes($typeprice);
    $typeusure = $myts->addSlashes($typeusure);
    $submitter = $myts->addSlashes($submitter);
    $town      = $myts->addSlashes($town);
    $country   = $myts->addSlashes($country);
    $contactby = $myts->addSlashes($contactby);
    $premium   = $myts->addSlashes($premium);

    $xoopsDB->query('UPDATE '
                    . $xoopsDB->prefix('adslight_listing')
                    . " SET cid='$cat', title='$title', status='$status',  expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");

    redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
}

####################################################
foreach ($_POST as $k => $v) {
    ${$k} = $v;
}
$ok = XoopsRequest::getString('ok', '', 'GET');

if (!isset($_POST['lid']) && isset($_GET['lid'])) {
    $lid = $_GET['lid'];
}
if (!isset($_POST['r_lid']) && isset($_GET['r_lid'])) {
    $r_lid = $_GET['r_lid'];
}
if (!isset($_POST['op']) && isset($_GET['op'])) {
    $op = $_GET['op'];
}
switch ($op) {

    case 'ModAd':
        include XOOPS_ROOT_PATH . '/header.php';
        modAd($lid);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'ModAdS':
        modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
        break;

    case 'ListingDel':
        include XOOPS_ROOT_PATH . '/header.php';
        listingDel($lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    case 'DelReply':
        include XOOPS_ROOT_PATH . '/header.php';
        delReply($r_lid, $ok);
        include XOOPS_ROOT_PATH . '/footer.php';
        break;

    default:
        redirect_header('index.php', 1, '' . _RETURNANN);
        break;
}


1		<?php
2		/*
3		-------------------------------------------------------------------------
4		ADSLIGHT 2 : Module for Xoops
5
6		Redesigned and ameliorate By Luc Bizet user at www.frxoops.org
7		Started with the Classifieds module and made MANY changes
8		Website : http://www.luc-bizet.fr
9		Contact : [email protected]
10		-------------------------------------------------------------------------
11		Original credits below Version History
12		##########################################################################
13		# Classified Module for Xoops #
14		# By John Mordo user jlm69 at www.xoops.org and www.jlmzone.com #
15		# Started with the MyAds module and made MANY changes #
16		##########################################################################
17		Original Author: Pascal Le Boustouller
18		Author Website : [email protected]
19		Licence Type : GPL
20		-------------------------------------------------------------------------
21		*/
22
23		include_once __DIR__ . '/header.php';
24		$moduleDirName = basename(__DIR__);
25		$main_lang = '_' . strtoupper($moduleDirName);
26		require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
27		$myts = MyTextSanitizer::getInstance();
28		$module_id = $xoopsModule->getVar('mid');
29
30		$groups = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
31		$gpermHandler = xoops_getHandler('groupperm');
32		$perm_itemid = XoopsRequest::getInt('item_id', 0, 'POST');
33
34		//If no access
35	View Code Duplication	if (!$gpermHandler->checkRight('adslight_submit', $perm_itemid, $groups, $module_id)) {
36		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
37		}
38
39		/**
40		* @param $lid
41		* @param $ok
42		*/
43		function listingDel($lid, $ok)
44		{
45		global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
46
47		$result = $xoopsDB->query('SELECT usid FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
48		list($usid) = $xoopsDB->fetchRow($result);
49
50		$result1 = $xoopsDB->query('SELECT url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
51
52		if ($GLOBALS['xoopsUser']) {
53		$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
54		if ($usid == $currentid) {
55		if ($ok == 1) {
56		while (list($purl) = $xoopsDB->fetchRow($result1)) {
57		if ($purl) {
58		$destination = XOOPS_ROOT_PATH . '/uploads/AdsLight';
59		if (file_exists("$destination/$purl")) {
60		unlink("$destination/$purl");
61		}
62		$destination2 = XOOPS_ROOT_PATH . '/uploads/AdsLight/thumbs';
63		if (file_exists("$destination2/thumb_$purl")) {
64		unlink("$destination2/thumb_$purl");
65		}
66		$destination3 = XOOPS_ROOT_PATH . '/uploads/AdsLight/midsize';
67		if (file_exists("$destination3/resized_$purl")) {
68		unlink("$destination3/resized_$purl");
69		}
70
71		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE lid=' . $xoopsDB->escape($lid));
72		}
73		}
74		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE lid=' . $xoopsDB->escape($lid));
75		redirect_header('index.php', 1, _ADSLIGHT_ANNDEL);
76		} else {
77		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
78		echo '<br><div style="text-align:center">';
79		echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
80		}
81		echo "[ <a href=\"modify.php?op=ListingDel&lid=" . $lid . "&ok=1\">" . _ADSLIGHT_OUI . "</a> \| <a href=\"index.php\">" . _ADSLIGHT_NON . '</a> ]<br><br>';
82		echo '</td></tr></table>';
83		}
84		}
85		}
86
87		/**
88		* @param $r_lid
89		* @param $ok
90		*/
91		function delReply($r_lid, $ok)
92		{
93		global $xoopsDB, $xoopsConfig, $xoopsTheme, $xoopsLogger, $moduleDirName, $main_lang;
94
95		$result = $xoopsDB->query('SELECT l.usid, r.r_lid, r.lid, r.title, r.date, r.submitter, r.message, r.tele, r.email, r.r_usid FROM '
96		. $xoopsDB->prefix('adslight_listing')
97		. ' l LEFT JOIN '
98		. $xoopsDB->prefix('adslight_replies')
99		. ' r ON l.lid=r.lid WHERE r.r_lid='
100		. $xoopsDB->escape($r_lid));
101		list($usid, $r_lid, $rlid, $title, $date, $submitter, $message, $tele, $email, $r_usid) = $xoopsDB->fetchRow($result);
102
103		if ($GLOBALS['xoopsUser']) {
104		$currentid = $GLOBALS['xoopsUser']->getVar('uid', 'E');
105		if ($usid == $currentid) {
106		if ($ok == 1) {
107		$xoopsDB->queryF('DELETE FROM ' . $xoopsDB->prefix('adslight_replies') . ' WHERE r_lid=' . $xoopsDB->escape($r_lid));
108		redirect_header('members.php?usid=' . addslashes($usid) . '', 1, _ADSLIGHT_ANNDEL);
109		} else {
110		echo "<table width='100%' border='0' cellspacing='1' cellpadding='8'><tr class='bg4'><td valign='top'>\n";
111		echo '<br><div style="text-align:center">';
112		echo '<strong>' . _ADSLIGHT_SURDELANN . '</strong></div><br><br>';
113		}
114		echo "[ <a href=\"modify.php?op=DelReply&r_lid="
115		. addslashes($r_lid)
116		. "&ok=1\">"
117		. _ADSLIGHT_OUI
118		. "</a> \| <a href=\"members.php?usid="
119		. addslashes($usid)
120		. "\">"
121		. _ADSLIGHT_NON
122		. '</a> ]<br><br>';
123		echo '</td></tr></table>';
124		}
125		}
126		}
127
128		/**
129		* @param $lid
130		*/
131		function modAd($lid)
132		{
133		global $xoopsDB, $xoopsModule, $xoopsConfig, $xoopsTheme, $myts, $xoopsLogger, $moduleDirName, $main_lang;
134
135		include_once XOOPS_ROOT_PATH . '/class/xoopsformloader.php';
136		include_once XOOPS_ROOT_PATH . '/modules/adslight/class/utilities.php';
137		echo "<script language=\"javascript\">\nfunction CLA(CLA) { var MainWindow = window.open (CLA, \"_blank\",\"width=500,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,copyhistory=no\");}\n</script>";
138
139		include_once XOOPS_ROOT_PATH . '/modules/adslight/class/classifiedstree.php';
140		$mytree = new ClassifiedsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
141
142		$result = $xoopsDB->query('SELECT lid, cid, title, status, expire, type, desctext, tel, price, typeprice, typeusure, date, email, submitter, usid, town, country, contactby, premium, valid FROM '
143		. $xoopsDB->prefix('adslight_listing')
144		. ' WHERE lid='
145		. $xoopsDB->escape($lid));
146		list($lid, $cide, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $usid, $town, $country, $contactby, $premium, $valid) = $xoopsDB->fetchRow($result);
147
148		$categories = AdslightUtilities::getMyItemIds('adslight_submit');
149	View Code Duplication	if (is_array($categories) && count($categories) > 0) {
150		if (!in_array($cide, $categories)) {
151		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, _NOPERM);
152		}
153		} else { // User can't see any category
154		redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
155		}
156
157
158		if ($GLOBALS['xoopsUser']) {
159		$calusern = $GLOBALS['xoopsUser']->uid();
160		if ($usid == $calusern) {
161		echo "<fieldset><legend style='font-weight: bold; color: #900;'>" . _ADSLIGHT_MODIFANN . '</legend><br><br>';
162		$title = $myts->htmlSpecialChars($title);
163		$status = $myts->htmlSpecialChars($status);
164		$expire = $myts->htmlSpecialChars($expire);
165		$type = $myts->htmlSpecialChars($type);
166		$desctext = $myts->displayTarea($desctext, 1);
167		$tel = $myts->htmlSpecialChars($tel);
168
169		// $price = number_format($price, 2, ',', ' ');
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-10-01 12:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this `58%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
170
171		xoops_load('XoopsLocal');
172		$tempXoopsLocal = new XoopsLocal;
173		// For US currency with 2 numbers after the decimal comment out if you dont want 2 numbers after decimal
174		$price = $tempXoopsLocal->number_format($price, 2, ',', ' ');
175		// For other countries uncomment the below line and comment out the above line
176		// $price = $tempXoopsLocal->number_format($price);
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-10-01 12:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this `59%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
177
178
179		$typeprice = $myts->htmlSpecialChars($typeprice);
180		$typeusure = $myts->htmlSpecialChars($typeusure);
181		$submitter = $myts->htmlSpecialChars($submitter);
182		$town = $myts->htmlSpecialChars($town);
183		$country = $myts->htmlSpecialChars($country);
184		$contactby = $myts->htmlSpecialChars($contactby);
185		$premium = $myts->htmlSpecialChars($premium);
186		$useroffset = '';
187	View Code Duplication	if ($GLOBALS['xoopsUser']) {
188		$timezone = $GLOBALS['xoopsUser']->timezone();
189		$useroffset = (!empty($timezone)) ? $GLOBALS['xoopsUser']->timezone() : $xoopsConfig['default_TZ'];
190		}
191		$dates = ($useroffset * 3600) + $date;
192		$dates = formatTimestamp($date, 's');
193
194		echo "<form action=\"modify.php\" method=post enctype=\"multipart/form-data\">
195		<table><tr class=\"head\" border=\"2\">
196		<td class=\"head\">" . _ADSLIGHT_NUMANNN . " </td><td class=\"head\" border=\"1\">$lid " . _ADSLIGHT_DU . " $dates</td>
197		</tr><tr>";
198
199		if ($GLOBALS['xoopsModuleConfig']['adslight_diff_name'] == '1') {
200		echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"text\" name=\"submitter\" size=\"50\" value=\"$submitter\" /></td>";
201		} else {
202		echo "<td class=\"head\">" . _ADSLIGHT_SENDBY . " </td><td class=\"head\"><input type=\"hidden\" name=\"submitter\" value=\"$submitter\">$submitter</td>";
203		}
204		echo '</tr><tr>';
205
206		if (1 == $contactby) {
207		$contactselect = _ADSLIGHT_CONTACT_BY_EMAIL;
208		}
209		if (2 == $contactby) {
210		$contactselect = _ADSLIGHT_CONTACT_BY_PM;
211		}
212		if (3 == $contactby) {
213		$contactselect = _ADSLIGHT_CONTACT_BY_BOTH;
214		}
215		if (4 == $contactby) {
216		$contactselect = _ADSLIGHT_CONTACT_BY_PHONE;
217		}
218
219		echo " <td class='head'>" . _ADSLIGHT_CONTACTBY . " </td><td class='head'><select name=\"contactby\">
220		<option value=\"" . $contactby . "\">" . $contactselect . "</option>
221		<option value=\"1\">" . _ADSLIGHT_CONTACT_BY_EMAIL . "</option>
222		<option value=\"2\">" . _ADSLIGHT_CONTACT_BY_PM . "</option>
223		<option value=\"3\">" . _ADSLIGHT_CONTACT_BY_BOTH . "</option>
224		<option value=\"4\">" . _ADSLIGHT_CONTACT_BY_PHONE . '</option></select></td></tr>';
225
226		if ($GLOBALS['xoopsModuleConfig']['adslight_diff_email'] == '1') {
227		echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\"><input type=\"text\" name=\"email\" size=\"50\" value=\"$email\" /></td>";
228		} else {
229		echo "<tr><td class=\"head\">" . _ADSLIGHT_EMAIL . " </td><td class=\"head\">$email<input type=\"hidden\" name=\"email\" value=\"$email\" /></td>";
230		}
231		echo "</tr><tr>
232		<td class=\"head\">" . _ADSLIGHT_TEL . " </td><td class=\"head\"><input type=\"text\" name=\"tel\" size=\"50\" value=\"$tel\" /></td>
233		</tr>";
234		echo "<tr>
235		<td class=\"head\">" . _ADSLIGHT_TOWN . " </td><td class=\"head\"><input type=\"text\" name=\"town\" size=\"50\" value=\"$town\" /></td>
236		</tr>";
237		if ($GLOBALS['xoopsModuleConfig']['adslight_use_country'] == '1') {
238		echo "<tr>
239		<td class=\"head\">" . _ADSLIGHT_COUNTRY . " </td><td class=\"head\"><input type=\"text\" name=\"country\" size=\"50\" value=\"$country\" /></td>
240		</tr>";
241		} else {
242		echo "<input type=\"hidden\" name=\"country\" value=\"\">";
243		}
244
245		echo "<tr><td class='head'>" . _ADSLIGHT_STATUS . "</td><td class='head'><input type=\"radio\" name=\"status\" value=\"0\"";
246		if ('0' == $status) {
247		echo 'checked';
248		}
249		echo '>' . _ADSLIGHT_ACTIVE . "   <input type=\"radio\" name=\"status\" value=\"1\"";
250		if ('1' == $status) {
251		echo 'checked';
252		}
253		echo '>' . _ADSLIGHT_INACTIVE . "   <input type=\"radio\" name=\"status\" value=\"2\"";
254		if ('2' == $status) {
255		echo 'checked';
256		}
257		echo '>' . _ADSLIGHT_SOLD . '</td></tr>';
258		echo "<tr>
259		<td class=\"head\">" . _ADSLIGHT_TITLE2 . " </td><td class=\"head\"><input type=\"text\" name=\"title\" size=\"50\" value=\"$title\" /></td>
260		</tr>";
261		echo "<tr><td class=\"head\">"
262		. _ADSLIGHT_PRICE2
263		. " </td><td class=\"head\"><input type=\"text\" name=\"price\" size=\"20\" value=\"$price\" /> "
264		. $GLOBALS['xoopsModuleConfig']['adslight_money'];
265
266		$result3 = $xoopsDB->query('SELECT nom_price, id_price FROM ' . $xoopsDB->prefix('adslight_price') . ' ORDER BY id_price');
267		echo " <select name=\"typeprice\">";
268		while (list($nom_price, $id_price) = $xoopsDB->fetchRow($result3)) {
269		$sel = '';
270		if ($id_price == $typeprice) {
271		$sel = 'selected';
272		}
273		echo "<option value=\"$id_price\" $sel>$nom_price</option>";
274		}
275		echo '</select></td></tr>';
276		$module_id = $xoopsModule->getVar('mid');
277		$groups = ($GLOBALS['xoopsUser'] instanceof XoopsUser) ? $GLOBALS['xoopsUser']->getGroups() : XOOPS_GROUP_ANONYMOUS;
278
279		$gpermHandler = xoops_getHandler('groupperm');
280		$perm_itemid = XoopsRequest::getInt('item_id', 0, 'GET');
281
282		//If no access
283		if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
284		echo "<tr>
285		<td width='30%' class='head'>" . _ADSLIGHT_WILL_LAST . " </td><td class='head'>$expire " . _ADSLIGHT_DAY . '</td>
286		</tr>';
287		echo "<input type=\"hidden\" name=\"expire\" value=\"$expire\" />";
288		} else {
289		echo "<tr>
290		<td width='30%' class='head'>" . _ADSLIGHT_HOW_LONG . " </td><td class='head'><input type=\"text\" name=\"expire\" size=\"3\" maxlength=\"3\" value=\"$expire\" /> " . _ADSLIGHT_DAY . '</td>
291		</tr>';
292		}
293
294		/// Type d'annonce
295		echo "<tr>
296		<td class=\"head\">" . _ADSLIGHT_TYPE . " </td><td class=\"head\"><select name=\"type\">";
297
298		$result5 = $xoopsDB->query('SELECT nom_type, id_type FROM ' . $xoopsDB->prefix('adslight_type') . ' ORDER BY nom_type');
299		while (list($nom_type, $id_type) = $xoopsDB->fetchRow($result5)) {
300		$sel = '';
301		if ($id_type == $type) {
302		$sel = 'selected';
303		}
304		echo "<option value=\"$id_type\" $sel>$nom_type</option>";
305		}
306		echo '</select></td></tr>';
307
308		/// Etat de l'objet
309		echo "<tr>
310		<td class=\"head\">" . _ADSLIGHT_TYPE_USURE . " </td><td class=\"head\"><select name=\"typeusure\">";
311
312		$result6 = $xoopsDB->query('SELECT nom_usure, id_usure FROM ' . $xoopsDB->prefix('adslight_usure') . ' ORDER BY nom_usure');
313		while (list($nom_usure, $id_usure) = $xoopsDB->fetchRow($result6)) {
314		$sel = '';
315		if ($id_usure == $typeusure) {
316		$sel = 'selected';
317		}
318		echo "<option value=\"$id_usure\" $sel>$nom_usure</option>";
319		}
320		echo '</select></td></tr>';
321
322		echo "<tr>
323		<td class=\"head\">" . _ADSLIGHT_CAT . " </td><td class=\"head\">";
324		$mytree->makeMySelBox('title', 'title', $cide, '', 'cid');
325		echo "</td>
326		</tr><tr>
327		<td class=\"head\">" . _ADSLIGHT_DESC . " </td><td class=\"head\">";
328		$wysiwyg_text_area = AdslightUtilities::getEditor(_ADSLIGHT_DESC, 'desctext', $desctext, '100%', '200px');
329		echo $wysiwyg_text_area->render();
330		echo "</td></tr>
331		<td colspan=2><br><input type=\"submit\" value=\"" . _ADSLIGHT_MODIFANN . "\" /></td>
332		</tr></table>";
333		echo "<input type=\"hidden\" name=\"op\" value=\"ModAdS\" />";
334
335		$module_id = $xoopsModule->getVar('mid');
336	View Code Duplication	if (is_object($GLOBALS['xoopsUser'])) {
337		$groups =& $GLOBALS['xoopsUser']->getGroups();
338		} else {
339		$groups = XOOPS_GROUP_ANONYMOUS;
340		}
341		$gpermHandler = xoops_getHandler('groupperm');
342		$perm_itemid = XoopsRequest::getInt('item_id', 0, 'POST');
343		//If no access
344		if (!$gpermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $module_id)) {
345		if ($GLOBALS['xoopsModuleConfig']['adslight_moderated'] == '1') {
346		echo "<input type=\"hidden\" name=\"valid\" value=\"No\" />";
347		echo '<br>' . _ADSLIGHT_MODIFBEFORE . '<br>';
348		} else {
349		echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
350		}
351		} else {
352		echo "<input type=\"hidden\" name=\"valid\" value=\"Yes\" />";
353		}
354		echo "<input type=\"hidden\" name=\"lid\" value=\"$lid\" />";
355		echo "<input type=\"hidden\" name=\"premium\" value=\"$premium\" />";
356		echo "<input type=\"hidden\" name=\"date\" value=\"$date\" />
357		" . $GLOBALS['xoopsGTicket']->getTicketHtml(__LINE__, 1800, 'token') . '';
358		echo '</form><br></fieldset><br>';
359		}
360		}
361		}
362
363		/**
364		* @param $lid
365		* @param $cat
366		* @param $title
367		* @param $status
368		* @param $expire
369		* @param $type
370		* @param $desctext
371		* @param $tel
372		* @param $price
373		* @param $typeprice
374		* @param $typeusure
375		* @param $date
376		* @param $email
377		* @param $submitter
378		* @param $town
379		* @param $country
380		* @param $contactby
381		* @param $premium
382		* @param $valid
383		*/
384		function modAdS(
385		$lid,
386		$cat,
387		$title,
388		$status,
389		$expire,
390		$type,
391		$desctext,
392		$tel,
393		$price,
394		$typeprice,
395		$typeusure,
396		$date,
397		$email,
398		$submitter,
399		$town,
400		$country,
401		$contactby,
402		$premium,
403		$valid
404		) {
405		global $xoopsDB, $xoopsConfig, $myts, $xoopsLogger, $moduleDirName, $main_lang, $xoopsGTicket;
406
407		if (!$xoopsGTicket->check(true, 'token')) {
408		redirect_header(XOOPS_URL . '/modules/adslight/index.php', 3, $xoopsGTicket->getErrors());
409		}
410		$title = $myts->addSlashes($title);
411		$status = $myts->addSlashes($status);
412		$expire = $myts->addSlashes($expire);
413		$type = $myts->addSlashes($type);
414		$desctext = $myts->displayTarea($desctext, 1, 1, 1, 1, 1);
415		$tel = $myts->addSlashes($tel);
416		$price = str_replace(array(' '), '', $price);
417		$typeprice = $myts->addSlashes($typeprice);
418		$typeusure = $myts->addSlashes($typeusure);
419		$submitter = $myts->addSlashes($submitter);
420		$town = $myts->addSlashes($town);
421		$country = $myts->addSlashes($country);
422		$contactby = $myts->addSlashes($contactby);
423		$premium = $myts->addSlashes($premium);
424
425		$xoopsDB->query('UPDATE '
426		. $xoopsDB->prefix('adslight_listing')
427		. " SET cid='$cat', title='$title', status='$status', expire='$expire', type='$type', desctext='$desctext', tel='$tel', price='$price', typeprice='$typeprice', typeusure='$typeusure', email='$email', submitter='$submitter', town='$town', country='$country', contactby='$contactby', premium='$premium', valid='$valid' WHERE lid=$lid");
428
429		redirect_header('index.php', 1, _ADSLIGHT_ANNMOD2);
430		}
431
432		####################################################
433		foreach ($_POST as $k => $v) {
434		${$k} = $v;
435		}
436		$ok = XoopsRequest::getString('ok', '', 'GET');
437
438		if (!isset($_POST['lid']) && isset($_GET['lid'])) {
439		$lid = $_GET['lid'];
440		}
441		if (!isset($_POST['r_lid']) && isset($_GET['r_lid'])) {
442		$r_lid = $_GET['r_lid'];
443		}
444		if (!isset($_POST['op']) && isset($_GET['op'])) {
445		$op = $_GET['op'];
446		}
447		switch ($op) {
448
449		case 'ModAd':
450		include XOOPS_ROOT_PATH . '/header.php';
451		modAd($lid);
452		include XOOPS_ROOT_PATH . '/footer.php';
453		break;
454
455		case 'ModAdS':
456		modAdS($lid, $cid, $title, $status, $expire, $type, $desctext, $tel, $price, $typeprice, $typeusure, $date, $email, $submitter, $town, $country, $contactby, $premium, $valid);
457		break;
458
459		case 'ListingDel':
460		include XOOPS_ROOT_PATH . '/header.php';
461		listingDel($lid, $ok);
462		include XOOPS_ROOT_PATH . '/footer.php';
463		break;
464
465		case 'DelReply':
466		include XOOPS_ROOT_PATH . '/header.php';
467		delReply($r_lid, $ok);
468		include XOOPS_ROOT_PATH . '/footer.php';
469		break;
470
471		default:
472		redirect_header('index.php', 1, '' . _RETURNANN);
473		break;
474		}
475

mambax7 / adslight

Push — master ( a25b3b...67bb37 )

modify.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like