Issues (292)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  Header Injection
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

viewcats.php (12 issues)

1
<?php declare(strict_types=1);
2
3
/*
4
 * You may not change or alter any portion of this comment or credits
5
 * of supporting developers from this source code or any supporting source code
6
 * which is considered copyrighted (c) material of the original comment or credit authors.
7
 *
8
 * This program is distributed in the hope that it will be useful,
9
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
10
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11
 */
12
13
/**
14
 * @copyright    XOOPS Project (https://xoops.org)
15
 * @license      GNU GPL 2.0 or later (https://www.gnu.org/licenses/gpl-2.0.html)
16
 * @author       XOOPS Development Team
17
 * @author       Pascal Le Boustouller: original author ([email protected])
18
 * @author       Luc Bizet (www.frxoops.org)
19
 * @author       jlm69 (www.jlmzone.com)
20
 * @author       mamba (www.xoops.org)
21
 */
22
23
use Xmf\Module\Admin;
24
use Xmf\Request;
25
use XoopsModules\Adslight\{
26
    Helper,
27
    Tree,
28
    Utility
29
};
30
31
/** @var Helper $helper */
32
require_once __DIR__ . '/header.php';
33
34
global $xoopsModule, $xoopsDB, $xoopsConfig, $xoTheme;
35
36
//require_once XOOPS_ROOT_PATH . '/modules/adslight/include/gtickets.php';
37
xoops_load('XoopsLocal');
38
$tempXoopsLocal = new \XoopsLocal();
39
$myts           = \MyTextSanitizer::getInstance();
40
$moduleId       = $xoopsModule->getVar('mid');
41
42
if (is_object($GLOBALS['xoopsUser'])) {
43
    $groups = $GLOBALS['xoopsUser']->getGroups();
44
} else {
45
    $groups = XOOPS_GROUP_ANONYMOUS;
46
}
47
/** @var \XoopsGroupPermHandler $grouppermHandler */
48
$grouppermHandler = xoops_getHandler('groupperm');
49
50
$perm_itemid = Request::getInt('item_id', 0, 'POST');
51
52
if (!$grouppermHandler->checkRight('adslight_view', $perm_itemid, $groups, $moduleId)) {
53
    redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
54
}
55
if ($grouppermHandler->checkRight('adslight_premium', $perm_itemid, $groups, $moduleId)) {
56
    $prem_perm = '1';
57
} else {
58
    $prem_perm = '0';
59
}
60
61
$mytree = new Tree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
62
63
#  function view (categories)
64
#####################################################
65
/**
66
 * @param int|null $cid
67
 * @param int|null $min
68
 * @param string   $orderby
69
 * @param int|null $show
70
 */
71
function adsView($cid, $min, $orderby, $show = 0): void
72
{
73
    global $xoopsDB, $xoopsTpl, $xoopsConfig, $myts, $mytree, $imagecat, $meta, $mid, $prem_perm, $xoopsModule;
74
75
    $helper     = Helper::getInstance();
76
    $pathIcon16 = Admin::iconUrl('', '16');
77
78
    $GLOBALS['xoopsOption']['template_main'] = 'adslight_category.tpl';
79
    require_once XOOPS_ROOT_PATH . '/header.php';
80
81
    $GLOBALS['xoopsTpl']->assign('xmid', $xoopsModule->getVar('mid'));
82
    $GLOBALS['xoopsTpl']->assign('add_from', _ADSLIGHT_ADDFROM . ' ' . $xoopsConfig['sitename']);
83
    $GLOBALS['xoopsTpl']->assign('add_from_title', _ADSLIGHT_ADDFROM);
84
    $GLOBALS['xoopsTpl']->assign('add_from_sitename', $xoopsConfig['sitename']);
85
    $GLOBALS['xoopsTpl']->assign('only_pix', _ADSLIGHT_ONLYPIX);
86
    $GLOBALS['xoopsTpl']->assign('adslight_logolink', _ADSLIGHT_LOGOLINK);
87
    $GLOBALS['xoopsTpl']->assign('permit', $prem_perm);
88
89
    $GLOBALS['xoopsTpl']->assign('xoops_module_header', '<link rel="stylesheet" href="' . XOOPS_URL . '/modules/adslight/assets/css/adslight.css" type="text/css" media="all" >');
90
91
    // $adslight_use_catscode = $helper->getConfig('adslight_use_catscode');
92
    // $adslight_cats_code = $helper->getConfig('adslight_cats_code');
93
94
    $GLOBALS['xoopsTpl']->assign('adslight_use_catscode', $helper->getConfig('adslight_use_catscode'));
95
    $GLOBALS['xoopsTpl']->assign('adslight_cats_code', $helper->getConfig('adslight_cats_code'));
96
97
    $banner = xoops_getbanner();
98
    $GLOBALS['xoopsTpl']->assign('banner', $banner);
99
    // $index_code_place = $helper->getConfig('adslight_index_code_place');
100
    // $use_extra_code = $helper->getConfig('adslight_use_index_code');
101
    // $adslight_use_banner = $helper->getConfig('adslight_use_banner');
102
    // $index_extra_code = $helper->getConfig('adslight_index_code');
103
104
    $GLOBALS['xoopsTpl']->assign('use_extra_code', $helper->getConfig('adslight_use_index_code'));
105
    $GLOBALS['xoopsTpl']->assign('adslight_use_banner', $helper->getConfig('adslight_use_banner'));
106
    $GLOBALS['xoopsTpl']->assign('index_extra_code', $helper->getConfig('adslight_index_code'));
107
    $GLOBALS['xoopsTpl']->assign('index_code_place', $helper->getConfig('adslight_index_code_place'));
108
109
    // adslight 2
110
    $GLOBALS['xoopsTpl']->assign('adslight_active_menu', $helper->getConfig('adslight_active_menu'));
111
    $GLOBALS['xoopsTpl']->assign('adslight_active_rss', $helper->getConfig('adslight_active_rss'));
112
113
    /// No Adds in this Cat ///
114
    $submit_perms = Utility::getMyItemIds('adslight_submit');
115
116
    if (is_array($submit_perms) && $GLOBALS['xoopsUser']
117
        && count($submit_perms) > 0) {
118
        $GLOBALS['xoopsTpl']->assign('not_adds_in_this_cat', _ADSLIGHT_ADD_LISTING_NOTADDSINTHISCAT . '<a href="addlisting.php?cid=' . addslashes((string)$cid) . '">' . _ADSLIGHT_ADD_LISTING_NOTADDSSUBMIT . '</a>');
119
    } else {
120
        $GLOBALS['xoopsTpl']->assign('not_adds_in_this_cat', _ADSLIGHT_ADD_LISTING_NOTADDSINTHISCAT . '<br>' . _ADSLIGHT_ADD_LISTING_BULL . '<a href="' . XOOPS_URL . '/register.php">' . _ADSLIGHT_ADD_LISTING_SUB . '</a>.');
121
    }
122
123
    $GLOBALS['xoopsTpl']->assign('Feed_RSS_cat', '&nbsp;&nbsp;&nbsp;<a href="rss.php?cid=' . addslashes((string)$cid) . '"><img border="0" alt="Feed RSS" src="assets/images/rssfeed_buttons.png" ></a>');
124
125
    if ($GLOBALS['xoopsUser']) {
126
        $member_usid = $GLOBALS['xoopsUser']->getVar('uid');
127
        if ($usid = $member_usid) {
0 ignored issues
show
The assignment to $usid is dead and can be removed.
Loading history...
128
            $GLOBALS['xoopsTpl']->assign('istheirs', true);
129
130
            $sql = 'SELECT COUNT(*) FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE usid=' . $member_usid . ' ';
131
            $result = $xoopsDB->query($sql);
132
            if (!$xoopsDB->isResultSet($result)) {
133
                \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
134
            }
135
            [$show_user] = $xoopsDB->fetchRow($result);
136
137
            $GLOBALS['xoopsTpl']->assign('show_user', $show_user);
138
            $GLOBALS['xoopsTpl']->assign('show_user_link', 'members.php?usid=' . $member_usid);
139
        }
140
    }
141
142
    $default_sort = $helper->getConfig('adslight_lsort_order');
143
144
    $cid     = max((int)$cid, 0);
145
    $min     = max((int)$min, 0);
146
    $show    = (int)$show > 0 ? (int)$show : $helper->getConfig('adslight_perpage');
147
    $max     = $min + $show;
148
    $orderby = isset($orderby) ? Utility::convertOrderByIn($orderby) : $default_sort;
149
150
    $updir = $helper->getConfig('adslight_link_upload');
0 ignored issues
show
The assignment to $updir is dead and can be removed.
Loading history...
151
    $GLOBALS['xoopsTpl']->assign('add_from', _ADSLIGHT_ADDFROM . ' ' . $xoopsConfig['sitename']);
152
    $GLOBALS['xoopsTpl']->assign('add_from_title', _ADSLIGHT_ADDFROM);
153
    $GLOBALS['xoopsTpl']->assign('add_from_sitename', $xoopsConfig['sitename']);
154
    $GLOBALS['xoopsTpl']->assign('subcat_title2', _ADSLIGHT_ANNONCES);
155
156
    $categories = Utility::getMyItemIds('adslight_view');
157
158
    //TO DO - check on permissions here
159
    //    if ($categories && is_array($categories)) {
160
    //        if (!\in_array($cid, $categories)) {
161
    //            $helper->redirect('index.php', 3, _NOPERM);
162
    //        }
163
    //    } else {    // User can't see any category
164
    //        redirect_header(XOOPS_URL . '/index.php', 3, _NOPERM);
165
    //    }
166
167
    $arrow = '<img src="' . XOOPS_URL . '/modules/adslight/assets/images/arrow.gif" alt="&raquo;" >';
0 ignored issues
show
The assignment to $arrow is dead and can be removed.
Loading history...
168
169
    $pathstring = '<a href="index.php">' . _ADSLIGHT_MAIN . '</a>';
170
    $pathstring .= $mytree->getNicePathFromId($cid, 'title', 'viewcats.php?');
171
    $GLOBALS['xoopsTpl']->assign('module_name', $xoopsModule->getVar('name'));
172
    $GLOBALS['xoopsTpl']->assign('category_path', $pathstring);
173
    $GLOBALS['xoopsTpl']->assign('category_id', $cid);
174
175
    $sql         = 'SELECT COUNT(*) FROM ' . $xoopsDB->prefix('adslight_listing') . ' WHERE  cid=' . $xoopsDB->escape($cid) . ' AND valid="Yes" AND status!="1"';
176
    $countresult = $xoopsDB->query($sql);
177
    $result = $xoopsDB->query($sql);
0 ignored issues
show
The assignment to $result is dead and can be removed.
Loading history...
178
    if (!$xoopsDB->isResultSet($countresult)) {
179
        \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
180
    }
181
    [$trow] = $xoopsDB->fetchRow($countresult);
182
    $trows = $trow;
183
184
    $cat_perms = '';
185
    if (is_array($categories) && count($categories) > 0) {
186
        $cat_perms .= ' AND cid IN (' . implode(',', $categories) . ') ';
187
    }
188
189
    $sql    = 'SELECT cid, pid, title, cat_desc, cat_keywords FROM ' . $xoopsDB->prefix('adslight_categories') . ' WHERE cid=' . $xoopsDB->escape($cid) . ' ' . $cat_perms;
190
    $result = $xoopsDB->query($sql);
191
    if (!$xoopsDB->isResultSet($result)) {
192
        \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
193
    }
194
    [$cid, $pid, $title, $cat_desc, $cat_keywords] = $xoopsDB->fetchRow($result);
195
196
    $GLOBALS['xoopsTpl']->assign('cat_desc', $cat_desc);
197
    $GLOBALS['xoopsTpl']->assign('cat_title', _ADSLIGHT_ANNONCES . ' ' . $title);
198
    $GLOBALS['xoopsTpl']->assign('cat_keywords', $cat_keywords);
199
    $GLOBALS['xoopsTpl']->assign('xoops_pagetitle', $title);
200
201
    if ($cat_desc > '0') {
202
        // meta description & keywords tags for categories
203
        $cat_desc_clean     = strip_tags($cat_desc, '<span><img><strong><i><u>');
204
        $cat_keywords_clean = strip_tags($cat_keywords, '<span><img><strong><i><u><br><li>');
205
206
        $GLOBALS['xoTheme']->addMeta('meta', 'description', '' . mb_substr($cat_desc_clean, 0, 200));
207
        $GLOBALS['xoTheme']->addMeta('meta', 'keywords', '' . mb_substr($cat_keywords_clean, 0, 1000));
208
    }
209
210
    $submit_perms = Utility::getMyItemIds('adslight_submit');
211
    if (is_array($submit_perms) && $GLOBALS['xoopsUser']
212
        && count($submit_perms) > 0) {
213
        $add_listing = _ADSLIGHT_ADD_LISTING_BULLCATS . '<a href="addlisting.php?cid=' . addslashes($cid) . '">' . _ADSLIGHT_ADD_LISTING_SUBOK . '</a>';
214
    } else {    // User can't see any category
215
        $add_listing = _ADSLIGHT_ADD_LISTING_BULLCATSOK . '<a href="' . XOOPS_URL . '/register.php">' . _ADSLIGHT_ADD_LISTING_SUB . '</a>.';
216
    }
217
218
    if (0 !== (int)$pid || 1 === $helper->getConfig('adslight_main_cat')) {
219
        $GLOBALS['xoopsTpl']->assign('bullinfotext', $add_listing);
220
    }
221
222
    //    $arr = [];
223
    $arr = $mytree->getFirstChild($cid, 'title');
224
225
    if (count($arr) > 0) {
226
        $scount = 1;
227
        foreach ($arr as $ele) {
228
            if (\in_array((int)$ele['cid'], $categories, true)) {
229
                $sub_arr         = [];
0 ignored issues
show
The assignment to $sub_arr is dead and can be removed.
Loading history...
230
                $sub_arr         = $mytree->getFirstChild($ele['cid'], 'title');
231
                $space           = 0;
232
                $chcount         = 0;
233
                $infercategories = '';
234
                $totallisting    = Utility::getTotalItems($ele['cid'], 1);
235
                foreach ($sub_arr as $sub_ele) {
236
                    if (\in_array((int)$sub_ele['cid'], $categories, true)) {
237
                        $chtitle = \htmlspecialchars($sub_ele['title'], ENT_QUOTES | ENT_HTML5);
238
239
                        if ($chcount > 5) {
240
                            $infercategories .= '...';
241
                            break;
242
                        }
243
                        if ($space > 0) {
244
                            $infercategories .= ', ';
245
                        }
246
                        $infercategories .= '<a href="' . XOOPS_URL . '/modules/adslight/viewcats.php?cid=' . $sub_ele['cid'] . '">' . $chtitle . '</a>';
247
248
                        $infercategories .= '&nbsp;(' . Utility::getTotalItems($sub_ele['cid']) . ')';
249
                        $infercategories .= '&nbsp;' . categorynewgraphic($sub_ele['cid']);
0 ignored issues
show
Are you sure categorynewgraphic($sub_ele['cid']) of type void can be used in concatenation? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

249
                        $infercategories .= '&nbsp;' . /** @scrutinizer ignore-type */ categorynewgraphic($sub_ele['cid']);
Loading history...
Are you sure the usage of categorynewgraphic($sub_ele['cid']) is correct as it seems to always return null.

This check looks for function or method calls that always return null and whose return value is used.

class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {

The method getObject() can return nothing but null, so it makes no sense to use the return value.

The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.

Loading history...
250
                        ++$space;
251
                        ++$chcount;
252
                    }
253
                }
254
255
                $GLOBALS['xoopsTpl']->append('subcategories', [
256
                    'title'           => htmlspecialchars($ele['title'], ENT_QUOTES | ENT_HTML5),
257
                    'id'              => $ele['cid'],
258
                    'infercategories' => $infercategories,
259
                    'totallisting'    => $totallisting,
260
                    '',
261
                ]);
262
263
                ++$scount;
264
                $GLOBALS['xoopsTpl']->assign('lang_subcat', _ADSLIGHT_AVAILAB);
265
            }
266
        }
267
    }
268
269
    $pagenav = '';
270
    if ($trows > '0') {
271
        $GLOBALS['xoopsTpl']->assign('last_head', _ADSLIGHT_THE . ' ' . $helper->getConfig('adslight_newcount') . ' ' . _ADSLIGHT_LASTADD);
272
        $GLOBALS['xoopsTpl']->assign('last_head_title', _ADSLIGHT_TITLE);
273
        $GLOBALS['xoopsTpl']->assign('last_head_price', _ADSLIGHT_PRICE);
274
        $GLOBALS['xoopsTpl']->assign('last_head_date', _ADSLIGHT_DATE);
275
        $GLOBALS['xoopsTpl']->assign('last_head_local', _ADSLIGHT_LOCAL2);
276
        $GLOBALS['xoopsTpl']->assign('last_head_hits', _ADSLIGHT_VIEW);
277
        $GLOBALS['xoopsTpl']->assign('last_head_photo', _ADSLIGHT_PHOTO);
278
        $GLOBALS['xoopsTpl']->assign('cat', $cid);
279
        $GLOBALS['xoopsTpl']->assign('min', $min);
280
        $rank = 1;
281
282
        $cat_perms = '';
283
        if (is_array($categories) && count($categories) > 0) {
284
            $cat_perms .= ' AND cid IN (' . implode(',', $categories) . ') ';
285
        }
286
287
        $sql     = 'SELECT lid, title, status, type, price, typeprice, date_created, town, country, contactby, usid, premium, valid, photo, hits FROM '
288
                   . $xoopsDB->prefix('adslight_listing')
289
                   . ' WHERE valid="Yes" AND cid='
290
                   . $xoopsDB->escape($cid)
291
                   . ' AND status!="1" '
292
                   . $cat_perms
293
                   . ' ORDER BY '
294
                   . $orderby;
295
        $result1 = $xoopsDB->query($sql, $show, $min);
296
        if (!$xoopsDB->isResultSet($result1)) {
297
            \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
298
        }
299
        if ($trows > '1') {
300
            $GLOBALS['xoopsTpl']->assign('show_nav', true);
301
            $orderbyTrans = Utility::convertOrderByTrans($orderby);
0 ignored issues
show
The assignment to $orderbyTrans is dead and can be removed.
Loading history...
302
            $GLOBALS['xoopsTpl']->assign('lang_sortby', _ADSLIGHT_SORTBY);
303
            $GLOBALS['xoopsTpl']->assign('lang_title', _ADSLIGHT_TITLE);
304
            $GLOBALS['xoopsTpl']->assign('lang_titleatoz', _ADSLIGHT_TITLEATOZ);
305
            $GLOBALS['xoopsTpl']->assign('lang_titleztoa', _ADSLIGHT_TITLEZTOA);
306
            $GLOBALS['xoopsTpl']->assign('lang_date', _ADSLIGHT_DATE);
307
            $GLOBALS['xoopsTpl']->assign('lang_dateold', _ADSLIGHT_DATEOLD);
308
            $GLOBALS['xoopsTpl']->assign('lang_datenew', _ADSLIGHT_DATENEW);
309
            $GLOBALS['xoopsTpl']->assign('lang_price', _ADSLIGHT_PRICE);
310
            $GLOBALS['xoopsTpl']->assign('lang_priceltoh', _ADSLIGHT_PRICELTOH);
311
            $GLOBALS['xoopsTpl']->assign('lang_pricehtol', _ADSLIGHT_PRICEHTOL);
312
            $GLOBALS['xoopsTpl']->assign('lang_popularity', _ADSLIGHT_POPULARITY);
313
            $GLOBALS['xoopsTpl']->assign('lang_popularityleast', _ADSLIGHT_POPULARITYLTOM);
314
            $GLOBALS['xoopsTpl']->assign('lang_popularitymost', _ADSLIGHT_POPULARITYMTOL);
315
            $GLOBALS['xoopsTpl']->assign('lang_cursortedby', sprintf(_ADSLIGHT_CURSORTEDBY, Utility::convertOrderByTrans($orderby)));
316
        }
317
        while ([$lid, $title, $status, $type, $price, $typeprice, $date_created, $town, $country, $contactby, $usid, $premium, $valid, $photo, $hits] = $xoopsDB->fetchRow($result1)) {
318
            $a_item = [];
319
            $title  = \htmlspecialchars($title, ENT_QUOTES | ENT_HTML5);
320
            $type   = \htmlspecialchars($type, ENT_QUOTES | ENT_HTML5);
321
            //      $price = number_format($price, 2, ',', ' ');
322
            $town       = \htmlspecialchars($town, ENT_QUOTES | ENT_HTML5);
323
            $country    = \htmlspecialchars($country, ENT_QUOTES | ENT_HTML5);
324
            $contactby  = \htmlspecialchars($contactby, ENT_QUOTES | ENT_HTML5);
0 ignored issues
show
The assignment to $contactby is dead and can be removed.
Loading history...
325
            $useroffset = '';
326
327
            $newcount  = $helper->getConfig('adslight_countday');
328
            $startdate = time() - (86400 * $newcount);
329
            if ($startdate < $date_created) {
330
                $newitem       = '<img src="' . XOOPS_URL . '/modules/adslight/assets/images/newred.gif" >';
331
                $a_item['new'] = $newitem;
332
            }
333
            if ($GLOBALS['xoopsUser']) {
334
                $timezone = $GLOBALS['xoopsUser']->timezone();
335
                if (isset($timezone)) {
336
                    $useroffset = $GLOBALS['xoopsUser']->timezone();
337
                } else {
338
                    $useroffset = $xoopsConfig['default_TZ'];
339
                }
340
            }
341
            $date_created = ($useroffset * 3600) + $date_created;
342
            $date_created = formatTimestamp($date_created, 's');
343
            if ($GLOBALS['xoopsUser']) {
344
                if ($GLOBALS['xoopsUser']->isAdmin()) {
345
                    $a_item['admin'] = '<a href="' . XOOPS_URL . '/modules/adslight/admin/validate_ads.php?op=modifyAds&amp;lid=' . $lid . '"><img src="' . $pathIcon16 . '/edit.png' . '" border=0 alt="' . _ADSLIGHT_MODADMIN . '" title="' . _ADSLIGHT_MODADMIN . '"></a>';
346
                }
347
            }
348
349
            $sql     = 'SELECT nom_type FROM ' . $xoopsDB->prefix('adslight_type') . " WHERE id_type='" . $xoopsDB->escape($type) . "'";
350
            $result7 = $xoopsDB->query($sql);
351
            if (!$xoopsDB->isResultSet($result7)) {
352
                \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
353
            }
354
            [$nom_type] = $xoopsDB->fetchRow($result7);
355
356
            $sql     = 'SELECT nom_price FROM ' . $xoopsDB->prefix('adslight_price') . " WHERE id_price='" . $xoopsDB->escape($typeprice) . "'";
357
            $result8 = $xoopsDB->query($sql);
358
            if (!$xoopsDB->isResultSet($result8)) {
359
                \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
360
            }
361
            [$nom_price] = $xoopsDB->fetchRow($result8);
362
363
            $a_item['type']   = \htmlspecialchars($nom_type, ENT_QUOTES | ENT_HTML5);
364
            $a_item['title']  = '<a href="viewads.php?lid=' . $lid . '"><strong>' . $title . '</strong></a>';
365
            $a_item['status'] = $status;
366
            if ($price > 0) {
367
                $currencyCode                 = $helper->getConfig('adslight_currency_code');
368
                $currencySymbol               = $helper->getConfig('adslight_currency_symbol');
369
                $currencyPosition             = $helper->getConfig('currency_position');
370
                $formattedCurrencyUtilityTemp = Utility::formatCurrencyTemp($price, $currencyCode, $currencySymbol, $currencyPosition);
371
                $priceHtml                    = '<strong>' . _ADSLIGHT_PRICE2 . '</strong>' . $formattedCurrencyUtilityTemp . ' - ' . $nom_price;
372
373
                $a_item['price'] = $priceHtml;
374
375
                $a_item['price_typeprice'] = \htmlspecialchars($nom_price, ENT_QUOTES | ENT_HTML5);
376
            }
377
            $a_item['date_created'] = $date_created;
378
            $a_item['local']        = '';
379
            if ($town) {
380
                $a_item['local'] .= $town;
381
            }
382
            $a_item['country'] = '';
383
            if ($country) {
384
                $a_item['country'] = $country;
385
            }
386
387
            $cat = addslashes($cid);
0 ignored issues
show
The assignment to $cat is dead and can be removed.
Loading history...
388
            if (2 === (int)$status) {
389
                $a_item['sold'] = _ADSLIGHT_RESERVEDMEMBER;
390
            }
391
392
            if ($helper->getConfig('active_thumbscats') > 0) {
393
                $a_item['no_photo'] = '<a href="' . XOOPS_URL . '/modules/adslight/viewads.php?lid=' . $lid . '"><img class="thumb" src="' . XOOPS_URL . '/modules/adslight/assets/images/nophoto.jpg" align="left" width="100px" alt="' . $title . '" ></a>';
394
395
                $updir   = $helper->getConfig('adslight_link_upload');
396
                $sql     = 'SELECT cod_img, lid, uid_owner, url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE  uid_owner=' . $xoopsDB->escape($usid) . ' AND lid=' . $xoopsDB->escape($lid) . ' ORDER BY date_created ASC LIMIT 1';
397
                $resultp = $xoopsDB->query($sql);
398
                if (!$xoopsDB->isResultSet($resultp)) {
399
                    \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
400
                }
401
                while ([$cod_img, $pic_lid, $uid_owner, $url] = $xoopsDB->fetchRow($resultp)) {
402
                    if ($photo) {
403
                        $a_item['photo'] = '<a href="' . XOOPS_URL . '/modules/adslight/viewads.php?lid=' . $lid . '"><img class="thumb" src="' . $updir . '/thumbs/thumb_' . $url . '" align="left" width="100px" alt="' . $title . '" ></a>';
404
                    }
405
                }
406
            } else {
407
                $a_item['no_photo'] = '<p><img src="' . XOOPS_URL . '/modules/adslight/assets/images/camera_nophoto.png" align="left" width="24" alt="' . $title . '" ></p>';
408
                $updir              = $helper->getConfig('adslight_link_upload');
409
                $sql                = 'SELECT cod_img, lid, uid_owner, url FROM ' . $xoopsDB->prefix('adslight_pictures') . ' WHERE  uid_owner=' . $xoopsDB->escape($usid) . ' AND lid=' . $xoopsDB->escape($lid) . ' ORDER BY date_created ASC LIMIT 1';
410
                $resultp            = $xoopsDB->query($sql);
411
                if (!$xoopsDB->isResultSet($resultp)) {
412
                    \trigger_error("Query Failed! SQL: $sql- Error: " . $xoopsDB->error(), E_USER_ERROR);
413
                }
414
                while ([$cod_img, $pic_lid, $uid_owner, $url] = $xoopsDB->fetchRow($resultp)) {
0 ignored issues
show
Comprehensibility Best Practice introduced by
This list assign is not used and could be removed.
Loading history...
415
                    if ($photo) {
416
                        $a_item['photo'] = '<p><img src="' . XOOPS_URL . '/modules/adslight/assets/images/camera_photo.png" align="left" width="24" alt="' . $title . '" ></p>';
417
                    }
418
                }
419
            }
420
421
            $a_item['hits'] = $hits;
422
            ++$rank;
423
            $GLOBALS['xoopsTpl']->append('items', $a_item);
424
        }
425
426
        $cid = max((int)$cid, 0);
427
428
        $orderby   = Utility::convertOrderByOut($orderby);
429
        $linkpages = ceil($trows / $show);
430
431
        //Page Numbering
432
        if (1 !== (int)$linkpages && 0 !== (int)$linkpages) {
433
            $prev = $min - $show;
434
            if ($prev >= 0) {
435
                $pagenav .= "<a href='viewcats.php?cid={$cid}&min={$prev}&orderby={$orderby}&show={$show}'><strong><u>&laquo;</u></strong></a> ";
436
            }
437
            $counter     = 1;
438
            $currentpage = $max / $show;
439
            while ($counter <= $linkpages) {
440
                $mintemp = ($show * $counter) - $show;
441
                if ($counter === $currentpage) {
442
                    $pagenav .= "<strong>({$counter})</strong> ";
443
                } else {
444
                    $pagenav .= "<a href='viewcats.php?cid={$cid}&min={$mintemp}&orderby={$orderby}&show={$show}'>{$counter}</a> ";
445
                }
446
                ++$counter;
447
            }
448
            if ($trows > $max) {
449
                $pagenav .= "<a href='viewcats.php?cid={$cid}&min={$max}&orderby={$orderby}&show={$show}'>";
450
                $pagenav .= '<strong><u>&raquo;</u></strong></a>';
451
            }
452
        }
453
    }
454
455
    $GLOBALS['xoopsTpl']->assign('nav_page', $pagenav);
456
457
    if (!$GLOBALS['xoopsUser']) {
458
        global $xoopsDB;
459
460
        $xoopsTree = new \XoopsTree($xoopsDB->prefix('adslight_categories'), 'cid', 'pid');
461
        $jump      = XOOPS_URL . '/modules/adslight/viewcats.php?cid=';
462
        ob_start();
463
        $xoopsTree->makeMySelBox('title', 'title', $cid, 1, 'pid', 'location="' . $jump . '"+this.options[this.selectedIndex].value');
464
        $select_go_cats = ob_get_clean();
465
        $GLOBALS['xoopsTpl']->assign('select_go_cats', $select_go_cats);
466
    }
467
}
468
469
#  function categorynewgraphic
470
#####################################################
471
/**
472
 * @param $cid
473
 */
474
function categorynewgraphic($cid): void
0 ignored issues
show
The parameter $cid is not used and could be removed. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-unused  annotation

474
function categorynewgraphic(/** @scrutinizer ignore-unused */ $cid): void

This check looks for parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
475
{
476
    //global $xoopsDB;
477
}
478
479
######################################################
480
481
$pa      = Request::getInt('pa', null, 'GET');
482
$lid     = Request::getInt('lid', null, 'GET');
483
$cid     = Request::getInt('cid', null, 'GET');
484
$usid    = Request::getString('usid', '', 'GET');
485
$min     = Request::getInt('min', null, 'GET');
486
$show    = Request::getInt('show', null, 'GET');
487
$orderby = Request::getString('orderby', '', 'GET');
488
489
switch ($pa) {
490
    default:
491
        $GLOBALS['xoopsOption']['template_main'] = 'adslight_category.tpl';
492
        adsView($cid, $min, $orderby, $show);
493
        break;
494
}
495
require_once XOOPS_ROOT_PATH . '/footer.php';
496