This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | include_once __DIR__ . '/admin_header.php'; |
||
3 | /* |
||
4 | * 处理 |
||
5 | **/ |
||
6 | |||
7 | //头部 |
||
8 | include "martin.header.php"; |
||
9 | $currentFile = basename(__FILE__); |
||
10 | $myModuleAdmin = new ModuleAdmin(); |
||
11 | echo $myModuleAdmin->addNavigation($currentFile); |
||
12 | |||
13 | //parameter 参数 |
||
14 | $action = isset($_POST['action']) ? $_POST['action'] : @$_GET['action']; |
||
15 | $action = empty($action) ? 'list' : $action; |
||
16 | $action = trim(strtolower($action)); |
||
17 | $id = !empty($_POST['id']) ? $_POST['id'] : @$_GET['id']; |
||
18 | $id = (int)($id); |
||
19 | $start = isset($_GET['start']) ? (int)($_GET['start']) : 0; |
||
20 | //确认删除 |
||
21 | $confirm = (isset($_POST['confirm'])) ? $_POST['confirm'] : 0; |
||
22 | //parameter 参数 |
||
23 | |||
24 | $order_handler =& xoops_getmodulehandler('order', MARTIN_DIRNAME, true); |
||
25 | |||
26 | //hotel city |
||
27 | $hotelcity_handler =& xoops_getmodulehandler('hotelcity', MARTIN_DIRNAME, true); |
||
28 | $HotelCityObj = $hotelcity_handler->create(); |
||
29 | |||
30 | //hotel |
||
31 | $hotel_handler =& xoops_getmodulehandler('hotel', MARTIN_DIRNAME, true); |
||
32 | |||
33 | if ($id) { |
||
34 | $OrderObj = $order_handler->get($id); |
||
35 | } else { |
||
36 | $OrderObj = $order_handler->create(); |
||
37 | } |
||
38 | |||
39 | // martin_adminMenu(1, "订房后台 > 订单"); |
||
40 | |||
41 | switch ($action) { |
||
42 | case "edit": |
||
43 | include MARTIN_ROOT_PATH . 'include/form.order.php'; |
||
44 | martin_collapsableBar('createtable', 'createtableicon', _AM_MARTIN_HOTEL_BOOKINGS_MODIFICATION, _AM_MARTIN_HOTEL_BOOKINGS_MODIFICATION); |
||
45 | CreateButton(); |
||
46 | if (!$OrderObj->order_id()) { |
||
47 | redirect_header(XOOPS_URL, 2, _AM_MARTIN_UNAUTHORIZED_ACCESS); |
||
48 | } |
||
49 | $form = new form_order($OrderObj); |
||
50 | |||
51 | $form->display(); |
||
52 | martin_close_collapsable('createtable', 'createtableicon'); |
||
0 ignored issues
–
show
Unused Code
introduced
by
![]() |
|||
53 | break; |
||
54 | /*case "info": |
||
55 | |||
56 | break;*/ |
||
57 | case "save": |
||
58 | $OrderObj->setVar('order_id', $id); |
||
59 | $OrderObj->setVar('order_status', (int)($_POST['order_status'])); |
||
60 | $room_price = $_POST['room_price']; |
||
61 | |||
62 | if (!$id) { |
||
63 | $OrderObj->setNew(); |
||
64 | } |
||
65 | |||
66 | if ($OrderObj->isNew()) { |
||
67 | $redirect_msg = _AM_MARTIN_ADDED_SUCCESSFULLY; |
||
68 | $redirect_to = 'martin.order.php'; |
||
69 | } else { |
||
70 | $redirect_msg = _AM_MARTIN_MODIFIED_SUCCESSFULLY; |
||
71 | $redirect_to = 'martin.order.php'; |
||
72 | } |
||
73 | if (!$order_handler->updateOrder($OrderObj, $room_price)) { |
||
74 | redirect_header('javascript:history.go(-1);', 2, _AM_MARTIN_OPERATION_FAILED); |
||
75 | exit(); |
||
76 | } |
||
77 | redirect_header($redirect_to, 2, $redirect_msg); |
||
78 | break; |
||
79 | case "del": |
||
80 | if (!$confirm) { |
||
81 | xoops_confirm(array('op' => 'del', 'id' => $id, 'confirm' => 1, 'name' => ''), '?action=del', _AM_MARTIN_DELETE_ORDERS . "'" . $id . "'. <br /> <br /> " . _AM_MARTIN_OK_TO_DELETE_THE_ORDER . "?", _DELETE); |
||
82 | } else { |
||
83 | if ($order_handler->delete($OrderObj)) { |
||
84 | $redirect_msg = _AM_MARTIN_OK_TO_DELETE_THE_ORDER; |
||
85 | $redirect_to = "martin.order.php"; |
||
86 | } else { |
||
87 | $redirect_msg = _AM_MARTIN_DELETE_FAILED; |
||
88 | $redirect_to = "javascript:history.go(-1);"; |
||
89 | } |
||
90 | redirect_header($redirect_to, 2, $redirect_msg); |
||
91 | } |
||
92 | break; |
||
93 | case "list": |
||
94 | martin_collapsableBar('createtable', 'createtableicon', _AM_MARTIN_HOTEL_ORDER_LIST, _AM_MARTIN_HOTEL_ORDER_LIST); |
||
95 | CreateButton(); |
||
96 | |||
97 | //searchData |
||
98 | $searchData = isset($_POST['s']) ? $_POST['s'] : null; |
||
99 | $searchData = isset($_GET['s']) ? $_GET['s'] : $searchData; |
||
100 | |||
101 | $hotel_name = isset($_GET['hotel_name']) ? $_GET['hotel_name'] : null; |
||
102 | |||
103 | //分页 |
||
104 | $Count = $order_handler->getCount($searchData); |
||
105 | |||
106 | include_once XOOPS_ROOT_PATH . '/class/pagenav.php'; |
||
107 | |||
108 | $searchStr = ''; |
||
109 | $searchData = array_filter($searchData); |
||
110 | if (is_array($searchData)) { |
||
111 | foreach ($searchData as $key => $value) { |
||
112 | $searchStr .= 's[' . $key . ']' . '=' . $value . '&'; |
||
113 | ${$key} = (int)($value); |
||
114 | } |
||
115 | } |
||
116 | |||
117 | $pagenav = new XoopsPageNav($Count, $xoopsModuleConfig['perpage'], $start, 'start', $searchStr); |
||
118 | $pavStr = '<div style="text-align:left;">' . $pagenav->renderNav() . '</div>'; |
||
119 | |||
120 | //html |
||
121 | $htmlStar = getModuleArray('hotelrank', 'hotel_star'); |
||
122 | $htmlOrderType = getModuleArray('order_type', 's[order_type]', false, ($order_type)); |
||
123 | $htmlOrderMode = getModuleArray('order_mode', 's[order_mode]', false, ($order_mode)); |
||
124 | $htmlOrderPayMethod = getModuleArray('order_pay_method', 's[order_pay_method]', false, ($order_pay_method)); |
||
125 | $htmlOrderStatus = getModuleArray('order_status', 's[order_status]', false, ($order_status)); |
||
126 | //array |
||
127 | $OrderType = getModuleArray('order_type', 'order_type', true); |
||
128 | $OrderMode = getModuleArray('order_mode', 'order_mode', true); |
||
129 | $OrderPayMethod = getModuleArray('order_pay_method', 'order_pay_method', true); |
||
130 | $OrderStatus = getModuleArray('order_status', 'order_status', true); |
||
131 | |||
132 | $selectedHotel = is_null($hotel_name) ? '' : "\n<option value='{$hotel_id}' selected='selected'>$hotel_name</option>"; |
||
133 | $htmlHotel = "<span id='hotel_name_div'><SELECT name='s[hotel_id]' onchange='hotel_select(this)'><option value='0'>----</option>$selectedHotel</SELECT></span><span id='hotel_name'></span>"; |
||
134 | $Status = array('<div style="background-color:#FF0000">' . _AM_MARTIN_DRAFT . '</div>', '<div style="background-color:#00FF00">' . _AM_MARTIN_PUBLISHED . '</div>'); |
||
135 | //$htmlStar = getModuleArray('hotelrank','hotel_star'); |
||
136 | |||
137 | $OrderObjs = $Count > 0 ? $order_handler->getOrders($searchData, $xoopsModuleConfig['perpage'], $start, 0) : null; |
||
138 | // Creating the objects for top categories |
||
139 | |||
140 | echo "$pavStr<table width='100%' cellspacing=1 cellpadding=9 border=0 class = outer>"; |
||
141 | echo "<tr><td class='bg3' align='left'> |
||
142 | <form action='' id='orderSearch' method='get'> |
||
143 | " . _AM_MARTIN_HOTEL_AREA . ":{$hotelcity_handler->getTree('hotel_city_id', $_GET['hotel_city_id'])} |
||
144 | " . _AM_MARTIN_HOTEL_STARS . ":$htmlStar |
||
145 | " . _AM_MARTIN_HOTEL_NAME . ":$htmlHotel |
||
146 | " . _AM_MARTIN_PREDETERMINED_MANNER . ":$htmlOrderType |
||
147 | " . _AM_MARTIN_PAY_BY . ":$htmlOrderPayMethod |
||
148 | " . MARTIN_ORDER_MODE_TITLE . ":$htmlOrderMode |
||
149 | " . _AM_MARTIN_ORDER_STATUS . ":$htmlOrderStatus |
||
150 | </td></tr><tr><td class='bg3' align='right'> |
||
151 | <input type='submit' value=" . _AM_MARTIN_SEARCH . "></td> |
||
152 | </form></tr>"; |
||
153 | echo "</table>"; |
||
154 | echo "<table width='100%' cellspacing=1 cellpadding=14 border=0 class = outer>"; |
||
155 | echo "<td class='bg3' width=10 align='left'><b>ID</b></td>"; |
||
156 | echo "<td class='bg3' align='left'><b>" . _AM_MARTIN_PREDETERMINED_MANNER . "</b></td>"; |
||
157 | echo "<td class='bg3' align='left'><b>" . _AM_MARTIN_ORDER_MODE . "</b></td>"; |
||
158 | echo "<td class='bg3' align='left'><b>" . _AM_MARTIN_PAY_BY . "</b></td>"; |
||
159 | echo "<td class='bg3' align='left'><b>" . _AM_MARTIN_STATUS . "</b></td>"; |
||
160 | echo "<td class='bg3' width=30 align='left'><b>" . _AM_MARTIN_TOTAL_PRICE . "</b></td>"; |
||
161 | echo "<td class='bg3' align='left'><b>" . _AM_MARTIN_PAYMENT_AMOUNT . "</b></td>"; |
||
162 | echo "<td class='bg3' align='left'><b>" . _AM_MARTIN_USE_COUPONS . "</b></td>"; |
||
163 | echo "<td class='bg3' align='left'><b>" . _AM_MARTIN_USER . "</b></td>"; |
||
164 | //echo "<td class='bg3' align='left'><b>"._AM_MARTIN_FULL_NAME."</b></td>"; |
||
165 | echo "<td class='bg3' align='left'><b>" . _AM_MARTIN_PHONE . "</b></td>"; |
||
166 | //echo "<td class='bg3' align='left'><b>"._AM_MARTIN_ORDER_MODIFICATION_TIME."</b></td>"; |
||
167 | //echo "<td class='bg3' align='left'><b>"._AM_MARTIN_SUBMIT_TIME."</b></td>"; |
||
168 | echo "<td class='bg3' align='center'><b>" . _AM_MARTIN_ACTIONS . "</b></td>"; |
||
169 | echo "</tr>"; |
||
170 | if ($Count > 0) { |
||
171 | foreach ($OrderObjs as $order) { |
||
172 | $modify = "<a href='?action=edit&id=" . $order->order_id() . "'><img src='" . XOOPS_URL . "/modules/" . $xoopsModule->dirname() . "/images/icon/edit.gif'/></a>"; |
||
173 | $delete = "<a href='?action=del&id=" . $order->order_id() . "'><img src='" . XOOPS_URL . "/modules/" . $xoopsModule->dirname() . "/images/icon/delete.gif'/></a>"; |
||
174 | echo '<tr>'; |
||
175 | echo "<td class='even' align='left'> |
||
176 | <a href='?action=edit&id={$order->order_id()}' title='" . _AM_MARTIN_SEE_DETAILS . "'>{$order->order_id()}</a></td>"; |
||
177 | echo "<td class='even' align='left'>{$OrderType[$order->order_type()]}</td>"; |
||
178 | echo "<td class='even' align='left'>{$OrderMode[$order->order_mode()]}</td>"; |
||
179 | echo "<td class='even' align='left'>{$OrderPayMethod[$order->order_pay_method()]}</td>"; |
||
180 | echo "<td class='even' align='left'>{$OrderStatus[$order->order_status()]}</td>"; |
||
181 | echo "<td class='even' align='left'>{$order->order_total_price()}</td>"; |
||
182 | echo "<td class='even' align='left'>{$order->order_pay_money()}</td>"; |
||
183 | echo "<td class='even' align='left'>{$order->order_coupon()}</td>"; |
||
184 | echo "<td class='even' align='left'> |
||
185 | <a href='" . XOOPS_URL . "/userinfo.php?uid={$order->order_uid()}' title='" . _AM_MARTIN_VIEW_USER_INFORMATION . "' target='_blank'>{$order->uname()}</a> ({$order->order_real_name()})</td>"; |
||
186 | //echo "<td class='even' align='left'>{$order->order_real_name()}</td>"; |
||
187 | echo "<td class='even' align='left'>{$order->order_phone()}<br>{$order->order_telephone()}</td>"; |
||
188 | //echo "<td class='even' align='left'>".date('Y-m-d H:i:s',$order->order_status_time())."</td>"; |
||
189 | //echo "<td class='even' align='left'>".date('Y-m-d H:i:s',$order->order_submit_time())."</td>"; |
||
190 | echo "<td class='even' align='center'> $modify $delete </td>"; |
||
191 | echo '</tr>'; |
||
192 | } |
||
193 | } else { |
||
194 | echo "<tr>"; |
||
195 | echo "<td class='head' align='center' colspan= '14'>" . MARTIN_IS_NUll . "</td>"; |
||
196 | echo "</tr>"; |
||
197 | $categoryid = '0'; |
||
198 | } |
||
199 | echo "</table></form>\n"; |
||
200 | echo "$pavStr<br />"; |
||
201 | martin_close_collapsable('createtable', 'createtableicon'); |
||
0 ignored issues
–
show
|
|||
202 | martin_order_list_js(); |
||
203 | echo "<br>"; |
||
204 | |||
205 | break; |
||
206 | default: |
||
207 | redirect_header(XOOPS_URL, 2, _AM_MARTIN_UNAUTHORIZED_ACCESS); |
||
208 | break; |
||
209 | } |
||
210 | |||
211 | function CreateButton() |
||
0 ignored issues
–
show
The function
CreateButton() has been defined more than once; this definition is ignored, only the first definition in admin/martin.auction.php (L178-184) is considered.
This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This
may lead to problems with the detection of function parameters and types. If you really
need to do this, you can mark the duplicate definition with the /**
* @ignore
*/
function getUser() {
}
function getUser($id, $realm) {
}
See also the PhpDoc documentation for @ignore. ![]() |
|||
212 | { |
||
213 | Create_button(array( |
||
214 | 'servicetypelist' => array('url' => 'martin.order.php?action=list', 'value' => _AM_MARTIN_HOTEL_ORDER_LIST),)); |
||
215 | } |
||
216 | |||
217 | //底部 |
||
218 | include_once __DIR__ . '/admin_footer.php'; |
||
219 |