Ejemplo n.º 1
0
function delete_course($course, $material)
{
    global $db, $moduleFactory;
    $delete_groups = FALSE;
    // whether or not to delete the groups as well
    $groups = array();
    //unset s_cid var
    if ($material === TRUE) {
        unset($_SESSION['s_cid']);
        $delete_groups = TRUE;
        // get a list of groups in an array to send to module::delete()
        // get groups
        $sql = "SELECT G.group_id FROM %sgroups G INNER JOIN %sgroups_types T USING (type_id) WHERE T.course_id=%d";
        $group_rows = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $course));
        foreach ($group_rows as $group_row) {
            $groups[] = $group_row['group_id'];
        }
    }
    $module_list = $moduleFactory->getModules(AT_MODULE_STATUS_ENABLED | AT_MODULE_STATUS_DISABLED);
    $keys = array_keys($module_list);
    //loop through mods and call delete function
    foreach ($keys as $module_name) {
        if ($module_name == '_core/groups') {
            continue;
        }
        if ($module_name == '_core/enrolment') {
            continue;
        }
        $module = $module_list[$module_name];
        if ($material === TRUE || isset($material[$module_name])) {
            $module->delete($course, $groups);
            ////// Breaks here
        }
    }
    // groups and enrollment must be deleted last because that info is used by other modules
    if ($material === TRUE || isset($material['_core/groups'])) {
        $module =& $moduleFactory->getModule('_core/groups');
        $module->delete($course, $groups);
    }
    if ($material === TRUE || isset($material['_core/enrolment'])) {
        $module =& $moduleFactory->getModule('_core/enrolment');
        $module->delete($course, $groups);
    }
    if ($material === TRUE) {
        // delete actual course
        $sql = "DELETE FROM %scourses WHERE course_id=%d";
        $result = queryDB($sql, array(TABLE_PREFIX, $course));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_DELETE, 'courses', $result, $sqlout);
    }
}
Ejemplo n.º 2
0
 function query($querystring)
 {
     // log the query
     global $config;
     if ($config['keep_log']) {
         write_to_log($querystring);
     }
     // run the query
     $result = $this->handle->query(stripslashes(trim($querystring)));
     if ($result) {
         $result->setFetchMode(PDO::FETCH_ASSOC);
     }
     return $result;
 }
Ejemplo n.º 3
0
    $msg->addFeedback('CANCELLED');
    header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php');
    exit;
} else {
    if (isset($_POST['form_basiclti'], $tool)) {
        if (at_form_validate($blti_admin_form, $msg)) {
            $sql = "SELECT count(*) cnt FROM " . TABLE_PREFIX . "basiclti_tools WHERE toolid = '" . mysql_real_escape_string($_POST['toolid']) . "' AND id != {$tool};";
            $result = mysql_query($sql, $db) or die(mysql_error());
            $row = mysql_fetch_assoc($result);
            if ($row["cnt"] != 0) {
                $msg->addFeedback('NEED_UNIQUE_TOOLID');
            } else {
                $sql = at_form_update($_POST, $blti_admin_form);
                $sql = 'UPDATE ' . TABLE_PREFIX . "basiclti_tools SET " . $sql . " WHERE id = {$tool};";
                $result = mysql_query($sql, $db) or die(mysql_error());
                write_to_log(AT_ADMIN_LOG_INSERT, 'basiclti_create', mysql_affected_rows($db), $sql);
                $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
                header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php');
                exit;
            }
        }
    }
}
$sql = "SELECT * FROM " . TABLE_PREFIX . "basiclti_tools WHERE id = " . $tool . ";";
$result = mysql_query($sql, $db) or die(mysql_error());
$toolrow = mysql_fetch_assoc($result);
if ($toolrow['id'] != $tool) {
    $msg->addFeedback('COULD_NOT_LOAD_TOOL');
    header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php');
    exit;
}
Ejemplo n.º 4
0
        $msg->addError(array('EMPTY_FIELDS', _AT('title')));
    }
    $cat_name = validate_length($cat_name, 100);
    if ($_POST['theme_parent']) {
        $sql = "SELECT theme FROM %scourse_cats WHERE cat_id=%d";
        $rows_cats = queryDB($sql, array(TABLE_PREFIX, $cat_parent_id));
        if (count($rows_cats) > 0) {
            $cat_theme = $row['theme'];
        }
    }
    if (!$msg->containsErrors()) {
        $sql = "INSERT INTO %scourse_cats VALUES (NULL, '%s', %d, '%s')";
        $rows_cats = queryDB($sql, array(TABLE_PREFIX, $cat_name, $cat_parent_id, $cat_theme));
        $cat_id = at_insert_id($db);
        $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
        write_to_log(AT_ADMIN_LOG_INSERT, 'course_cats', count($rows_cats), $sqlout);
        header('Location: course_categories.php');
        exit;
    }
} else {
    if (isset($_POST['cancel'])) {
        $msg->addFeedback('CANCELLED');
        header('Location: course_categories.php');
        exit;
    }
}
/* $categories[category_id] = array(cat_name, cat_parent, num_courses, [array(children)]) */
$categories = get_categories();
require AT_INCLUDE_PATH . 'header.inc.php';
$msg->printAll();
?>
Ejemplo n.º 5
0
 function ajax_batch_status()
 {
     if (!isset($_REQUEST['items']) || empty($_REQUEST['items'])) {
         $this->ajaxReturn(0, '更新出错,未传入商品ID');
     }
     $type = $_REQUEST['type'];
     if (!isset($_REQUEST['type']) || !in_array($_REQUEST['type'], array('status', 'desc'))) {
         $type = 'status';
     }
     $ids = mysql_escape_string($_REQUEST['items']);
     $items = $this->_mod->where(array('id' => array('in', $ids)))->field('num_iid')->select();
     if (!is_array($items)) {
         $this->ajaxReturn(1);
     }
     array_walk($items, create_function('&$v,$k', '$v=$v["num_iid"];'));
     $items = array_chunk($items, 10);
     $top = $this->_get_tb_top();
     $res = $top->load_api('TaobaokeItemsDetailGetRequest');
     switch ($type) {
         case 'status':
             $fields = 'num_iid,approve_status';
             $res->setFields($fields);
             $delete_items = '';
             foreach ($items as $group) {
                 $res->setNumIids(implode(',', $group));
                 $resp1 = $top->execute($res);
                 $resp = get_object_vars($resp1->taobaoke_item_details);
                 if (!is_array($resp['taobaoke_item_detail'])) {
                     write_to_log('接口调用失败,淘宝返回:' . var_export($resp1, true));
                     continue;
                 }
                 foreach ((array) $resp['taobaoke_item_detail'] as $item) {
                     $item = get_object_vars($item->item);
                     if ($item['approve_status'] == 'instock') {
                         $delete_items .= $item['num_iid'] . ',';
                     }
                 }
             }
             $delete_items = substr($delete_items, 0, -1);
             $condition['_logic'] = 'OR';
             if ($delete_items) {
                 $condition['num_iid'] = array('in', $delete_items);
             }
             $condition['coupon_end_time'] = array('elt', time());
             $this->_mod->where($condition)->delete();
             break;
         case 'desc':
             $fields = 'num_iid,desc';
             $res->setFields($fields);
             foreach ($items as $group) {
                 $res->setNumIids(implode(',', $group));
                 $resp1 = $top->execute($res);
                 $resp = get_object_vars($resp1->taobaoke_item_details);
                 if (!is_array($resp['taobaoke_item_detail'])) {
                     write_to_log('接口调用失败,淘宝返回:' . var_export($resp1, true));
                     continue;
                 }
                 foreach ((array) $resp['taobaoke_item_detail'] as $item) {
                     $item = get_object_vars($item->item);
                     $this->_mod->where(array('num_iid' => $item['num_iid']))->save(array('desc' => $item['desc']));
                 }
             }
             break;
     }
     $this->ajaxReturn(1);
 }
Ejemplo n.º 6
0
            header('Location: auto_enroll.php');
            exit;
        }
    }
} else {
    if (isset($_POST['delete'])) {
        if (!$_POST['delete_ids']) {
            $msg->addError('NO_ITEM_SELECTED');
        }
        if (!$msg->containsErrors()) {
            foreach ($_POST['delete_ids'] as $elem) {
                $sql = "DELETE FROM %sauto_enroll_courses WHERE auto_enroll_courses_id = %d";
                $rows_deleted = queryDB($sql, array(TABLE_PREFIX, $elem));
            }
            $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
            write_to_log(AT_ADMIN_LOG_DELETE, 'auto_enroll_courses', $rows_deleted, $sqlout);
        }
    } else {
        if (isset($_POST['cancel'])) {
            $msg->addFeedback('CANCELLED');
            header('Location: auto_enroll.php');
            exit;
        }
    }
}
/* $categories[category_id] = array(cat_name, cat_parent, num_courses, [array(children)]) */
require AT_INCLUDE_PATH . 'header.inc.php';
$msg->printAll();
// existing auto enrollment
if ($auto_enroll_id > 0) {
    $sql = "SELECT * FROM %sauto_enroll\n\t         WHERE auto_enroll_id = %d";
Ejemplo n.º 7
0
         header('Location: bounce.php?course=' . $_POST['form_course_id']);
         exit;
     }
 } else {
     // check if it's an admin login.
     $rows = queryDB("SELECT login, `privileges`, language FROM %sadmins WHERE login='******' AND SHA1(CONCAT(password, '%s'))='%s' AND `privileges`>0", array(TABLE_PREFIX, $this_login, $_SESSION['token'], $this_password));
     if ($row = $rows[0]) {
         $sql = "UPDATE %sadmins SET last_login=NOW() WHERE login='******'";
         $num_login = queryDB($sql, array(TABLE_PREFIX, $this_login));
         $_SESSION['login'] = $row['login'];
         $_SESSION['valid_user'] = true;
         $_SESSION['course_id'] = -1;
         $_SESSION['privileges'] = intval($row['privileges']);
         $_SESSION['lang'] = $row['language'];
         $sql = "UPDATE " . TABLE_PREFIX . "admins SET last_login=NOW() WHERE login='******'";
         write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', $num_login, $sql);
         //clear login attempt on successful login
         queryDB("DELETE FROM %smember_login_attempt WHERE login='******'", array(TABLE_PREFIX, $this_login));
         $msg->addFeedback('LOGIN_SUCCESS');
         header('Location: admin/index.php');
         exit;
     } else {
         $expiry_stmt = '';
         $attempt_login++;
         if ($attempt_expiry == 0) {
             $expiry = time() + LOGIN_ATTEMPT_LOCKED_TIME * 60;
             //an hour from now
         } else {
             $expiry = $attempt_expiry;
         }
         queryDB("REPLACE INTO %smember_login_attempt SET attempt='%s', expiry='%s', login='******'", array(TABLE_PREFIX, $attempt_login, $expiry, $this_login));
Ejemplo n.º 8
0
admin_authenticate(AT_ADMIN_PRIV_CATEGORIES);
if (isset($_POST['submit_no'])) {
    $msg->addFeedback('CANCELLED');
    header('Location: course_categories.php');
    exit;
} else {
    if (isset($_POST['submit_yes'])) {
        /* delete has been confirmed, delete this category */
        $cat_id = intval($_POST['cat_id']);
        if (!is_array($categories[$cat_id]['children'])) {
            $sql = "DELETE FROM " . TABLE_PREFIX . "course_cats WHERE cat_id={$cat_id}";
            $result = mysql_query($sql, $db);
            write_to_log(AT_ADMIN_LOG_DELETE, 'course_cats', mysql_affected_rows($db), $sql);
            $sql = "UPDATE " . TABLE_PREFIX . "courses SET cat_id=0 WHERE cat_id={$cat_id}";
            $result = mysql_query($sql, $db);
            write_to_log(AT_ADMIN_LOG_DELETE, 'courses', mysql_affected_rows($db), $sql);
            $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
            header('Location: course_categories.php');
            exit;
        }
    }
}
require AT_INCLUDE_PATH . 'header.inc.php';
$_GET['cat_id'] = intval($_GET['cat_id']);
$sql = "SELECT * FROM " . TABLE_PREFIX . "course_cats WHERE cat_id={$_GET['cat_id']}";
$result = mysql_query($sql, $db);
if (mysql_num_rows($result) == 0) {
    $msg->printErrors('ITEM_NOT_FOUND');
} else {
    $row = mysql_fetch_assoc($result);
    $hidden_vars['cat_name'] = $row['cat_name'];
Ejemplo n.º 9
0
echo '<div style="padding-left: 30px;"><pre>';
echo "cpID\torder\t cID";
$sql = "SELECT content_id, content_parent_id, ordering, course_id FROM " . TABLE_PREFIX . "content ORDER BY course_id, content_parent_id, ordering";
$result = mysql_query($sql, $db);
while ($row = mysql_fetch_assoc($result)) {
    if ($current_course_id != $row['course_id']) {
        echo "\n\n-- course id {$row['course_id']}\n\n";
        $current_course_id = $row['course_id'];
        unset($current_parent_id);
        unset($ordering);
    }
    echo $row['content_parent_id'] . "\t" . $row['ordering'] . "\t" . $row['content_id'];
    if ($current_parent_id != $row['content_parent_id']) {
        $current_parent_id = $row['content_parent_id'];
        $ordering = 1;
    }
    if ($row['ordering'] != $ordering) {
        echo "\t mismatch : expecting {$ordering} [fixed]";
        $sql = "UPDATE " . TABLE_PREFIX . "content SET ordering={$ordering} WHERE content_id={$row['content_id']}";
        mysql_query($sql, $db);
        write_to_log(AT_ADMIN_LOG_UPDATE, 'content', mysql_affected_rows($db), $sql);
    }
    echo "\n";
    $ordering++;
}
$savant->assign('ordering', $ordering);
$savant->assign('content_id', $content_id);
$savant->assign('content_parent_id', $content_parent_id);
echo ' </pre></div>';
$savant->display('admin/fix_content.tmpl.php');
require AT_INCLUDE_PATH . 'footer.inc.php';
Ejemplo n.º 10
0
} else {
    if (isset($_POST['submit_yes'])) {
        /* delete has been confirmed, delete this category */
        $myown_patch_id = intval($_POST['myown_patch_id']);
        $sql = "DELETE FROM %smyown_patches WHERE myown_patch_id=%d";
        $result = queryDB($sql, array(TABLE_PREFIX, $myown_patch_id));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches', $result, $sqlout);
        $sql = "DELETE FROM %smyown_patches_dependent WHERE myown_patch_id=%d";
        $result = queryDB($sql, array(TABLE_PREFIX, $myown_patch_id));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches_dependent', $result, $sqlout);
        $sql = "DELETE FROM %smyown_patches_files WHERE myown_patch_id=%d";
        $result = queryDB($sql, array(TABLE_PREFIX, $myown_patch_id));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches_files', $result, $sqlout);
        $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
        header('Location: myown_patches.php');
        exit;
    }
}
require AT_INCLUDE_PATH . 'header.inc.php';
$_GET['myown_patch_id'] = intval($_GET['myown_patch_id']);
$sql = "SELECT myown_patch_id, atutor_patch_id FROM %smyown_patches m WHERE m.myown_patch_id=%d";
$row = queryDB($sql, array(TABLE_PREFIX, $_GET['myown_patch_id']), TRUE);
if (count($row) == 0) {
    $msg->printErrors('ITEM_NOT_FOUND');
} else {
    $hidden_vars['atutor_patch_id'] = $row['atutor_patch_id'];
    $hidden_vars['myown_patch_id'] = $row['myown_patch_id'];
    $confirm = array('DELETE_MYOWN_PATCH', $row['atutor_patch_id']);
Ejemplo n.º 11
0
function delete_user($id)
{
    global $db, $msg;
    //make sure not instructor of a course
    $sql = "SELECT course_id FROM %scourses WHERE member_id=%d";
    $row_instructor = queryDB($sql, array(TABLE_PREFIX, $id), TRUE);
    // WHAT'S THE PURPOSE OF THIS CONDITION?
    if (count($row_instructor) > 0) {
        /*$msg->addError('NODELETE_USER');
        		header('Location: '.AT_BASE_HREF.'users.php');
        		exit;*/
        return;
    }
    $sql = "DELETE FROM %scourse_enrollment WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout);
    $sql = "DELETE FROM %sforums_accessed WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'forums_accessed', $result, $sqlout);
    $sql = "DELETE FROM %sforums_subscriptions WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'forums_subscriptions', $result, $sqlout);
    /****/
    /* delete forum threads block: */
    /* delete the thread replies: */
    $sql = "SELECT COUNT(*) AS cnt, parent_id, forum_id FROM %sforums_threads WHERE member_id=%d AND parent_id<>0 GROUP BY parent_id";
    $rows_threads = queryDB($sql, array(TABLE_PREFIX, $id));
    foreach ($rows_threads as $row) {
        /* update the forum posts counter */
        $sql = "UPDATE %sforums SET num_posts=num_posts - %d, last_post=last_post WHERE forum_id=%d";
        $result = queryDB($sql, array(TABLE_PREFIX, $row['cnt'], $row['forum_id']));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_UPDATE, 'forums', $result, $sqlout);
        /* update the topics reply counter */
        $sql = "UPDATE %sforums_threads SET num_comments=num_comments-%d, last_comment=last_comment, date=date WHERE post_id=%d";
        $result = queryDB($sql, array(TABLE_PREFIX, $row['cnt'], $row['parent_id']));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_UPDATE, 'forums_threads', $result, $sqlout);
    }
    /* delete threads this member started: */
    $sql = "SELECT post_id, forum_id, num_comments FROM %sforums_threads WHERE member_id=%d AND parent_id=0";
    $rows_posts = queryDB($sql, array(TABLE_PREFIX, $id));
    foreach ($rows_posts as $row) {
        /* update the forum posts and topics counters */
        $num_posts = $row['num_comments'] + 1;
        $sql = "UPDATE %sforums SET num_topics=num_topics-1, num_posts=num_posts - %d, last_post=last_post WHERE forum_id=%d";
        $result = queryDB($sql, array(TABLE_PREFIX, $num_posts, $row['forum_id']));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_UPDATE, 'forums', $result, $sqlout);
        /* delete the replies */
        $sql = "DELETE FROM %sforums_threads WHERE parent_id=%d";
        $result = queryDB($sql, array(TABLE_PREFIX, $row['post_id']));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_DELETE, 'forums_threads', $result, $sqlout);
    }
    /* delete the actual threads */
    $sql = "DELETE FROM %sforums_threads WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'forums_threads', $result, $sqlout);
    /* end delete forum threads block. */
    /****/
    $sql = "DELETE FROM %sinstructor_approvals WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'instructor_approvals', $result, $sqlout);
    $sql = "DELETE FROM %smessages WHERE from_member_id=%d OR to_member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'messages', $result, $sqlout);
    $sql = "DELETE FROM %spolls_members WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'polls_members', $result, $sqlout);
    $sql = "DELETE FROM %stests_answers WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'tests_answers', $result, $sqlout);
    $sql = "DELETE FROM %stests_results WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'tests_results', $result, $sqlout);
    $sql = "DELETE FROM %susers_online WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'users_online', $result, $sqlout);
    $sql = "DELETE FROM %smembers WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'members', $result, $sqlout);
    $sql = "DELETE FROM %smember_track WHERE member_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'member_track', $result, $sqlout);
    // delete personal files from file storage
    fs_delete_workspace(WORKSPACE_PERSONAL, $id);
    return;
}
Ejemplo n.º 12
0
    $msg->addFeedback('CANCELLED');
    header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php');
    exit;
} else {
    if (isset($_POST['form_basiclti'])) {
        if (at_form_validate($blti_admin_form, $msg)) {
            $sql = "SELECT count(*) cnt FROM %sbasiclti_tools WHERE toolid = '%s'";
            $row = queryDB($sql, array(TABLE_PREFIX, $_POST['toolid']), TRUE);
            if ($row["cnt"] != 0) {
                $msg->addError('NEED_UNIQUE_TOOLID');
            } else {
                $sql = at_form_insert($_POST, $blti_admin_form);
                $sql = 'INSERT INTO %sbasiclti_tools ' . $sql;
                $result = queryDB($sql, array(TABLE_PREFIX));
                global $sqlout;
                write_to_log(AT_ADMIN_LOG_INSERT, 'basiclti_create', $result, $sqlout);
                $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
                header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php');
                exit;
            }
        }
    }
}
include AT_INCLUDE_PATH . 'header.inc.php';
$msg->printAll();
?>
<form method="post" action="<?php 
echo $_SERVER['PHP_SELF'];
?>
" name="basiclti_form" enctype="multipart/form-data">
  <input type="hidden" name="form_basiclti" value="true" />
Ejemplo n.º 13
0
/* This program is free software. You can redistribute it and/or*/
/* modify it under the terms of the GNU General Public License  */
/* as published by the Free Software Foundation.				*/
/****************************************************************/
// $Id$
define('AT_INCLUDE_PATH', '../../../../include/');
require AT_INCLUDE_PATH . 'vitals.inc.php';
admin_authenticate(AT_ADMIN_PRIV_ADMIN);
if (isset($_POST['submit_no'])) {
    $msg->addFeedback('CANCELLED');
    header('Location: ./log.php');
    exit;
} else {
    if (isset($_POST['submit_yes'])) {
        //clean up the db
        $sql = "DELETE FROM %sadmin_log";
        $result = queryDB($sql, array(TABLE_PREFIX));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_DELETE, 'admin_log', $result, $sqlout);
        $msg->addFeedback('ADMIN_LOG_RESET');
        header('Location: ./log.php');
        exit;
    }
}
require AT_INCLUDE_PATH . 'header.inc.php';
//print confirmation
$hidden_vars['all'] = TRUE;
$confirm = array('RESET_ADMIN_LOG', $_SERVER['PHP_SELF']);
$msg->addConfirm($confirm, $hidden_vars);
$msg->printConfirm();
require AT_INCLUDE_PATH . 'footer.inc.php';
Ejemplo n.º 14
0
$request_id = intval($_REQUEST['id']);
$sql = "SELECT * FROM " . TABLE_PREFIX . "members WHERE member_id=" . $request_id;
$result = mysql_query($sql, $db);
if (!($row = mysql_fetch_array($result))) {
    require AT_INCLUDE_PATH . 'header.inc.php';
    echo _AT('no_user_found');
    require AT_INCLUDE_PATH . 'footer.inc.php';
    exit;
}
// message options
$msg_options = array(_AT('leave_blank'), _AT('instructor_request_denymsg1'), _AT('instructor_request_denymsg2'), _AT('instructor_request_denymsg3'), _AT('instructor_request_denymsg4'), _AT('other'));
$other_option = count($msg_options) - 1;
if (isset($_POST['submit'])) {
    $sql = 'DELETE FROM ' . TABLE_PREFIX . 'instructor_approvals WHERE member_id=' . $request_id;
    $result = mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'instructor_approvals', mysql_affected_rows($db), $sql);
    $msg->addFeedback('PROFILE_UPDATED_ADMIN');
    /* notify the users that they have been denied: */
    $sql = "SELECT email, first_name, last_name FROM " . TABLE_PREFIX . "members WHERE member_id=" . $_POST['id'];
    $result = mysql_query($sql, $db);
    if ($row = mysql_fetch_array($result)) {
        $to_email = $row['email'];
        $message = _AT('instructor_request_deny', AT_BASE_HREF) . " \n";
        if ($_POST['msg_option'] == $other_option) {
            $message .= addslashes($_POST['other_msg']);
        } else {
            if ($_POST['msg_option']) {
                $message .= "\n" . $msg_options[$_POST['msg_option']];
            }
        }
        if ($to_email != '') {
Ejemplo n.º 15
0
        $extra_info = $xml_parser->theme_rows['extra_info'];
    }
    if ($title == '') {
        $title = str_replace('_', ' ', $theme);
    }
    $last_updated = date('Y-m-d');
    $status = '1';
    //if version number is not compatible with current Atutor version, set theme as disabled
    if ($version != VERSION) {
        $status = '0';
    }
    //save information in database
    $sql = "INSERT INTO %sthemes (title, version, dir_name, type, last_updated, extra_info, status, customized) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', %d, 1)";
    $result = queryDB($sql, array(TABLE_PREFIX, $title, $version, $theme, $type, $last_updated, $extra_info, $status));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_INSERT, 'themes', $result, $sqlout);
}
if (!$result) {
    clr_dir("../../themes/" . $theme);
    if ($_GET['permission_granted'] == 1) {
        header('Location: ' . AT_BASE_HREF . 'mods/_core/themes/theme_install_step_3.php?error=1');
    } else {
        $msg->addError('IMPORT_FAILED');
        header('Location: ' . AT_BASE_HREF . 'mods/_core/themes/install_themes.php');
    }
} else {
    if ($_GET['permission_granted'] == 1) {
        header('Location: ' . AT_BASE_HREF . 'mods/_core/themes/theme_install_step_3.php?installed=1');
    } else {
        $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
        header('Location: ' . AT_BASE_HREF . 'mods/_core/themes/index.php');
Ejemplo n.º 16
0
function delete_theme($theme_dir)
{
    global $msg;
    $theme_dir = addslashes($theme_dir);
    //check status
    $sql = "SELECT status, customized FROM %sthemes WHERE dir_name='%s'";
    $row = queryDB($sql, array(TABLE_PREFIX, $theme_dir), TRUE);
    $status = intval($row['status']);
    $customized = intval($row['customized']);
    //can't delete if
    // 1. a system default
    // 2. current default theme
    // 3. a system level theme
    if ($theme_dir == 'default' || $status == 2 || !$customized && defined('IS_SUBSITE') && IS_SUBSITE) {
        $msg->addError('THEME_NOT_DELETED');
        return FALSE;
    } else {
        //disable, clear directory and delete theme from db
        require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php';
        /* for clr_dir() */
        if ($status != 0) {
            disable_theme($theme_dir);
            $msg->deleteFeedback('THEME_DISABLED');
        }
        $dir = get_main_theme_dir($customized) . $theme_dir;
        //chmod($dir, 0777);
        @clr_dir($dir);
        $sql1 = "DELETE FROM %sthemes WHERE dir_name = '%s'";
        $result1 = queryDB($sql1, array(TABLE_PREFIX, $theme_dir));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_DELETE, 'themes', $result1, $sqlout);
        $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
        return TRUE;
    }
}
Ejemplo n.º 17
0
        fclose($fp);
        if ($_POST['override'] == 1 && $existing_accounts) {
            // disable missing accounts
            $existing_accounts = implode(',', $existing_accounts);
            $sql = "UPDATE %smembers SET status=%d, creation_date=creation_date, last_login=last_login WHERE member_id IN (%s)";
            $result = queryDB($sql, array(TABLE_PREFIX, AT_STATUS_DISABLED, $existing_accounts));
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_UPDATE, 'members', $result, $sqlout);
            // un-enrol disabled accounts
            $sql = "DELETE FROM %scourse_enrollment WHERE member_id IN (%s)";
            $result = queryDB($sql, array(TABLE_PREFIX, $existing_accounts));
            if ($result > 0) {
                $number_of_updated += $num_affected;
            }
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout);
        } else {
            if ($_POST['override'] == 2) {
                // delete missing accounts
            }
        }
        if ($number_of_updated > 0) {
            $msg->addFeedback('MASTER_LIST_UPLOADED');
        } else {
            $msg->addFeedback('MASTER_LIST_NO_CHANGES');
        }
        header('Location: ' . $_SERVER['PHP_SELF']);
    }
    exit;
} else {
    if (isset($_GET['edit'], $_GET['id'])) {
Ejemplo n.º 18
0
        if ($_POST['password_error'] != "") {
            $pwd_errors = explode(",", $_POST['password_error']);
            foreach ($pwd_errors as $pwd_error) {
                if ($pwd_error == "missing_password") {
                    $missing_fields[] = _AT('password');
                } else {
                    $msg->addError($pwd_error);
                }
            }
        }
        if (!$msg->containsErrors()) {
            $password = $addslashes($_POST['form_password_hidden']);
            $sql = "UPDATE " . TABLE_PREFIX . "admins SET password='******', last_login=last_login WHERE login='******'login']}'";
            $result = mysql_query($sql, $db);
            $sql = "UPDATE " . TABLE_PREFIX . "admins SET password='******' WHERE login='******'login']}'";
            write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
            $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
            header('Location: ' . AT_BASE_HREF . 'mods/_core/users/admins/index.php');
            exit;
        }
        $_POST['login'] = $stripslashes($_POST['login']);
    }
}
$_GET['login'] = $addslashes($_REQUEST['login']);
$sql = "SELECT login FROM " . TABLE_PREFIX . "admins WHERE login='******'login']}'";
$result = mysql_query($sql, $db);
if (!($row = mysql_fetch_assoc($result))) {
    $msg->addError('USER_NOT_FOUND');
    $msg->printErrors();
    require AT_INCLUDE_PATH . 'footer.inc.php';
    exit;
Ejemplo n.º 19
0
/**
* Imports a theme from a URL or Zip file to Atutor
* @access  private
* @author  Shozub Qureshi
*/
function import_theme()
{
    global $db;
    global $msg;
    if (isset($_POST['url']) && $_POST['url'] != 'http://') {
        if ($content = @file_get_contents($_POST['url'])) {
            // save file to /themes/
            $filename = pathinfo($_POST['url']);
            $filename = $filename['basename'];
            $full_filename = AT_CONTENT_DIR . '/' . $filename;
            if (!($fp = fopen($full_filename, 'w+b'))) {
                //Cannot open file ($filename)";
                $errors = array('CANNOT_OPEN_FILE', $filename);
                $msg->addError($errors);
                header('Location: index.php');
                exit;
            }
            if (fwrite($fp, $content, strlen($content)) === FALSE) {
                //"Cannot write to file ($filename)";
                $errors = array('CANNOT_WRITE_FILE', $filename);
                $msg->addError($errors);
                header('Location: index.php');
                exit;
            }
            fclose($fp);
        }
        $_FILES['file']['name'] = $filename;
        $_FILES['file']['tmp_name'] = $full_filename;
        $_FILES['file']['size'] = strlen($content);
        unset($content);
        $url_parts = pathinfo($_POST['url']);
        $package_base_name_url = $url_parts['basename'];
    }
    $ext = pathinfo($_FILES['file']['name']);
    $ext = $ext['extension'];
    //error in the file
    if ($_FILES['file']['error'] == 1) {
        $errors = array('FILE_MAX_SIZE', ini_get('upload_max_filesize'));
        $msg->addError($errors);
        header('Location: index.php');
        exit;
    }
    //If file has no name or no address or if the extension is not .zip
    if (!$_FILES['file']['name'] || !is_uploaded_file($_FILES['file']['tmp_name']) && !$_POST['url']) {
        $msg->addError('FILE_NOT_SELECTED');
        header('Location: index.php');
        exit;
    }
    if ($ext != 'zip') {
        $msg->addError('IMPORT_NOT_PROPER_FORMAT');
        header('Location: index.php');
        exit;
    }
    //check if file size is ZERO
    if ($_FILES['file']['size'] == 0) {
        $msg->addError('IMPORTFILE_EMPTY');
        header('Location: index.php');
        exit;
    }
    // new directory name is the filename minus the extension
    $fldrname = substr($_FILES['file']['name'], 0, -4);
    $fldrname = str_replace(' ', '_', $fldrname);
    $import_path = AT_SUBSITE_THEME_DIR . $fldrname;
    //check if Folder by that name already exists
    if (is_dir($import_path)) {
        $i = 1;
        while (is_dir($import_path . '_' . $i)) {
            $i++;
        }
        $fldrname = $fldrname . '_' . $i;
        $import_path = $import_path . '_' . $i;
    }
    //if folder does not exist previously
    if (!@mkdir($import_path, 0700)) {
        $msg->addError('IMPORTDIR_FAILED');
        header('Location: index.php');
        exit;
    }
    // unzip file and save into directory in themes
    $archive = new PclZip($_FILES['file']['tmp_name']);
    //extract contents to importpath/foldrname
    if (!$archive->extract($import_path)) {
        $errors = array('IMPORT_ERROR_IN_ZIP', $archive->errorInfo(true));
        clr_dir($import_path);
        $msg->addError($errors);
        header('Location: index.php');
        exit;
    }
    $handle = opendir($import_path);
    while ($file = readdir($handle)) {
        if (is_dir($import_path . '/' . $file) && $file != '.' && $file != '..') {
            $folder = $file;
        }
    }
    //copy contents from importpath/foldrname to importpath
    copys($import_path . '/' . $folder, $import_path);
    //delete importpath/foldrname
    clr_dir($import_path . '/' . $folder);
    $theme_xml = @file_get_contents($import_path . '/theme_info.xml');
    //Check if XML file exists (if it doesnt send error and clear directory)
    if ($theme_xml == false) {
        $version = '1.4.x';
        $extra_info = 'unspecified';
    } else {
        //parse information
        $xml_parser = new ThemeParser();
        $xml_parser->parse($theme_xml);
        $version = $xml_parser->theme_rows['version'];
        $extra_info = $xml_parser->theme_rows['extra_info'];
        $type = $xml_parser->theme_rows['type'];
    }
    $title = str_replace('_', ' ', $fldrname);
    $last_updated = date('Y-m-d');
    $status = '1';
    //if version number is not compatible with current Atutor version, set theme as disabled
    if ($version != VERSION) {
        $status = '0';
    }
    //save information in database
    $sql = "INSERT INTO %sthemes (title, version, dir_name, type, last_updated, extra_info, status, customized) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', %d, 1)";
    $result = queryDB($sql, array(TABLE_PREFIX, $title, $version, $fldrname, $type, $last_updated, $extra_info, $status));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_INSERT, 'themes', $result, $sqlout);
    if (!$result) {
        $msg->addError('IMPORT_FAILED');
        header('Location: index.php');
        exit;
    }
    if (isset($_POST['url'])) {
        @unlink($full_filename);
    }
}
Ejemplo n.º 20
0
function add_update_course($course_data, $isadmin = FALSE)
{
    require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php';
    global $addslashes;
    global $db;
    global $system_courses;
    global $MaxCourseSize;
    global $msg;
    global $_config;
    global $_config_defaults;
    global $stripslashes;
    $Backup = new Backup($db);
    $missing_fields = array();
    if ($course_data['title'] == '') {
        $missing_fields[] = _AT('title');
    }
    if (!$course_data['instructor']) {
        $missing_fields[] = _AT('instructor');
    }
    if ($missing_fields) {
        $missing_fields = implode(', ', $missing_fields);
        $msg->addError(array('EMPTY_FIELDS', $missing_fields));
    }
    $course_data['access'] = $addslashes($course_data['access']);
    $course_data['title'] = $addslashes($course_data['title']);
    $course_data['description'] = $addslashes($course_data['description']);
    $course_data['hide'] = $addslashes($course_data['hide']);
    $course_data['pri_lang'] = $addslashes($course_data['pri_lang']);
    $course_data['created_date'] = $addslashes($course_data['created_date']);
    $course_data['copyright'] = $addslashes($course_data['copyright']);
    $course_data['icon'] = $addslashes($course_data['icon']);
    $course_data['banner'] = $addslashes($course_data['banner']);
    $course_data['course_dir_name'] = $addslashes($course_data['course_dir_name']);
    $course_data['course'] = intval($course_data['course']);
    $course_data['notify'] = intval($course_data['notify']);
    $course_data['hide'] = intval($course_data['hide']);
    $course_data['instructor'] = intval($course_data['instructor']);
    $course_data['category_parent'] = intval($course_data['category_parent']);
    $course_data['rss'] = intval($course_data['rss']);
    // Course directory name (aka course slug)
    if ($course_data['course_dir_name'] != '') {
        //validate the course_dir_name, allow only alphanumeric, underscore.
        if (preg_match('/^[\\w][\\w\\d\\_]+$/', $course_data['course_dir_name']) == 0) {
            $msg->addError('COURSE_DIR_NAME_INVALID');
        }
        //check if the course_dir_name is already being used
        $sql = "SELECT COUNT(course_id) as cnt FROM %scourses WHERE course_id!=%d AND course_dir_name='%s'";
        $num_of_dir = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['course_dir_name']), TRUE);
        if (intval($num_of_dir['cnt']) > 0) {
            $msg->addError('COURSE_DIR_NAME_IN_USE');
        }
    }
    // Custom icon
    if ($_FILES['customicon']['name'] != '') {
        // Use custom icon instead if it exists
        $course_data['icon'] = $addslashes($_FILES['customicon']['name']);
    }
    if ($_FILES['customicon']['error'] == UPLOAD_ERR_FORM_SIZE) {
        // Check if filesize is too large for a POST
        $msg->addError(array('FILE_MAX_SIZE', $_config['prof_pic_max_file_size'] . ' ' . _AT('bytes')));
    }
    if ($course_data['release_date']) {
        $day_release = intval($course_data['day_release']);
        $month_release = intval($course_data['month_release']);
        $year_release = intval($course_data['year_release']);
        $hour_release = intval($course_data['hour_release']);
        $min_release = intval($course_data['min_release']);
        if (!checkdate($month_release, $day_release, $year_release)) {
            //or date is in the past
            $msg->addError('RELEASE_DATE_INVALID');
        }
        if (strlen($month_release) == 1) {
            $month_release = "0{$month_release}";
        }
        if (strlen($day_release) == 1) {
            $day_release = "0{$day_release}";
        }
        if (strlen($hour_release) == 1) {
            $hour_release = "0{$hour_release}";
        }
        if (strlen($min_release) == 1) {
            $min_release = "0{$min_release}";
        }
        $release_date = "{$year_release}-{$month_release}-{$day_release} {$hour_release}:{$min_release}:00";
    } else {
        $release_date = "0000-00-00 00:00:00";
    }
    if ($course_data['end_date']) {
        $day_end = intval($course_data['day_end']);
        $month_end = intval($course_data['month_end']);
        $year_end = intval($course_data['year_end']);
        $hour_end = intval($course_data['hour_end']);
        $min_end = intval($course_data['min_end']);
        if (!checkdate($month_end, $day_end, $year_end)) {
            //or date is in the past
            $msg->addError('END_DATE_INVALID');
        }
        if (strlen($month_end) == 1) {
            $month_end = "0{$month_end}";
        }
        if (strlen($day_end) == 1) {
            $day_end = "0{$day_end}";
        }
        if (strlen($hour_end) == 1) {
            $hour_end = "0{$hour_end}";
        }
        if (strlen($min_end) == 1) {
            $min_end = "0{$min_end}";
        }
        $end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
    } else {
        $end_date = "0000-00-00 00:00:00";
    }
    $initial_content_info = explode('_', $course_data['initial_content'], 2);
    //admin
    $course_quotas = '';
    if ($isadmin) {
        $instructor = $course_data['instructor'];
        $quota = intval($course_data['quota']);
        $quota_entered = intval($course_data['quota_entered']);
        $filesize = intval($course_data['filesize']);
        $filesize_entered = intval($course_data['filesize_entered']);
        //if they checked 'other', set quota=entered value, if it is empty or negative, set to default (-2)
        if ($quota == '2') {
            if ($quota_entered == '' || empty($quota_entered) || $quota_entered < 0) {
                $quota = AT_COURSESIZE_DEFAULT;
            } else {
                $quota = floatval($quota_entered);
                $quota = megabytes_to_bytes($quota);
            }
        }
        //if they checked 'other', set filesize=entered value, if it is empty or negative, set to default
        if ($filesize == '2') {
            if ($filesize_entered == '' || empty($filesize_entered) || $filesize_entered < 0) {
                $filesize = AT_FILESIZE_DEFAULT;
                $msg->addFeedback('COURSE_DEFAULT_FSIZE');
            } else {
                $filesize = floatval($filesize_entered);
                $filesize = megabytes_to_bytes($filesize);
            }
        }
        $course_quotas = "max_quota='{$quota}', max_file_size='{$filesize}',";
    } else {
        $instructor = $_SESSION['member_id'];
        if (!$course_data['course']) {
            $course_quotas = "max_quota=" . AT_COURSESIZE_DEFAULT . ", max_file_size=" . AT_FILESIZE_DEFAULT . ",";
            $row = $Backup->getRow($initial_content_info[0], $initial_content_info[1]);
            if (count($initial_content_info) == 2 && $system_courses[$initial_content_info[1]]['member_id'] == $_SESSION['member_id']) {
                if ($MaxCourseSize < $row['contents']['file_manager']) {
                    $msg->addError('RESTORE_TOO_BIG');
                }
            } else {
                $initial_content_info = intval($course_data['initial_content']);
            }
        } else {
            unset($initial_content_info);
            $course_quotas = "max_quota='{$system_courses[$course_data[course]][max_quota]}', max_file_size='{$system_courses[$course_data[course]][max_file_size]}',";
        }
    }
    if ($msg->containsErrors()) {
        return FALSE;
    }
    //display defaults
    if (!$course_data['course']) {
        $menu_defaults = ",home_links='{$_config['home_defaults']}', main_links='{$_config['main_defaults']}', side_menu='{$_config['side_defaults']}'";
    } else {
        $menu_defaults = ',home_links=\'' . $system_courses[$course_data['course']]['home_links'] . '\', main_links=\'' . $system_courses[$course_data['course']]['main_links'] . '\', side_menu=\'' . $system_courses[$course_data['course']]['side_menu'] . '\'';
    }
    $sql = "REPLACE INTO %scourses \n                SET \n                course_id=%d, \n                member_id='%s', \n                access='%s', \n                title='%s', \n                description='%s', \n                course_dir_name='%s', \n                cat_id=%d, \n                content_packaging='%s', \n                notify=%d, \n                hide=%d, \n                {$course_quotas}\n                primary_language='%s',\n                created_date='%s',\n                rss=%d,\n                copyright='%s',\n                icon='%s',\n                banner='%s',\n                release_date='%s', \n                end_date='%s' \n                {$menu_defaults}";
    $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['instructor'], $course_data['access'], $course_data['title'], $course_data['description'], $course_data['course_dir_name'], $course_data['category_parent'], $course_data['content_packaging'], $course_data['notify'], $course_data['hide'], $course_data['pri_lang'], $course_data['created_date'], $course_data['rss'], $course_data['copyright'], $course_data['icon'], $course_data['banner'], $release_date, $end_date));
    if (!$result) {
        echo at_db_error();
        echo 'DB Error';
        exit;
    }
    $new_course_id = $_SESSION['course_id'] = at_insert_id();
    if (isset($isadmin)) {
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_REPLACE, 'courses', $result, $sqlout);
    }
    if (isset($isadmin)) {
        //get current instructor and unenroll from course if different from POST instructor
        $old_instructor = $system_courses[$course_data['course']]['member_id'];
        if ($old_instructor != $course_data['instructor']) {
            //remove old from course enrollment
            $sql = "DELETE FROM %scourse_enrollment WHERE course_id=%d AND member_id=%d";
            $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $old_instructor));
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout);
        }
    }
    //enroll new instructor
    $sql = "REPLACE INTO %scourse_enrollment VALUES (%d, %d, 'y', 0, '" . _AT('instructor') . "', 0)";
    $result = queryDB($sql, array(TABLE_PREFIX, $course_data['instructor'], $new_course_id));
    if (isset($isadmin)) {
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_REPLACE, 'course_enrollment', $result, $sqlout);
    }
    // create the course content directory
    $path = AT_CONTENT_DIR . $new_course_id . '/';
    @mkdir($path, 0700);
    @copy(AT_CONTENT_DIR . 'index.html', AT_CONTENT_DIR . $new_course_id . '/index.html');
    // create the course backup directory
    $path = AT_BACKUP_DIR . $new_course_id . '/';
    @mkdir($path, 0700);
    @copy(AT_CONTENT_DIR . 'index.html', AT_BACKUP_DIR . $new_course_id . '/index.html');
    /* insert some default content: */
    if (!$course_data['course_id'] && $course_data['initial_content'] == '1') {
        $contentManager = new ContentManager($db, $new_course_id);
        $contentManager->initContent();
        $cid = $contentManager->addContent($new_course_id, 0, 1, _AT('welcome_to_atutor'), addslashes(_AT('this_is_content')), '', '', 1, date('Y-m-d H:00:00'));
        $announcement = _AT('default_announcement');
        $sql = "INSERT INTO %snews VALUES (NULL, %d, %d, NOW(), 1, '%s', '%s')";
        $result = queryDB($sql, array(TABLE_PREFIX, $new_course_id, $instructor, _AT('welcome_to_atutor'), $announcement));
        if ($isadmin) {
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_INSERT, 'news', $result, $sqlout);
        }
    } else {
        if (!$course_data['course'] && count($initial_content_info) == 2) {
            $Backup->setCourseID($new_course_id);
            $Backup->restore($material = TRUE, 'append', $initial_content_info[0], $initial_content_info[1]);
        }
    }
    // custom icon, have to be after directory is created
    if ($_FILES['customicon']['tmp_name'] != '') {
        $course_data['comments'] = trim($course_data['comments']);
        $owner_id = $_SESSION['course_id'];
        $owner_type = "1";
        if ($_FILES['customicon']['error'] == UPLOAD_ERR_INI_SIZE) {
            $msg->addError(array('FILE_TOO_BIG', get_human_size(megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1)))));
        } else {
            if (!isset($_FILES['customicon']['name']) || $_FILES['customicon']['error'] == UPLOAD_ERR_NO_FILE || $_FILES['customicon']['size'] == 0) {
                $msg->addError('FILE_NOT_SELECTED');
            } else {
                if ($_FILES['customicon']['error'] || !is_uploaded_file($_FILES['customicon']['tmp_name'])) {
                    $msg->addError('FILE_NOT_SAVED');
                }
            }
        }
        if (!$msg->containsErrors()) {
            $course_data['description'] = $addslashes(trim($course_data['description']));
            $_FILES['customicon']['name'] = addslashes($_FILES['customicon']['name']);
            if ($course_data['comments']) {
                $num_comments = 1;
            } else {
                $num_comments = 0;
            }
            $path = AT_CONTENT_DIR . $owner_id . "/custom_icons/";
            if (!is_dir($path)) {
                @mkdir($path);
            }
            // if we can upload custom course icon, it means GD is enabled, no need to check extension again.
            $gd_info = gd_info();
            $supported_images = array();
            if ($gd_info['GIF Create Support']) {
                $supported_images[] = 'gif';
            }
            if ($gd_info['JPG Support'] || $gd_info['JPEG Support']) {
                $supported_images[] = 'jpg';
            }
            if ($gd_info['PNG Support']) {
                $supported_images[] = 'png';
            }
            // check if this is a supported file type
            $filename = $stripslashes($_FILES['customicon']['name']);
            $path_parts = pathinfo($filename);
            $extension = strtolower($path_parts['extension']);
            $image_attributes = getimagesize($_FILES['customicon']['tmp_name']);
            if ($extension == 'jpeg') {
                $extension = 'jpg';
            }
            // resize the original but don't backup a copy.
            $width = $image_attributes[0];
            $height = $image_attributes[1];
            $original_img = $_FILES['customicon']['tmp_name'];
            $thumbnail_img = $path . $_FILES['customicon']['name'];
            if ($width > $height && $width > 79) {
                $thumbnail_height = intval(79 * $height / $width);
                $thumbnail_width = 79;
                if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
                    $msg->addError('FILE_NOT_SAVED');
                }
            } else {
                if ($width <= $height && $height > 79) {
                    $thumbnail_height = 100;
                    $thumbnail_width = intval(100 * $width / $height);
                    if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
                        $msg->addError('FILE_NOT_SAVED');
                    }
                } else {
                    // no resizing, just copy the image.
                    // it's too small to resize.
                    copy($original_img, $thumbnail_img);
                }
            }
        } else {
            $msg->addError('FILE_NOT_SAVED');
        }
    }
    //----------------------------------------
    /* delete the RSS feeds just in case: */
    if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS1.0.xml')) {
        @unlink(AT_CONTENT_DIR . 'feeds/' . $course_data['course'] . '/RSS1.0.xml');
    }
    if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml')) {
        @unlink(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml');
    }
    if ($isadmin) {
        $_SESSION['course_id'] = -1;
    }
    $_SESSION['course_title'] = $stripslashes($course_data['title']);
    return $new_course_id;
}
Ejemplo n.º 21
0
$sql = "SELECT * FROM %smembers WHERE member_id=%d";
$row_member = queryDB($sql, array(TABLE_PREFIX, $request_id));
if (count($row_member) == 0) {
    require AT_INCLUDE_PATH . 'header.inc.php';
    echo _AT('no_user_found');
    require AT_INCLUDE_PATH . 'footer.inc.php';
    exit;
}
// message options
$msg_options = array(_AT('leave_blank'), _AT('instructor_request_denymsg1'), _AT('instructor_request_denymsg2'), _AT('instructor_request_denymsg3'), _AT('instructor_request_denymsg4'), _AT('other'));
$other_option = count($msg_options) - 1;
if (isset($_POST['submit'])) {
    $sql = 'DELETE FROM %sinstructor_approvals WHERE member_id=%d';
    $result = queryDB($sql, array(TABLE_PREFIX, $request_id));
    global $sqlout;
    write_to_log(AT_ADMIN_LOG_DELETE, 'instructor_approvals', $result, $sqlout);
    $msg->addFeedback('PROFILE_UPDATED_ADMIN');
    /* notify the users that they have been denied: */
    $sql = "SELECT email, first_name, last_name FROM %smembers WHERE member_id=%d";
    $row_member = queryDB($sql, array(TABLE_PREFIX, $_POST['id']), TRUE);
    if (count($row_member) > 0) {
        $to_email = $row_member['email'];
        $message = _AT('instructor_request_deny', AT_BASE_HREF) . " \n";
        if ($_POST['msg_option'] == $other_option) {
            $message .= addslashes($_POST['other_msg']);
        } else {
            if ($_POST['msg_option']) {
                $message .= "\n" . $msg_options[$_POST['msg_option']];
            }
        }
        if ($to_email != '') {
Ejemplo n.º 22
0
	$myown_patch_id	= intval($_POST['myown_patch_id']);

	$sql = "DELETE FROM ".TABLE_PREFIX."myown_patches WHERE myown_patch_id=$myown_patch_id";
	$result = mysql_query($sql, $db) or die(mysql_error());

	write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches', mysql_affected_rows($db), $sql);

	$sql = "DELETE FROM ".TABLE_PREFIX."myown_patches_dependent WHERE myown_patch_id=$myown_patch_id";
	$result = mysql_query($sql, $db) or die(mysql_error());

	write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches_dependent', mysql_affected_rows($db), $sql);

	$sql = "DELETE FROM ".TABLE_PREFIX."myown_patches_files WHERE myown_patch_id=$myown_patch_id";
	$result = mysql_query($sql, $db) or die(mysql_error());

	write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches_files', mysql_affected_rows($db), $sql);

	$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
	header('Location: myown_patches.php');
	exit;
}

//require('../../include/header.inc.php');
require(AT_INCLUDE_PATH.'header.inc.php');

$_GET['myown_patch_id'] = intval($_GET['myown_patch_id']); 

$sql = "SELECT myown_patch_id, atutor_patch_id FROM ".TABLE_PREFIX."myown_patches m WHERE m.myown_patch_id=$_GET[myown_patch_id]";
$result = mysql_query($sql,$db) or die(mysql_error());

if (mysql_num_rows($result) == 0) {
Ejemplo n.º 23
0
        $msg->addError(array('EMPTY_FIELDS', _AT('title')));
    }
    $cat_name = validate_length($cat_name, 100);
    if ($_POST['theme_parent']) {
        $sql = "SELECT theme FROM " . TABLE_PREFIX . "course_cats WHERE cat_id={$cat_parent_id}";
        $result = mysql_query($sql, $db);
        if ($row = mysql_fetch_assoc($result)) {
            $cat_theme = $row['theme'];
        }
    }
    if (!$msg->containsErrors()) {
        $sql = "INSERT INTO " . TABLE_PREFIX . "course_cats VALUES (NULL, '{$cat_name}', {$cat_parent_id}, '{$cat_theme}')";
        $result = mysql_query($sql, $db);
        $cat_id = mysql_insert_id($db);
        $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
        write_to_log(AT_ADMIN_LOG_INSERT, 'course_cats', mysql_affected_rows($db), $sql);
        header('Location: course_categories.php');
        exit;
    }
} else {
    if (isset($_POST['cancel'])) {
        $msg->addFeedback('CANCELLED');
        header('Location: course_categories.php');
        exit;
    }
}
/* $categories[category_id] = array(cat_name, cat_parent, num_courses, [array(children)]) */
$categories = get_categories();
require AT_INCLUDE_PATH . 'header.inc.php';
$msg->printAll();
?>
Ejemplo n.º 24
0
$tool = intval($_REQUEST['id']);
$sql = "SELECT title FROM %sbasiclti_tools WHERE id = %d AND course_id = %d";
$row = queryDB($sql, array(TABLE_PREFIX, $tool, $_SESSION['course_id']), TRUE);
if (strlen($row["title"]) < 1) {
    $msg->addError('UNABLE_TO_FIND_TOOL');
    header('Location: ../index_instructor.php');
    exit;
}
if (isset($_POST['submit_no'])) {
    $msg->addFeedback('CANCELLED');
    header('Location: ../index_instructor.php');
    exit;
} else {
    if (isset($_POST['step']) && $_POST['step'] == 1 && isset($_POST['submit_yes'])) {
        $sql = "DELETE FROM %sbasiclti_tools WHERE id = %d AND course_id = %d";
        $result = queryDB($sql, array(TABLE_PREFIX, $tool, $_SESSION['course_id']));
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_DELETE, 'basiclti_delete', $result, $sqlout);
        $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
        header('Location: ../index_instructor.php');
        exit;
    }
}
require AT_INCLUDE_PATH . 'header.inc.php';
if (!isset($_POST['step'])) {
    $hidden_vars['step'] = 1;
    $hidden_vars['id'] = $tool;
    $msg->addConfirm(array('DELETE_TOOL_1', $row['title']), $hidden_vars);
    $msg->printConfirm();
}
require AT_INCLUDE_PATH . 'footer.inc.php';
Ejemplo n.º 25
0
function delete_theme($theme_dir)
{
    global $msg, $db;
    $theme_dir = addslashes($theme_dir);
    //check status
    $sql = "SELECT status, customized FROM " . TABLE_PREFIX . "themes WHERE dir_name='" . $theme_dir . "'";
    $result = mysql_query($sql, $db);
    $row = mysql_fetch_assoc($result);
    $status = intval($row['status']);
    $customized = intval($row['customized']);
    //can't delete if
    // 1. a system default
    // 2. current default theme
    // 3. a system level theme
    if ($theme_dir == 'default' || $status == 2 || !$customized) {
        $msg->addError('THEME_NOT_DELETED');
        return FALSE;
    } else {
        //disable, clear directory and delete theme from db
        require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php';
        /* for clr_dir() */
        if ($status != 0) {
            disable_theme($theme_dir);
            $msg->deleteFeedback('THEME_DISABLED');
        }
        $dir = get_main_theme_dir($customized) . $theme_dir;
        //chmod($dir, 0777);
        @clr_dir($dir);
        $sql1 = "DELETE FROM " . TABLE_PREFIX . "themes WHERE dir_name = '{$theme_dir}'";
        $result1 = mysql_query($sql1, $db);
        write_to_log(AT_ADMIN_LOG_DELETE, 'themes', mysql_affected_rows($db), $sql);
        $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
        return TRUE;
    }
}
Ejemplo n.º 26
0
function delete_theme ($theme_dir) {
	global $msg, $db;

	//check status
	$sql    = "SELECT status FROM ".TABLE_PREFIX."themes WHERE dir_name='$theme_dir'";
	$result = mysql_query ($sql, $db);
	$row    = mysql_fetch_assoc($result);
	$status = intval($row['status']);

	//can't delete original default or current default theme
	if (($theme_dir == 'default') || ($status == 2)) {
		$msg->addError('THEME_NOT_DELETED');
		return FALSE;

	} else {	//disable, clear directory and delete theme from db

		require_once(AT_INCLUDE_PATH.'../mods/_core/file_manager/filemanager.inc.php'); /* for clr_dir() */
		if ($status != 0) {
			disable_theme($theme_dir);
			$msg->deleteFeedback('THEME_DISABLED');
		}

		$dir = '../../../themes/' . $theme_dir;
		//chmod($dir, 0777);
		@clr_dir($dir);

		$sql1    = "DELETE FROM ".TABLE_PREFIX."themes WHERE dir_name = '$theme_dir'";
		$result1 = mysql_query ($sql1, $db);

		write_to_log(AT_ADMIN_LOG_DELETE, 'themes', mysql_affected_rows($db), $sql);

		$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
		return TRUE;
	}
}
Ejemplo n.º 27
0
            $_POST['site_name'] = $addslashes($_POST['site_name']);
            $_POST['home_url'] = $addslashes($_POST['home_url']);
            $_POST['default_language'] = $addslashes($_POST['default_language']);
            $_POST['contact_email'] = $addslashes($_POST['contact_email']);
            $_POST['time_zone'] = $addslashes($_POST['time_zone']);
            foreach ($_config as $name => $value) {
                // the isset() is needed to avoid overridding settings that don't get set here (ie. modules)
                if (isset($_POST[$name]) && $stripslashes($_POST[$name]) != $value && $stripslashes($_POST[$name]) != $_config_defaults[$name]) {
                    $sql = 'REPLACE INTO %sconfig VALUES ("%s", "%s")';
                    $num_rows = queryDB($sql, array(TABLE_PREFIX, $name, $_POST[$name]));
                    write_to_log(AT_ADMIN_LOG_REPLACE, 'config', $num_rows, $sqlout);
                } else {
                    if (isset($_POST[$name]) && $stripslashes($_POST[$name]) == $_config_defaults[$name]) {
                        $sql = "DELETE FROM %sconfig WHERE name='%s'";
                        $num_rows = queryDB($sql, array(TABLE_PREFIX, $name));
                        write_to_log(AT_ADMIN_LOG_DELETE, 'config', $num_rows, $sqlout);
                    }
                }
            }
            $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
            // special case: disabling the mail queue should flush all queued mail:
            if (!$_POST['enable_mail_queue'] && $_POST['old_enable_mail_queue']) {
                require_once AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php';
                $mail = new ATutorMailer();
                $mail->SendQueue();
            }
            header('Location: ' . $_SERVER['PHP_SELF']);
            exit;
        }
    }
}
Ejemplo n.º 28
0
define('AT_INCLUDE_PATH', '../../../../include/');
require(AT_INCLUDE_PATH.'vitals.inc.php');

admin_authenticate(AT_ADMIN_PRIV_ADMIN);

if (isset($_POST['submit_no'])) {
	$msg->addFeedback('CANCELLED');
	header('Location: ./log.php');
	exit;
} else if (isset($_POST['submit_yes'])) {
	//clean up the db
	$sql    = "DELETE FROM ".TABLE_PREFIX."admin_log";
	$result = mysql_query($sql, $db);

	write_to_log(AT_ADMIN_LOG_DELETE, 'admin_log', mysql_affected_rows($db), $sql);

	$msg->addFeedback('ADMIN_LOG_RESET');
	header('Location: ./log.php');
	exit;
}

require(AT_INCLUDE_PATH.'header.inc.php');

//print confirmation
$hidden_vars['all'] = TRUE;

$confirm = array('RESET_ADMIN_LOG', $_SERVER['PHP_SELF']);
$msg->addConfirm($confirm, $hidden_vars);
$msg->printConfirm();
Ejemplo n.º 29
0
function delete_user($id)
{
    global $db, $msg;
    //make sure not instructor of a course
    $sql = "SELECT course_id FROM " . TABLE_PREFIX . "courses WHERE member_id={$id}";
    $result = mysql_query($sql, $db);
    if ($row = mysql_fetch_assoc($result)) {
        /*$msg->addError('NODELETE_USER');
        		header('Location: '.AT_BASE_HREF.'users.php');
        		exit;*/
        return;
    }
    $sql = "DELETE FROM " . TABLE_PREFIX . "course_enrollment WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', mysql_affected_rows($db), $sql);
    $sql = "DELETE FROM " . TABLE_PREFIX . "forums_accessed WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'forums_accessed', mysql_affected_rows($db), $sql);
    $sql = "DELETE FROM " . TABLE_PREFIX . "forums_subscriptions WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'forums_subscriptions', mysql_affected_rows($db), $sql);
    /****/
    /* delete forum threads block: */
    /* delete the thread replies: */
    $sql = "SELECT COUNT(*) AS cnt, parent_id, forum_id FROM " . TABLE_PREFIX . "forums_threads WHERE member_id={$id} AND parent_id<>0 GROUP BY parent_id";
    $result = mysql_query($sql, $db);
    while ($row = mysql_fetch_assoc($result)) {
        /* update the forum posts counter */
        $sql = "UPDATE " . TABLE_PREFIX . "forums SET num_posts=num_posts - {$row['cnt']}, last_post=last_post WHERE forum_id={$row['forum_id']}";
        mysql_query($sql, $db);
        write_to_log(AT_ADMIN_LOG_UPDATE, 'forums', mysql_affected_rows($db), $sql);
        /* update the topics reply counter */
        $sql = "UPDATE " . TABLE_PREFIX . "forums_threads SET num_comments=num_comments-{$row['cnt']}, last_comment=last_comment, date=date WHERE post_id={$row['parent_id']}";
        mysql_query($sql, $db);
        write_to_log(AT_ADMIN_LOG_UPDATE, 'forums_threads', mysql_affected_rows($db), $sql);
    }
    /* delete threads this member started: */
    $sql = "SELECT post_id, forum_id, num_comments FROM " . TABLE_PREFIX . "forums_threads WHERE member_id={$id} AND parent_id=0";
    $result = mysql_query($sql, $db);
    while ($row = mysql_fetch_assoc($result)) {
        /* update the forum posts and topics counters */
        $num_posts = $row['num_comments'] + 1;
        $sql = "UPDATE " . TABLE_PREFIX . "forums SET num_topics=num_topics-1, num_posts=num_posts - {$num_posts}, last_post=last_post WHERE forum_id={$row['forum_id']}";
        mysql_query($sql, $db);
        write_to_log(AT_ADMIN_LOG_UPDATE, 'forums', mysql_affected_rows($db), $sql);
        /* delete the replies */
        $sql = "DELETE FROM " . TABLE_PREFIX . "forums_threads WHERE parent_id={$row['post_id']}";
        mysql_query($sql, $db);
        write_to_log(AT_ADMIN_LOG_DELETE, 'forums_threads', mysql_affected_rows($db), $sql);
    }
    /* delete the actual threads */
    $sql = "DELETE FROM " . TABLE_PREFIX . "forums_threads WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'forums_threads', mysql_affected_rows($db), $sql);
    /* end delete forum threads block. */
    /****/
    $sql = "DELETE FROM " . TABLE_PREFIX . "instructor_approvals WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'instructor_approvals', mysql_affected_rows($db), $sql);
    $sql = "DELETE FROM " . TABLE_PREFIX . "messages WHERE from_member_id={$id} OR to_member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'messages', mysql_affected_rows($db), $sql);
    $sql = "DELETE FROM " . TABLE_PREFIX . "polls_members WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'polls_members', mysql_affected_rows($db), $sql);
    $sql = "DELETE FROM " . TABLE_PREFIX . "tests_answers WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'tests_answers', mysql_affected_rows($db), $sql);
    $sql = "DELETE FROM " . TABLE_PREFIX . "tests_results WHERE member_id='{$id}'";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'tests_results', mysql_affected_rows($db), $sql);
    $sql = "DELETE FROM " . TABLE_PREFIX . "users_online WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'users_online', mysql_affected_rows($db), $sql);
    $sql = "DELETE FROM " . TABLE_PREFIX . "members WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'members', mysql_affected_rows($db), $sql);
    $sql = "DELETE FROM " . TABLE_PREFIX . "member_track WHERE member_id={$id}";
    mysql_query($sql, $db);
    write_to_log(AT_ADMIN_LOG_DELETE, 'member_track', mysql_affected_rows($db), $sql);
    // delete personal files from file storage
    fs_delete_workspace(WORKSPACE_PERSONAL, $id);
    return;
}
Ejemplo n.º 30
0
        if ($error != '') {
            //There was an issue with the connection, log the error
            write_to_log($error);
            header("HTTP/1.1 503 Service Unavailable");
            exit;
        }
    } else {
        //error connecting
        $error = "Could not make a connection with fsockopen: {$errstr}\t" . http_build_query($_POST);
        write_to_log($error);
        header("HTTP/1.1 503 Service Unavailable");
        exit;
    }
    //Yeay! Everything worked! Lets log it anyway
    $message = "Successfuly sent to " . $appDomain . $appPath . ": \t" . http_build_query($_POST);
    write_to_log($message);
    exit;
} else {
    // Did not find expected POST variables. Possible access attempt from a non PayPal site.
    header("HTTP/1.1 401 Authorization Required");
    echo 'Error: Missing POST variables. Identification is not possible.';
    exit;
}
function write_to_log($error)
{
    //create filename for each month
    $filename = 'logs/IPN_Log_' . date('Y_m') . '.log';
    //add timestamp to error
    $message = gmdate('[Y-m-d H:i:s] ') . $error;
    //write to file
    $contents = @file_get_contents($filename);