/**
  * Adding a group
  * @param	int		the group type specified in the table, social_groups_types
  * @param	string	name of the group
  * @param	string	description of the group
  * @param	int		privacy setting, public is 0, private is 1.  Public means everyone can see the message board and users.  Private is the opposite
  * @return	the id of this new group if succeded, false otherwise.
  */
 function addGroup($type_id, $name, $description, $privacy)
 {
     global $addslashes;
     $type_id = intval($type_id);
     $name = $addslashes($name);
     $description = $addslashes($description);
     $privacy = intval($privacy);
     $member_id = $_SESSION['member_id'];
     $sql = "INSERT INTO %ssocial_groups (`member_id`, `type_id`, `name`, `description`, `privacy`, `created_date`, `last_updated`) VALUES (%d, %d, '%s', '%s', %d, NOW(), NOW())";
     $result = queryDB($sql, array(TABLE_PREFIX, $member_id, $type_id, $name, $description, $privacy));
     $group_id = at_insert_id();
     if ($result > 0) {
         //add it to the group member table
         $sql = "INSERT INTO %ssocial_groups_members (group_id, member_id) VALUES (%d, %d)";
         $result = queryDB($sql, array(TABLE_PREFIX, $group_id, $_SESSION['member_id']));
         if ($result > 0) {
             $act = new Activity();
             $str1 = _AT('has_added_group', '<a href="' . url_rewrite(AT_SOCIAL_BASENAME . 'groups/view.php?id=' . $group_id) . '">' . htmlentities_utf8($name)) . '</a>';
             $act->addActivity($member_id, $str1);
             unset($act);
         }
         return $group_id;
     }
     return false;
 }
function init_test_result_questions($test_id, $is_random, $num_questions, $mid)
{
    $sql = "INSERT INTO %stests_results VALUES (NULL, %d, '%s', NOW(), '', 0, NOW(), 0)";
    $result = queryDB($sql, array(TABLE_PREFIX, $test_id, $mid));
    $result_id = at_insert_id();
    if ($is_random) {
        // Retrieve 'num_questions' question_id randomly from those who are related to this test_id
        $non_required_questions = array();
        $required_questions = array();
        $sql = "SELECT question_id, required FROM %stests_questions_assoc WHERE test_id=%d";
        $rows_questions = queryDB($sql, array(TABLE_PREFIX, $test_id));
        foreach ($rows_questions as $row) {
            if ($row['required'] == 1) {
                $required_questions[] = $row['question_id'];
            } else {
                $non_required_questions[] = $row['question_id'];
            }
        }
        $num_required = count($required_questions);
        if ($num_required < max(1, $num_questions)) {
            shuffle($non_required_questions);
            $required_questions = array_merge($required_questions, array_slice($non_required_questions, 0, $num_questions - $num_required));
        }
        $random_id_string = implode(',', $required_questions);
        $sql = "SELECT TQ.*, TQA.* FROM %stests_questions TQ INNER JOIN %stests_questions_assoc TQA USING (question_id) WHERE TQ.course_id=%d AND TQA.test_id=%d AND TQA.question_id IN (%s) ORDER BY TQ.question_id";
        $rows_questions = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $_SESSION['course_id'], $test_id, $random_id_string));
    } else {
        $sql = "SELECT TQ.*, TQA.* FROM %stests_questions TQ INNER JOIN %stests_questions_assoc TQA USING (question_id) WHERE TQ.course_id=%d AND TQA.test_id=%d ORDER BY TQA.ordering, TQA.question_id";
        $rows_questions = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $_SESSION['course_id'], $test_id));
    }
    // $sql either gets a random set of questions (if $test_row['random']) ordered by 'question_id'
    // or the set of all questions for this test (sorted by 'ordering').
    foreach ($rows_questions as $row) {
        $sql = "INSERT INTO %stests_answers VALUES (%d, %d, %d, '', '', '')";
        $result = queryDB($sql, array(TABLE_PREFIX, $result_id, $row['question_id'], $_SESSION['member_id']));
    }
    return $result_id;
}
Example #3
0
 $_POST['postal'] = $addslashes($_POST['postal']);
 $_POST['city'] = $addslashes($_POST['city']);
 $_POST['province'] = $addslashes($_POST['province']);
 $_POST['country'] = $addslashes($_POST['country']);
 $_POST['phone'] = $addslashes($_POST['phone']);
 if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
     $status = AT_STATUS_UNCONFIRMED;
 } else {
     $status = AT_STATUS_STUDENT;
 }
 $now = date('Y-m-d H:i:s');
 // we use this later for the email confirmation.
 /* insert into the db */
 $sql = "INSERT INTO %smembers \n\t\t              (login,\n\t\t               password,\n\t\t               email,\n\t\t               website,\n\t\t               first_name,\n\t\t               second_name,\n\t\t               last_name,\n\t\t               dob,\n\t\t               gender,\n\t\t               address,\n\t\t               postal,\n\t\t               city,\n\t\t               province,\n\t\t               country,\n\t\t               phone,\n\t\t               status,\n\t\t               preferences,\n\t\t               creation_date,\n\t\t               language,\n\t\t               inbox_notify,\n\t\t               private_email,\n\t\t               last_login)\n\t\t       VALUES ('{$_POST['login']}',\n\t\t               '{$_POST['password']}',\n\t\t               '{$_POST['email']}',\n\t\t               '{$_POST['website']}',\n\t\t               '{$_POST['first_name']}',\n\t\t               '{$_POST['second_name']}',\n\t\t               '{$_POST['last_name']}', \n\t\t               '{$dob}', \n\t\t               '{$_POST['gender']}', \n\t\t               '{$_POST['address']}',\n\t\t               '{$_POST['postal']}',\n\t\t               '{$_POST['city']}',\n\t\t               '{$_POST['province']}',\n\t\t               '{$_POST['country']}', \n\t\t               '{$_POST['phone']}', \n\t\t               {$status}, \n\t\t               '{$_config['pref_defaults']}', \n\t\t               '{$now}',\n\t\t               '{$_SESSION['lang']}', \n\t\t               {$_config['pref_inbox_notify']}, \n\t\t               {$_POST['private_email']}, \n\t\t               '0000-00-00 00:00:00')";
 $result = queryDB($sql, array(TABLE_PREFIX)) or die(at_db_error());
 $m_id = at_insert_id($db);
 if (!$result) {
     require AT_INCLUDE_PATH . 'header.inc.php';
     $msg->addError('DB_NOT_UPDATED');
     $msg->printAll();
     require AT_INCLUDE_PATH . 'footer.inc.php';
     exit;
 }
 if (isset($master_list_sql)) {
     queryDB($master_list_sql, array(TABLE_PREFIX, $student_id, $student_pin));
 }
 //reset login attempts
 if ($result) {
     $sql = "DELETE FROM %smember_login_attempt WHERE login='******'";
     queryDB($sql, array(TABLE_PREFIX, $_POST['login']));
 }
 function importQTI($question)
 {
     global $msg;
     if ($question['question'] == '') {
         $msg->addError(array('EMPTY_FIELDS', _AT('question')));
     }
     //Multiple answer can have 0+ answers, in the QTIImport.class, if size(answer) < 2, answer will be came a scalar.
     //The following code will change $question[answer] back to a vector.
     $question['answer'] = $question['answers'];
     if (!$msg->containsErrors()) {
         $choice_new = array();
         // stores the non-blank choices
         $answer_new = array();
         // stores the associated "answer" for the choices
         foreach ($question['choice'] as $choiceNum => $choiceOpt) {
             $choiceOpt = validate_length($choiceOpt, 255);
             $choiceOpt = escapeSQLValue(trim($choiceOpt));
             $question['answer'][$choiceNum] = intval($question['answer'][$choiceNum]);
             if ($choiceOpt == '') {
                 /* an empty option can't be correct */
                 $question['answer'][$choiceNum] = 0;
             } else {
                 /* filter out empty choices/ remove gaps */
                 $choice_new[] = $choiceOpt;
                 if (in_array($choiceNum, $question['answer'])) {
                     $answer_new[] = 1;
                 } else {
                     $answer_new[] = 0;
                 }
                 if ($question['answer'][$choiceNum] != 0) {
                     $has_answer = TRUE;
                 }
             }
         }
         if ($has_answer != TRUE) {
             $hidden_vars['required'] = htmlspecialchars($question['required']);
             $hidden_vars['feedback'] = htmlspecialchars($question['feedback']);
             $hidden_vars['question'] = htmlspecialchars($question['question']);
             $hidden_vars['category_id'] = htmlspecialchars($question['category_id']);
             for ($i = 0; $i < count($choice_new); $i++) {
                 $hidden_vars['answer[' . $i . ']'] = htmlspecialchars($answer_new[$i]);
                 $hidden_vars['choice[' . $i . ']'] = htmlspecialchars($choice_new[$i]);
             }
             $msg->addConfirm('NO_ANSWER', $hidden_vars);
         } else {
             //add slahes throughout - does that fix it?
             $question['answer'] = $answer_new;
             $question['choice'] = $choice_new;
             $question['answer'] = array_pad($question['answer'], 10, 0);
             $question['choice'] = array_pad($question['choice'], 10, '');
             $question['feedback'] = str_replace("'", "\\'", escapeSQLValue($question['feedback']));
             $question['question'] = str_replace("'", "\\'", escapeSQLValue($question['question']));
             $sql_params = array($question['category_id'], $_SESSION['course_id'], $question['feedback'], $question['question'], $question['choice'][0], $question['choice'][1], $question['choice'][2], $question['choice'][3], $question['choice'][4], $question['choice'][5], $question['choice'][6], $question['choice'][7], $question['choice'][8], $question['choice'][9], $question['answer'][0], $question['answer'][1], $question['answer'][2], $question['answer'][3], $question['answer'][4], $question['answer'][5], $question['answer'][6], $question['answer'][7], $question['answer'][8], $question['answer'][9], 'DEFAULT');
             $sql = vsprintf(AT_SQL_QUESTION_MULTIANSWER, $sql_params);
             $result = queryDB($sql, array());
             if ($result > 0) {
                 return at_insert_id();
             }
         }
     }
 }
Example #5
0
 /**
  * Insert record into table patches_files
  * @access  private
  * @param   $patch_files_array	Patch information
  * @author  Cindy Qi Li
  */
 function createPatchesFilesRecord($patch_files_array)
 {
     $sql = "INSERT INTO %spatches_files (patches_id, action, name, location) VALUES (%d, '%s', '%s', '%s' )";
     $result = queryDB($sql, array(TABLE_PREFIX, $this->patch_id, $this->patch_id, $patch_files_array['action'], my_add_null_slashes($patch_files_array['name']), my_add_null_slashes($patch_files_array['location'])));
     $this->patch_file_id = at_insert_id();
     return true;
 }
Example #6
0
function add_update_course($course_data, $isadmin = FALSE)
{
    require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php';
    global $addslashes;
    global $db;
    global $system_courses;
    global $MaxCourseSize;
    global $msg;
    global $_config;
    global $_config_defaults;
    global $stripslashes;
    $Backup = new Backup($db);
    $missing_fields = array();
    if ($course_data['title'] == '') {
        $missing_fields[] = _AT('title');
    }
    if (!$course_data['instructor']) {
        $missing_fields[] = _AT('instructor');
    }
    if ($missing_fields) {
        $missing_fields = implode(', ', $missing_fields);
        $msg->addError(array('EMPTY_FIELDS', $missing_fields));
    }
    $course_data['access'] = $addslashes($course_data['access']);
    $course_data['title'] = $addslashes($course_data['title']);
    $course_data['description'] = $addslashes($course_data['description']);
    $course_data['hide'] = $addslashes($course_data['hide']);
    $course_data['pri_lang'] = $addslashes($course_data['pri_lang']);
    $course_data['created_date'] = $addslashes($course_data['created_date']);
    $course_data['copyright'] = $addslashes($course_data['copyright']);
    $course_data['icon'] = $addslashes($course_data['icon']);
    $course_data['banner'] = $addslashes($course_data['banner']);
    $course_data['course_dir_name'] = $addslashes($course_data['course_dir_name']);
    $course_data['course'] = intval($course_data['course']);
    $course_data['notify'] = intval($course_data['notify']);
    $course_data['hide'] = intval($course_data['hide']);
    $course_data['instructor'] = intval($course_data['instructor']);
    $course_data['category_parent'] = intval($course_data['category_parent']);
    $course_data['rss'] = intval($course_data['rss']);
    // Course directory name (aka course slug)
    if ($course_data['course_dir_name'] != '') {
        //validate the course_dir_name, allow only alphanumeric, underscore.
        if (preg_match('/^[\\w][\\w\\d\\_]+$/', $course_data['course_dir_name']) == 0) {
            $msg->addError('COURSE_DIR_NAME_INVALID');
        }
        //check if the course_dir_name is already being used
        $sql = "SELECT COUNT(course_id) as cnt FROM %scourses WHERE course_id!=%d AND course_dir_name='%s'";
        $num_of_dir = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['course_dir_name']), TRUE);
        if (intval($num_of_dir['cnt']) > 0) {
            $msg->addError('COURSE_DIR_NAME_IN_USE');
        }
    }
    // Custom icon
    if ($_FILES['customicon']['name'] != '') {
        // Use custom icon instead if it exists
        $course_data['icon'] = $addslashes($_FILES['customicon']['name']);
    }
    if ($_FILES['customicon']['error'] == UPLOAD_ERR_FORM_SIZE) {
        // Check if filesize is too large for a POST
        $msg->addError(array('FILE_MAX_SIZE', $_config['prof_pic_max_file_size'] . ' ' . _AT('bytes')));
    }
    if ($course_data['release_date']) {
        $day_release = intval($course_data['day_release']);
        $month_release = intval($course_data['month_release']);
        $year_release = intval($course_data['year_release']);
        $hour_release = intval($course_data['hour_release']);
        $min_release = intval($course_data['min_release']);
        if (!checkdate($month_release, $day_release, $year_release)) {
            //or date is in the past
            $msg->addError('RELEASE_DATE_INVALID');
        }
        if (strlen($month_release) == 1) {
            $month_release = "0{$month_release}";
        }
        if (strlen($day_release) == 1) {
            $day_release = "0{$day_release}";
        }
        if (strlen($hour_release) == 1) {
            $hour_release = "0{$hour_release}";
        }
        if (strlen($min_release) == 1) {
            $min_release = "0{$min_release}";
        }
        $release_date = "{$year_release}-{$month_release}-{$day_release} {$hour_release}:{$min_release}:00";
    } else {
        $release_date = "0000-00-00 00:00:00";
    }
    if ($course_data['end_date']) {
        $day_end = intval($course_data['day_end']);
        $month_end = intval($course_data['month_end']);
        $year_end = intval($course_data['year_end']);
        $hour_end = intval($course_data['hour_end']);
        $min_end = intval($course_data['min_end']);
        if (!checkdate($month_end, $day_end, $year_end)) {
            //or date is in the past
            $msg->addError('END_DATE_INVALID');
        }
        if (strlen($month_end) == 1) {
            $month_end = "0{$month_end}";
        }
        if (strlen($day_end) == 1) {
            $day_end = "0{$day_end}";
        }
        if (strlen($hour_end) == 1) {
            $hour_end = "0{$hour_end}";
        }
        if (strlen($min_end) == 1) {
            $min_end = "0{$min_end}";
        }
        $end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
    } else {
        $end_date = "0000-00-00 00:00:00";
    }
    $initial_content_info = explode('_', $course_data['initial_content'], 2);
    //admin
    $course_quotas = '';
    if ($isadmin) {
        $instructor = $course_data['instructor'];
        $quota = intval($course_data['quota']);
        $quota_entered = intval($course_data['quota_entered']);
        $filesize = intval($course_data['filesize']);
        $filesize_entered = intval($course_data['filesize_entered']);
        //if they checked 'other', set quota=entered value, if it is empty or negative, set to default (-2)
        if ($quota == '2') {
            if ($quota_entered == '' || empty($quota_entered) || $quota_entered < 0) {
                $quota = AT_COURSESIZE_DEFAULT;
            } else {
                $quota = floatval($quota_entered);
                $quota = megabytes_to_bytes($quota);
            }
        }
        //if they checked 'other', set filesize=entered value, if it is empty or negative, set to default
        if ($filesize == '2') {
            if ($filesize_entered == '' || empty($filesize_entered) || $filesize_entered < 0) {
                $filesize = AT_FILESIZE_DEFAULT;
                $msg->addFeedback('COURSE_DEFAULT_FSIZE');
            } else {
                $filesize = floatval($filesize_entered);
                $filesize = megabytes_to_bytes($filesize);
            }
        }
        $course_quotas = "max_quota='{$quota}', max_file_size='{$filesize}',";
    } else {
        $instructor = $_SESSION['member_id'];
        if (!$course_data['course']) {
            $course_quotas = "max_quota=" . AT_COURSESIZE_DEFAULT . ", max_file_size=" . AT_FILESIZE_DEFAULT . ",";
            $row = $Backup->getRow($initial_content_info[0], $initial_content_info[1]);
            if (count($initial_content_info) == 2 && $system_courses[$initial_content_info[1]]['member_id'] == $_SESSION['member_id']) {
                if ($MaxCourseSize < $row['contents']['file_manager']) {
                    $msg->addError('RESTORE_TOO_BIG');
                }
            } else {
                $initial_content_info = intval($course_data['initial_content']);
            }
        } else {
            unset($initial_content_info);
            $course_quotas = "max_quota='{$system_courses[$course_data[course]][max_quota]}', max_file_size='{$system_courses[$course_data[course]][max_file_size]}',";
        }
    }
    if ($msg->containsErrors()) {
        return FALSE;
    }
    //display defaults
    if (!$course_data['course']) {
        $menu_defaults = ",home_links='{$_config['home_defaults']}', main_links='{$_config['main_defaults']}', side_menu='{$_config['side_defaults']}'";
    } else {
        $menu_defaults = ',home_links=\'' . $system_courses[$course_data['course']]['home_links'] . '\', main_links=\'' . $system_courses[$course_data['course']]['main_links'] . '\', side_menu=\'' . $system_courses[$course_data['course']]['side_menu'] . '\'';
    }
    $sql = "REPLACE INTO %scourses \n                SET \n                course_id=%d, \n                member_id='%s', \n                access='%s', \n                title='%s', \n                description='%s', \n                course_dir_name='%s', \n                cat_id=%d, \n                content_packaging='%s', \n                notify=%d, \n                hide=%d, \n                {$course_quotas}\n                primary_language='%s',\n                created_date='%s',\n                rss=%d,\n                copyright='%s',\n                icon='%s',\n                banner='%s',\n                release_date='%s', \n                end_date='%s' \n                {$menu_defaults}";
    $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['instructor'], $course_data['access'], $course_data['title'], $course_data['description'], $course_data['course_dir_name'], $course_data['category_parent'], $course_data['content_packaging'], $course_data['notify'], $course_data['hide'], $course_data['pri_lang'], $course_data['created_date'], $course_data['rss'], $course_data['copyright'], $course_data['icon'], $course_data['banner'], $release_date, $end_date));
    if (!$result) {
        echo at_db_error();
        echo 'DB Error';
        exit;
    }
    $new_course_id = $_SESSION['course_id'] = at_insert_id();
    if (isset($isadmin)) {
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_REPLACE, 'courses', $result, $sqlout);
    }
    if (isset($isadmin)) {
        //get current instructor and unenroll from course if different from POST instructor
        $old_instructor = $system_courses[$course_data['course']]['member_id'];
        if ($old_instructor != $course_data['instructor']) {
            //remove old from course enrollment
            $sql = "DELETE FROM %scourse_enrollment WHERE course_id=%d AND member_id=%d";
            $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $old_instructor));
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout);
        }
    }
    //enroll new instructor
    $sql = "REPLACE INTO %scourse_enrollment VALUES (%d, %d, 'y', 0, '" . _AT('instructor') . "', 0)";
    $result = queryDB($sql, array(TABLE_PREFIX, $course_data['instructor'], $new_course_id));
    if (isset($isadmin)) {
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_REPLACE, 'course_enrollment', $result, $sqlout);
    }
    // create the course content directory
    $path = AT_CONTENT_DIR . $new_course_id . '/';
    @mkdir($path, 0700);
    @copy(AT_CONTENT_DIR . 'index.html', AT_CONTENT_DIR . $new_course_id . '/index.html');
    // create the course backup directory
    $path = AT_BACKUP_DIR . $new_course_id . '/';
    @mkdir($path, 0700);
    @copy(AT_CONTENT_DIR . 'index.html', AT_BACKUP_DIR . $new_course_id . '/index.html');
    /* insert some default content: */
    if (!$course_data['course_id'] && $course_data['initial_content'] == '1') {
        $contentManager = new ContentManager($db, $new_course_id);
        $contentManager->initContent();
        $cid = $contentManager->addContent($new_course_id, 0, 1, _AT('welcome_to_atutor'), addslashes(_AT('this_is_content')), '', '', 1, date('Y-m-d H:00:00'));
        $announcement = _AT('default_announcement');
        $sql = "INSERT INTO %snews VALUES (NULL, %d, %d, NOW(), 1, '%s', '%s')";
        $result = queryDB($sql, array(TABLE_PREFIX, $new_course_id, $instructor, _AT('welcome_to_atutor'), $announcement));
        if ($isadmin) {
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_INSERT, 'news', $result, $sqlout);
        }
    } else {
        if (!$course_data['course'] && count($initial_content_info) == 2) {
            $Backup->setCourseID($new_course_id);
            $Backup->restore($material = TRUE, 'append', $initial_content_info[0], $initial_content_info[1]);
        }
    }
    // custom icon, have to be after directory is created
    if ($_FILES['customicon']['tmp_name'] != '') {
        $course_data['comments'] = trim($course_data['comments']);
        $owner_id = $_SESSION['course_id'];
        $owner_type = "1";
        if ($_FILES['customicon']['error'] == UPLOAD_ERR_INI_SIZE) {
            $msg->addError(array('FILE_TOO_BIG', get_human_size(megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1)))));
        } else {
            if (!isset($_FILES['customicon']['name']) || $_FILES['customicon']['error'] == UPLOAD_ERR_NO_FILE || $_FILES['customicon']['size'] == 0) {
                $msg->addError('FILE_NOT_SELECTED');
            } else {
                if ($_FILES['customicon']['error'] || !is_uploaded_file($_FILES['customicon']['tmp_name'])) {
                    $msg->addError('FILE_NOT_SAVED');
                }
            }
        }
        if (!$msg->containsErrors()) {
            $course_data['description'] = $addslashes(trim($course_data['description']));
            $_FILES['customicon']['name'] = addslashes($_FILES['customicon']['name']);
            if ($course_data['comments']) {
                $num_comments = 1;
            } else {
                $num_comments = 0;
            }
            $path = AT_CONTENT_DIR . $owner_id . "/custom_icons/";
            if (!is_dir($path)) {
                @mkdir($path);
            }
            // if we can upload custom course icon, it means GD is enabled, no need to check extension again.
            $gd_info = gd_info();
            $supported_images = array();
            if ($gd_info['GIF Create Support']) {
                $supported_images[] = 'gif';
            }
            if ($gd_info['JPG Support'] || $gd_info['JPEG Support']) {
                $supported_images[] = 'jpg';
            }
            if ($gd_info['PNG Support']) {
                $supported_images[] = 'png';
            }
            // check if this is a supported file type
            $filename = $stripslashes($_FILES['customicon']['name']);
            $path_parts = pathinfo($filename);
            $extension = strtolower($path_parts['extension']);
            $image_attributes = getimagesize($_FILES['customicon']['tmp_name']);
            if ($extension == 'jpeg') {
                $extension = 'jpg';
            }
            // resize the original but don't backup a copy.
            $width = $image_attributes[0];
            $height = $image_attributes[1];
            $original_img = $_FILES['customicon']['tmp_name'];
            $thumbnail_img = $path . $_FILES['customicon']['name'];
            if ($width > $height && $width > 79) {
                $thumbnail_height = intval(79 * $height / $width);
                $thumbnail_width = 79;
                if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
                    $msg->addError('FILE_NOT_SAVED');
                }
            } else {
                if ($width <= $height && $height > 79) {
                    $thumbnail_height = 100;
                    $thumbnail_width = intval(100 * $width / $height);
                    if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
                        $msg->addError('FILE_NOT_SAVED');
                    }
                } else {
                    // no resizing, just copy the image.
                    // it's too small to resize.
                    copy($original_img, $thumbnail_img);
                }
            }
        } else {
            $msg->addError('FILE_NOT_SAVED');
        }
    }
    //----------------------------------------
    /* delete the RSS feeds just in case: */
    if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS1.0.xml')) {
        @unlink(AT_CONTENT_DIR . 'feeds/' . $course_data['course'] . '/RSS1.0.xml');
    }
    if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml')) {
        @unlink(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml');
    }
    if ($isadmin) {
        $_SESSION['course_id'] = -1;
    }
    $_SESSION['course_title'] = $stripslashes($course_data['title']);
    return $new_course_id;
}
} else {
    $auto_enroll_id = 0;
}
if (isset($_POST['save']) || isset($_POST['add'])) {
    /* insert or update a category */
    $name = trim($_POST['name']);
    $name = $addslashes($name);
    $name = validate_length($name, 50);
    if (isset($_POST['add']) && !$_POST['add_ids']) {
        $msg->addError('NO_ITEM_SELECTED');
    }
    if (!$msg->containsErrors()) {
        if ($auto_enroll_id == 0) {
            $sql = "INSERT INTO %sauto_enroll(associate_string, name)  VALUES ('%s', '%s')";
            $rows_inserted = queryDB($sql, array(TABLE_PREFIX, get_random_string(6, 10), $name));
            $auto_enroll_id = at_insert_id();
            write_to_log(AT_ADMIN_LOG_INSERT, 'auto_enroll', $rows_inserted, $sqlout);
        } else {
            $sql = "UPDATE %sauto_enroll SET name = '%s' WHERE auto_enroll_id = %d";
            $rows_updated = queryDB($sql, array(TABLE_PREFIX, $name, $auto_enroll_id));
            write_to_log(AT_ADMIN_LOG_UPDATE, 'auto_enroll', $rows_updated, $sqlout);
        }
        if (isset($_POST['add'])) {
            foreach ($_POST['add_ids'] as $elem) {
                // unable to determine the purpose of this query
                // which always returns $row['cnt'] == 0, during queryDB() testing.
                $sql = "SELECT count(*) cnt FROM %sauto_enroll_courses\n\t\t\t\t         WHERE auto_enroll_id = %d\n\t\t\t\t           AND course_id = %d";
                $row = queryDB($sql, array(TABLE_PREFIX, $auto_enroll_id, $elem), TRUE);
                if ($row["cnt"] == 0) {
                    $sql = "INSERT INTO %sauto_enroll_courses (auto_enroll_id, course_id) VALUES (%d, %d)";
                    $rows_inserted = queryDB($sql, array(TABLE_PREFIX, $auto_enroll_id, $elem));
Example #8
0
     $num_replies_add = $num_open_replies - $num_close_replies - 1;
     for ($i = 0; $i < $num_replies_add; $i++) {
         $_POST['body'] .= '[/reply]';
     }
     $_POST['body'] .= "\n" . '[op]mods/_standard/forums/forum/view.php?fid=' . $_POST['fid'] . SEP . 'pid=' . $_POST['parent_id'] . SEP . 'page=' . $_POST['page'] . '#' . $_POST['reply'];
     $_POST['body'] .= '[/op][/reply]';
 }
 /* use this value instead of NOW(), because we want the parent post to have the exact */
 /* same date. and not a second off if that may happen */
 /* this fails however */
 $now = date('Y-m-d H:i:s');
 $sql_subject = $addslashes($_POST['subject']);
 $sql_body = $addslashes($_POST['body']);
 $sql = "INSERT INTO %sforums_threads VALUES (NULL, %d, %d, %d, '%s', 0, '%s', '%s', NOW(), 0, 0)";
 $result = queryDB($sql, array(TABLE_PREFIX, $_POST['parent_id'], $_SESSION['member_id'], $_POST['fid'], $now, $sql_subject, $sql_body, $now));
 $this_id = at_insert_id();
 /* Increment count for posts in forums table in database */
 $sql = "UPDATE %sforums SET num_posts=num_posts+1, last_post='%s' WHERE forum_id=%d";
 $result = queryDB($sql, array(TABLE_PREFIX, $now, $_POST['fid']));
 // If there are subscribers to this forum, send them an email notification
 $subscriber_email_list = array();
 // list of subscribers array('email', 'full_name')
 $subscriber_list = '';
 $enrolled = array();
 // get list of student enrolled in this course
 // This needs to be replaced with a tool to clean forum subscriptions when unenrolling
 $sql = "SELECT member_id from %scourse_enrollment WHERE course_id = %d AND approved = 'y'";
 $rows_enrolled = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id']));
 foreach ($rows_enrolled as $row) {
     $enrolled[] = $row['member_id'];
 }
 }
 if ($_POST['percentage_from'][0] == '') {
     $empty_fields[] = _AT('percentage_from') . ' at line 1';
 }
 if ($_POST['percentage_to'][0] == '') {
     $empty_fields[] = _AT('percentage_to') . ' at line 1';
 }
 if (!empty($empty_fields)) {
     $msg->addError(array('EMPTY_FIELDS', implode(', ', $empty_fields)));
 }
 if (!$msg->containsErrors()) {
     $_POST['scale_name'] = $addslashes($_POST['scale_name']);
     if ($action == "add") {
         $sql = "INSERT INTO %sgrade_scales (member_id, scale_name, created_date) VALUES ( %d, '%s', now())";
         $result = queryDB($sql, array(TABLE_PREFIX, $_SESSION["member_id"], $_POST["scale_name"]));
         $grade_scale_id = at_insert_id();
     } else {
         if ($action == "edit" && isset($_POST["grade_scale_id"])) {
             $grade_scale_id = $_POST["grade_scale_id"];
             $sql = "UPDATE %sgrade_scales SET scale_name = '%s' WHERE grade_scale_id = %d";
             $result = queryDB($sql, array(TABLE_PREFIX, $_POST["scale_name"], $grade_scale_id));
             // clean up scale details for new insertions
             $sql = "DELETE FROM %sgrade_scales_detail WHERE grade_scale_id = %d";
             $result = queryDB($sql, array(TABLE_PREFIX, $grade_scale_id));
         }
     }
     for ($i = 0; $i < 10; $i++) {
         if ($_POST['scale_value'][$i] != "") {
             $_POST['scale_value'][$i] = $addslashes(trim($_POST['scale_value'][$i]));
             $_POST['percentage_from'][$i] = intval($_POST['percentage_from'][$i]);
             $_POST['percentage_to'][$i] = intval($_POST['percentage_to'][$i]);
Example #10
0
    }
    $msg->addFeedback('CANCELLED');
    header('Location: ' . $_last_visited_page);
    exit;
} else {
    if (isset($_POST['submit'])) {
        $guest_name = $addslashes(trim($_POST["guest_name"]));
        $organization = $addslashes(trim($_POST["organization"]));
        $location = $addslashes(trim($_POST["location"]));
        $role = $addslashes(trim($_POST["role"]));
        $focus = $addslashes(trim($_POST["focus"]));
        if ($guest_name != "" || $organization != "" || $location != "" || $role != "" || $focus != "") {
            $guest_id = get_next_guest_id();
            $sql = "INSERT INTO %sguests (guest_id, name, organization, location, role, focus)\n                         VALUES ('%s', '%s', '%s', '%s', '%s', '%s')";
            $result = queryDB($sql, array(TABLE_PREFIX, $guest_id, $guest_name, $organization, $location, $role, $focus));
            $result_id = at_insert_id();
        }
        $gid_str = isset($guest_id) ? SEP . "gid=" . $guest_id : "";
        if (isset($cid)) {
            $gid_str .= SEP . 'cid=' . $cid;
        }
        global $_base_href;
        if ($test_row['display']) {
            #        header('Location: '.url_rewrite('mods/_standard/tests/take_test_q.php?tid='.$tid.$gid_str, AT_PRETTY_URL_IS_HEADER));
            header('Location: ' . $_base_href . 'mods/_standard/tests/take_test_q.php?tid=' . $tid . $gid_str);
        } else {
            #header('Location: '.url_rewrite('mods/_standard/tests/take_test.php?tid='.$tid.$gid_str, AT_PRETTY_URL_IS_HEADER));
            header('Location: ' . $_base_href . 'mods/_standard/tests/take_test.php?tid=' . $tid . $gid_str);
        }
        exit;
    }
Example #11
0
     $missing_fields = implode(', ', $missing_fields);
     $msg->addError(array('EMPTY_FIELDS', $missing_fields));
 }
 if (!$msg->containsErrors()) {
     $_POST['type_title'] = $addslashes($_POST['type_title']);
     $_POST['prefix'] = $addslashes($_POST['prefix']);
     $_POST['description'] = $addslashes($_POST['description']);
     $sql = "INSERT INTO %sgroups_types VALUES (NULL, %d, '%s')";
     $result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], $_POST['type_title']));
     $group_type_id = at_insert_id();
     $start_index = 0;
     for ($i = 0; $i < $num_groups; $i++) {
         $group_title = $_POST['prefix'] . ' ' . ($i + 1);
         $sql = "INSERT INTO %sgroups VALUES (NULL, %d, '%s', '%s', '%s')";
         $result = queryDB($sql, array(TABLE_PREFIX, $group_type_id, $group_title, $_POST['description'], $modules));
         $group_id = at_insert_id();
         $_SESSION['groups'][$group_id] = $group_id;
         // call module init scripts:
         if (isset($_POST['modules'])) {
             foreach ($_POST['modules'] as $mod) {
                 $module =& $moduleFactory->getModule($mod);
                 $module->createGroup($group_id);
             }
         }
         if (isset($_POST['fill'])) {
             // put students in this group
             for ($j = $start_index; $j < min($start_index + $num_students_per_group, $total_students); $j++) {
                 $sql = "INSERT INTO %sgroups_members VALUES (%d, %d)";
                 queryDB($sql, array(TABLE_PREFIX, $group_id, $students[$j]));
             }
             $start_index = $j;
Example #12
0
function add_users($user_list, $enroll, $course)
{
    global $db;
    global $msg;
    global $_config;
    global $addslashes;
    require_once AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php';
    if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
        $status = AT_STATUS_UNCONFIRMED;
    } else {
        $status = AT_STATUS_STUDENT;
    }
    foreach ($user_list as $student) {
        if (!$student['remove']) {
            $student['uname'] = $addslashes($student['uname']);
            $student['email'] = $addslashes($student['email']);
            $student['fname'] = $addslashes($student['fname']);
            $student['lname'] = $addslashes($student['lname']);
            if (!$student['exists']) {
                $sql = "INSERT INTO %smembers \n\t\t\t\t              (login,\n\t\t\t\t               password,\n\t\t\t\t               email,\n\t\t\t\t               first_name,\n\t\t\t\t               last_name,\n\t\t\t\t               gender,\n\t\t\t\t               status,\n\t\t\t\t               preferences,\n\t\t\t\t               creation_date,\n\t\t\t\t               language,\n\t\t\t\t               inbox_notify,\n\t\t\t\t               private_email)\n\t\t\t\t              VALUES \n\t\t\t\t              ('{$student['uname']}',\n\t\t\t\t               '" . sha1($student[uname]) . "',\n\t\t\t\t               '{$student['email']}',\n\t\t\t\t               '{$student['fname']}',\n\t\t\t\t               '{$student['lname']}',\n\t\t\t\t               'n', \n\t\t\t\t               {$status}, \n\t\t\t\t               '{$_config['pref_defaults']}', \n\t\t\t\t               NOW(),\n\t\t\t\t               '{$_config['default_language']}', \n\t\t\t\t               {$_config['pref_inbox_notify']}, \n\t\t\t\t               1)";
                $result = queryDB($sql, array(TABLE_PREFIX));
                if ($result == 1) {
                    $m_id = at_insert_id();
                    $student['exists'] = _AT('import_err_email_exists');
                    $role = "Student";
                    $sql = "INSERT INTO %scourse_enrollment (member_id, course_id, approved, last_cid, role) VALUES (%d, %d, '%s', 0, '%s')";
                    $result = queryDB($sql, array(TABLE_PREFIX, $m_id, $course, $enroll, $role));
                    if ($result > 0) {
                        $enrolled_list .= '<li>' . $student['uname'] . '</li>';
                        if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) {
                            $sql = "SELECT email, creation_date FROM %smembers WHERE member_id=%d";
                            $row = queryDB($sql, array(TABLE_PREFIX, $m_id), TRUE);
                            $code = substr(md5($row['email'] . $row['creation_date'] . $m_id), 0, 10);
                            // send email here.
                            $confirmation_link = AT_BASE_HREF . 'confirm.php?id=' . $m_id . SEP . 'm=' . $code;
                            $subject = $_config['site_name'] . ': ' . _AT('email_confirmation_subject');
                            $body = _AT(array('new_account_enroll_confirm', $_SESSION['course_title'], $confirmation_link)) . "\n\n";
                        } else {
                            $subject = $_config['site_name'] . ': ' . _AT('account_information');
                            $body = _AT(array('new_account_enroll', AT_BASE_HREF, $_SESSION['course_title'])) . "\n\n";
                        }
                        //$body .= SITE_NAME.': '._AT('account_information')."\n";
                        $body .= _AT('web_site') . ' : ' . AT_BASE_HREF . "\n";
                        $body .= _AT('login_name') . ' : ' . $student['uname'] . "\n";
                        $body .= _AT('password') . ' : ' . $student['uname'] . "\n";
                        $mail = new ATutorMailer();
                        $mail->From = $_config['contact_email'];
                        $mail->AddAddress($student['email']);
                        $mail->Subject = $subject;
                        $mail->Body = $body;
                        $mail->Send();
                        unset($mail);
                    } else {
                        $already_enrolled .= '<li>' . $student['uname'] . '</li>';
                    }
                } else {
                    //$msg->addError('LIST_IMPORT_FAILED');
                }
            } else {
                if (!$student['err_disabled']) {
                    $sql = "SELECT member_id FROM %smembers WHERE email='%s'";
                    $rows_members = queryDB($sql, array(TABLE_PREFIX, $student['email']), TRUE);
                    $role = "Student";
                    if (count($rows_members) > 0) {
                        $row = $rows_members;
                        $m_id = $row['member_id'];
                        $sql = "INSERT INTO %scourse_enrollment (member_id, course_id, approved, last_cid, role) VALUES (%d, %d, '%s', 0, '%s')";
                        $result = queryDB($sql, array(TABLE_PREFIX, $m_id, $course, $enroll, $role));
                        if ($result > 0) {
                            $enrolled_list .= '<li>' . $student['uname'] . '</li>';
                        } else {
                            $sql = "REPLACE INTO %scourse_enrollment (member_id, course_id, approved, last_cid, role) VALUES (%d, %s, '%s', 0, '%s')";
                            $result = queryDB($sql, array(TABLE_PREFIX, $m_id, $course, $enroll, $role));
                            $enrolled_list .= '<li>' . $student['uname'] . '</li>';
                        }
                        $subject = $_config['site_name'] . ': ' . _AT('email_confirmation_subject');
                        $body = _AT(array('enrol_message_approved', $_SESSION['course_title'], AT_BASE_HREF)) . "\n\n";
                        $body .= _AT('web_site') . ' : ' . AT_BASE_HREF . "\n";
                        $body .= _AT('login_name') . ' : ' . $student['uname'] . "\n";
                        $mail = new ATutorMailer();
                        $mail->From = $_config['contact_email'];
                        $mail->AddAddress($student['email']);
                        $mail->Subject = $subject;
                        $mail->Body = $body;
                        $mail->Send();
                        unset($mail);
                    }
                } else {
                    if ($student['err_disabled']) {
                        $not_enrolled_list .= '<li>' . $student['uname'] . '</li>';
                    }
                }
            }
        }
    }
    if ($already_enrolled) {
        $feedback = array('ALREADY_ENROLLED', $already_enrolled);
        $msg->addFeedback($feedback);
    }
    if ($enrolled_list) {
        $feedback = array('ENROLLED', $enrolled_list);
        $msg->addFeedback($feedback);
    }
    if ($not_enrolled_list) {
        $feedback = array('NOT_ENROLLED', $not_enrolled_list);
        $msg->addFeedback($feedback);
    }
}
         }
         if ($rtn_pair[0] == 'expire') {
             $expire_threshold = $rtn_pair[1];
         }
         if ($rtn_pair[0] == 'error') {
             $error = urldecode($rtn_pair[1]);
         }
     }
     if ($error != '') {
         $msg->addError(array('TILE_AUTHENTICATION_FAIL', $error));
         header('Location: ' . AT_BASE_HREF . 'mods/_core/imscp/index.php');
         exit;
     } else {
         $sql = "INSERT INTO %soauth_client_servers\n\t\t\t\t\t    (oauth_server, consumer_key, consumer_secret, expire_threshold, create_date)\n\t\t\t\t\t    VALUES ('%s', '%s',\n\t\t\t\t\t    '%s', %d, now())";
         $result = queryDB($sql, array(TABLE_PREFIX, $_config['transformable_uri'], $consumer_key, $consumer_secret, $expire_threshold));
         $oauth_server_id = at_insert_id();
     }
 } else {
     $oauth_server_id = $row['oauth_server_id'];
     $consumer_key = $row['consumer_key'];
     $consumer_secret = $row['consumer_secret'];
     $expire_threshold = $row['expire_threshold'];
 }
 $consumer = new OAuthConsumer($consumer_key, $consumer_secret, $client_callback_url);
 // 2. get request token
 $req_req = OAuthRequest::from_consumer_and_token($consumer, NULL, "GET", AT_TILE_OAUTH_REQUEST_TOKEN_URL);
 $req_req->sign_request($sig_method, $consumer, NULL);
 $oauth_server_response = file_get_contents($req_req);
 // handle OAUTH request token response
 foreach (explode('&', $oauth_server_response) as $rtn) {
     $rtn_pair = explode('=', $rtn);
Example #14
0
/**
 * copies a file to another workspace.
 * currently only used for submitting assignments.
 **/
function fs_copy_file($file_id, $src_owner_type, $src_owner_id, $dest_owner_type, $dest_owner_id, $dest_folder_id)
{
    $sql = "SELECT file_name, file_size, description FROM %sfiles WHERE file_id=%d AND owner_type=%d AND owner_id=%d";
    $row = queryDB($sql, array(TABLE_PREFIX, $file_id, $src_owner_type, $src_owner_id), TRUE);
    if (count($row) == 0) {
        return false;
    }
    $sql = "INSERT INTO %sfiles VALUES (NULL, %d, %d, %d, %d, 0, NOW(), 0, 0, '%s', %d, '%s')";
    $result = queryDB($sql, array(TABLE_PREFIX, $dest_owner_type, $dest_owner_id, $_SESSION['member_id'], $dest_folder_id, $row['file_name'], $row['file_size'], $row['description']));
    $id = at_insert_id();
    $src_file = fs_get_file_path($file_id) . $file_id;
    $dest_file = fs_get_file_path($id) . $id;
    copy($src_file, $dest_file);
}
Example #15
0
 if (empty($_POST['title'])) {
     $missing_fields[] = _AT('title');
 }
 if (empty($_POST['courses'])) {
     $missing_fields[] = _AT('courses');
 }
 if ($missing_fields) {
     $missing_fields = implode(', ', $missing_fields);
     $msg->addError(array('EMPTY_FIELDS', $missing_fields));
 }
 $_POST['edit'] = intval($_POST['edit']);
 if (!$msg->containsErrors()) {
     //add forum
     $sql = "INSERT INTO %sforums (title, description, mins_to_edit) VALUES ('%s','%s', %d)";
     $result = queryDB($sql, array(TABLE_PREFIX, $_POST['title'], $_POST['description'], $_POST['edit']));
     $forum_id = at_insert_id();
     global $sqlout;
     write_to_log(AT_ADMIN_LOG_INSERT, 'forums', $result, $sqlout);
     //for each course, add an entry to the forums_courses table
     foreach ($_POST['courses'] as $course) {
         $sql = "INSERT INTO %sforums_courses VALUES (%d,%d)";
         $result = queryDB($sql, array(TABLE_PREFIX, $forum_id, $course));
         global $sqlout;
         write_to_log(AT_ADMIN_LOG_INSERT, 'forums_courses', $result, $sqlout);
     }
     $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
     if ($course == "0") {
         $msg->addFeedback('FORUM_POSTING');
     }
     header('Location: ' . AT_BASE_HREF . 'mods/_standard/forums/admin/forums.php');
     exit;
Example #16
0
            if (strlen($day_end) == 1) {
                $day_end = "0{$day_end}";
            }
            if (strlen($hour_end) == 1) {
                $hour_end = "0{$hour_end}";
            }
            if (strlen($min_end) == 1) {
                $min_end = "0{$min_end}";
            }
            $start_date = "{$year_start}-{$month_start}-{$day_start} {$hour_start}:{$min_start}:00";
            $end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
            //If title exceeded database defined length, truncate it.
            $_POST['title'] = validate_length($_POST['title'], 100);
            $sql = "INSERT INTO %stests " . "(test_id,\n             course_id,\n             title,\n             description,\n             format,\n             start_date,\n             end_date,\n             randomize_order,\n             num_questions,\n             instructions,\n             content_id,\n             passscore,\n             passpercent,\n             passfeedback,\n             failfeedback,\n             result_release,\n             random,\n             difficulty,\n             num_takes,\n             anonymous,\n             out_of,\n             guests,\n             display,\n             show_guest_form,\n             remedial_content)" . "VALUES \n            (NULL, %d, '%s', '%s', %d, '%s', '%s', %d, %d, '%s', %d, %d, %d, '%s', '%s', %d, %d, %d, %d, %d, '', %d, %d, %d, %d)";
            $result = queryDB($sql, array(TABLE_PREFIX, $_SESSION[course_id], $_POST['title'], $_POST['description'], $_POST['format'], $start_date, $end_date, $_POST['order'], $_POST['num_questions'], $_POST['instructions'], $_POST['content_id'], $_POST['passscore'], $_POST['passpercent'], $_POST['passfeedback'], $_POST['failfeedback'], $_POST['result_release'], $_POST['random'], $_POST['difficulty'], $_POST['num_takes'], $_POST['anonymous'], $_POST['allow_guests'], $_POST['display'], $_POST['show_guest_form'], $_POST['remedial_content']));
            $tid = at_insert_id();
            if (isset($_POST['groups']) && $tid) {
                $sql = "INSERT INTO %stests_groups VALUES ";
                foreach ($_POST['groups'] as $group) {
                    $group = intval($group);
                    $sql .= "({$tid}, {$group}),";
                }
                $sql = substr($sql, 0, -1);
                $result = queryDB($sql, array(TABLE_PREFIX));
            }
            $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
            header('Location: index.php');
            exit;
        }
    }
}
Example #17
0
} else {
    if (isset($_POST['submit'])) {
        $_POST['title'] = $addslashes(trim($_POST['title']));
        $_POST['body'] = $addslashes(trim($_POST['body']));
        if ($_POST['body'] == '') {
            $msg->addError(array('EMPTY_FIELDS', _AT('body')));
        }
        if (!$msg->containsErrors()) {
            $_POST['private'] = abs($_POST['private']);
            $sql = "INSERT INTO %sblog_posts VALUES (NULL, %d, %d, %d, %d, NOW(), 0, '%s', '%s')";
            queryDB($sql, array(TABLE_PREFIX, $_SESSION['member_id'], BLOGS_GROUP, $_POST['oid'], $_POST['private'], $_POST['title'], $_POST['body']));
            if (!isset($sub)) {
                require_once AT_INCLUDE_PATH . 'classes/subscribe.class.php';
                $sub = new subscription();
            }
            $sub->send_mail('blog', $_POST['oid'], at_insert_id());
            $msg->addFeedback('POST_ADDED_SUCCESSFULLY');
            header('Location: ' . url_rewrite('mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_POST['oid'], AT_PRETTY_URL_IS_HEADER));
            exit;
        }
    }
}
// this will also be dynamic as the parent page changes
$_pages['mods/_standard/blogs/add_post.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['title_var'] = 'add';
$_pages['mods/_standard/blogs/add_post.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['parent'] = 'mods/_standard/blogs/view.php';
$_pages['mods/_standard/blogs/add_post.php']['title_var'] = 'add';
$_pages['mods/_standard/blogs/add_post.php']['parent'] = 'mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid'];
$_pages['mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['title'] = blogs_get_blog_name(BLOGS_GROUP, $_REQUEST['oid']);
$_pages['mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['parent'] = 'mods/_standard/blogs/index.php';
$_pages['mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $_REQUEST['oid']]['children'] = array('mods/_standard/blogs/add_post.php');
$onload = 'document.form.title.focus();';
Example #18
0
 * @var $_POST values: 
 *      pid: primary resource id
 *      a_type: alternative type, must be one of the values in resource_types.type_id
 *      alternative: the location and name of the selected alternative
 */
define('AT_INCLUDE_PATH', '../../../include/');
require AT_INCLUDE_PATH . 'vitals.inc.php';
$pid = intval($_POST['pid']);
$type_id = intval($_POST['a_type']);
$secondary_resource = trim($_POST['alternative']);
// check post vars
if ($pid == 0 || $type_id == 0 || $secondary_resource == '') {
    exit;
}
global $db;
// delete the existing alternative for this (pid, a_type)
$sql = "SELECT sr.secondary_resource_id \n          FROM %ssecondary_resources sr, %ssecondary_resources_types srt\n         WHERE sr.secondary_resource_id = srt.secondary_resource_id\n           AND sr.primary_resource_id = %d\n           AND sr.language_code = '%s'\n           AND srt.type_id=%d";
$rows_existing_secondary = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $pid, $_SESSION['lang'], $type_id));
foreach ($rows_existing_secondary as $existing_secondary) {
    $sql = "DELETE FROM %ssecondary_resources WHERE secondary_resource_id = %d";
    $result = queryDB($sql, array(TABLE_PREFIX, $existing_secondary['secondary_resource_id']));
    $sql = "DELETE FROM %ssecondary_resources_types WHERE secondary_resource_id = %d AND type_id=%d";
    $result = queryDB($sql, array(TABLE_PREFIX, $existing_secondary['secondary_resource_id'], $type_id));
}
// insert new alternative
$sql = "INSERT INTO %ssecondary_resources (primary_resource_id, secondary_resource, language_code) VALUES (%d, '%s', '%s')";
$result = queryDB($sql, array(TABLE_PREFIX, $pid, $secondary_resource, $_SESSION['lang']));
$secondary_resource_id = at_insert_id();
$sql = "INSERT INTO %ssecondary_resources_types (secondary_resource_id, type_id) VALUES (%d, %d)";
$result = queryDB($sql, array(TABLE_PREFIX, $secondary_resource_id, $type_id));
exit;
Example #19
0
 if ($missing_fields) {
     $missing_fields = implode(', ', $missing_fields);
     $msg->addError(array('EMPTY_FIELDS', $missing_fields));
 }
 if (!$msg->containsErrors()) {
     $_POST['title'] = validate_length($_POST['title'], 255);
     $_POST['author'] = validate_length($_POST['author'], 150);
     $_POST['publisher'] = validate_length($_POST['publisher'], 150);
     $_POST['date'] = $_POST['date'];
     $_POST['comments'] = validate_length($_POST['comments'], 255);
     if ($id == '0') {
         // creating a new URL resource
         $sql = "INSERT INTO %sexternal_resources VALUES (NULL, %d,\n\t\t\t\t%d, \n\t\t\t\t'%s', \n\t\t\t\t'%s', \n\t\t\t\t'%s', \n\t\t\t\t'%s', \n\t\t\t\t'%s',\n\t\t\t\t'',\n\t\t\t\t'')";
         $result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], RL_TYPE_AV, $_POST['title'], $_POST['author'], $_POST['publisher'], $_POST['date'], $_POST['comments']));
         // index to new URL resource
         $id_new = at_insert_id();
         $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
     } else {
         // modifying an existing URL resource
         $sql = "UPDATE %sexternal_resources SET title='%s', author='%s', publisher='%s', date='%s', comments='%s', id='%s' WHERE resource_id=%d AND course_id=%d";
         $result = queryDB($sql, array(TABLE_PREFIX, $_POST['title'], $_POST['author'], $_POST['publisher'], $_POST['date'], $_POST['comments'], $_POST['isbn'], $id, $_SESSION['course_id']));
         // index to URL resource
         $id_new = $id;
         $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
     }
     if (trim($_POST['page_return']) != '') {
         header('Location: ' . $_POST['page_return'] . '?existingbook=' . $id_new);
     } else {
         header('Location: index_instructor.php');
     }
     exit;
Example #20
0
         $sql = "INSERT INTO %sgroups_types VALUES (NULL, %d, '%s')";
         $result_group_types = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], $_POST['new_type']));
         $type_id = at_insert_id();
     } else {
         $sql = "SELECT type_id FROM %sgroups_types WHERE course_id=%d AND type_id=%d";
         $rows_groups_types = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], $_POST['type']), TRUE);
         if (count($rows_groups_types) > 0) {
             $type_id = $rows_groups_types['type_id'];
         } else {
             $type_id = FALSE;
         }
     }
     if ($type_id) {
         $sql = "INSERT INTO %sgroups VALUES (NULL, %d, '%s', '%s', '%s')";
         $result = queryDB($sql, array(TABLE_PREFIX, $type_id, $_POST['prefix'], $_POST['description'], $modules));
         $group_id = at_insert_id($db);
         $_SESSION['groups'][$group_id] = $group_id;
         // call module init scripts:
         if (isset($_POST['modules'])) {
             foreach ($_POST['modules'] as $mod) {
                 $module =& $moduleFactory->getModule($mod);
                 $module->createGroup($group_id);
             }
         }
     }
     $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
     $return_url = $_SESSION['tool_origin']['url'];
     tool_origin('off');
     header('Location: ' . $return_url);
 } else {
     $_POST['new_type'] = $stripslashes($_POST['new_type']);
Example #21
0
 /** 
  * Create an album
  * @param	string		name of the album
  * @param	string		location of where this album took place
  * @param	string		descriptive text of this album
  * @param	int			check include/constants.inc.php
  * @param	int			permission, 0 for private, 1 for shared
  * @param	int			album author
  * @param	int			OPTIONAL, Photo cover for this album
  * @return  int         album_id, FALSE if failed.
  */
 function createAlbum($name, $location, $description, $type, $permission, $member_id, $photo_id = 0)
 {
     $type = intval($type);
     $type = $type <= 0 ? AT_PA_TYPE_MY_ALBUM : $type;
     $sql = "INSERT INTO %spa_albums (name, location, description, type_id, member_id, permission, photo_id, created_date, last_updated) VALUES ('%s', '%s', '%s', %d, %d, %d, %d, NOW(), NOW())";
     $result = queryDB($sql, array(TABLE_PREFIX, $name, $location, $description, $type, $member_id, $permission, $photo_id));
     $aid = at_insert_id();
     //if course album, add a record.
     if ($type == AT_PA_TYPE_COURSE_ALBUM) {
         $sql = "INSERT INTO %spa_course_album (course_id, album_id) VALUES (%d,%d)";
         $result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], $aid));
     }
     if ($result == 0) {
         return false;
     }
     return $aid;
 }
Example #22
0
 /**
  * Transverse the tree and update/insert entries based on the updated structure.
  * @param	array	The tree from rebuild(), and the subtree from the recursion.
  * @param	int		the ordering of this subtree respect to its parent.
  * @param	int		parent content id
  * @return	null (nothing to return, it updates the db only)
  */
 private function reconstruct($tree, $order, $content_parent_id, $table_prefix)
 {
     //a content page.
     if (!is_array($tree)) {
         $sql = "UPDATE %scontent SET ordering=%d, content_parent_id=%d WHERE content_id=%d";
         $result = queryDB($sql, array($table_prefix, $order, $content_parent_id, $tree));
         return $result;
     }
     foreach ($tree as $k => $v) {
         if (preg_match('/order\\_([\\d]+)/', $k, $match) == 1) {
             //order layer
             $this->reconstruct($v, $match[1], $content_parent_id, $table_prefix);
             //inherit the previous layer id
         } else {
             //content folder layer
             $sql = "SELECT * FROM %scontent WHERE content_id=%d";
             $old_content_row = queryDB($sql, array($table_prefix, $k), TRUE);
             $sql = 'INSERT INTO %scontent (course_id, content_parent_id, ordering, last_modified, revision, formatting, release_date, keywords, content_path, title, use_customized_head, allow_test_export, content_type) VALUES (' . $old_content_row['course_id'] . ', ' . $content_parent_id . ', ' . $order . ', ' . '\'' . $old_content_row['last_modified'] . '\', ' . $old_content_row['revision'] . ', ' . $old_content_row['formatting'] . ', ' . '\'' . $old_content_row['release_date'] . '\', ' . '\'' . $old_content_row['keywords'] . '\', ' . '\'' . $old_content_row['content_path'] . '\', ' . '\'' . $old_content_row['title'] . '\', ' . $old_content_row['use_customized_head'] . ', ' . $old_content_row['allow_test_export'] . ', ' . '1)';
             $result = queryDB($sql, array($table_prefix));
             if ($result > 0) {
                 $folder_id = at_insert_id();
                 $this->reconstruct($v, '', $folder_id, $table_prefix);
             } else {
                 //throw error
                 echo at_db_error();
             }
         }
     }
 }
Example #23
0
if (isset($_POST['submit']) && $_SESSION['member_id']) {
    // post a comment
    $_POST['body'] = $addslashes(trim($_POST['body']));
    $_POST['private'] = abs($_POST['private']);
    if ($_POST['body'] == '') {
        $msg->addError(array('EMPTY_FIELDS', _AT('comments')));
    }
    if (!$msg->containsErrors()) {
        $sql = "INSERT INTO %sblog_posts_comments VALUES (NULL, %d, %d, NOW(), %d, '%s')";
        $result = queryDB($sql, array(TABLE_PREFIX, $id, $_SESSION['member_id'], $_POST['private'], $_POST['body']));
        $comments_affected_rows = $result;
        if (!isset($sub)) {
            require_once AT_INCLUDE_PATH . 'classes/subscribe.class.php';
            $sub = new subscription();
        }
        $sub->send_mail('blogcomment', $owner_id, at_insert_id());
        if ($comments_affected_rows == 1) {
            $sql = "UPDATE %sblog_posts SET num_comments=num_comments+1, date=date WHERE post_id=%d";
            queryDB($sql, array(TABLE_PREFIX, $id));
        }
        $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
        header('Location: ' . url_rewrite('mods/_standard/blogs/post.php?ot=' . $owner_type . SEP . 'oid=' . $owner_id . SEP . 'id=' . $id, AT_PRETTY_URL_IS_HEADER));
        exit;
    }
}
if (count($post_row) == 0) {
    header('Location: ' . url_rewrite('mods/_standard/blogs/view.php?ot=' . $owner_type . SEP . 'oid=' . $owner_id));
    exit;
}
$_pages['mods/_standard/blogs/post.php']['title'] = $post_row['title'] . ($post_row['private'] ? ' - ' . _AT('private') : '');
$_pages['mods/_standard/blogs/post.php']['parent'] = 'mods/_standard/blogs/view.php?ot=' . BLOGS_GROUP . SEP . 'oid=' . $owner_id;
Example #24
0
	          use_customized_head,
	          keywords, 
	          content_path, 
	          title, 
	          text,
			  test_message,
			  content_type) 
	       VALUES 
			     (' . $_SESSION['course_id'] . ',' . intval($content_parent_id) . ',' . ($content_info['ordering'] + $my_offset - $lti_offset[$content_info['parent_content_id']] + 1) . ',' . '"' . $last_modified . '",													
			      0,' . $content_formatting . ' ,
			      NOW(),"' . $head . '",
			     1,
			      "",' . '"' . $content_info['new_path'] . '",' . '"' . escapeSQLValue($content_info['title']) . '",' . '"' . escapeSQLValue($content) . '",' . '"' . escapeSQLValue($content_info['test_message']) . '",' . $content_folder_type . ')';
    $result = queryDB($sql, array(TABLE_PREFIX));
    /* get the content id and update $items */
    $items[$item_id]['real_content_id'] = at_insert_id();
    /* get the tests associated with this content */
    if (!empty($items[$item_id]['tests']) || strpos($items[$item_id]['type'], 'imsqti_xmlv1p2/imscc_xmlv1p0') !== false) {
        $qti_import = new QTIImport($import_path);
        if (isset($items[$item_id]['tests'])) {
            $loop_var = $items[$item_id]['tests'];
        } else {
            $loop_var = $items[$item_id]['file'];
        }
        foreach ($loop_var as $array_id => $test_xml_file) {
            //check if this item is the qti item object, or it is the content item obj
            //switch it to qti obj if it's content item obj
            if ($items[$item_id]['type'] == 'webcontent') {
                $item_qti = $items[$array_id];
            } else {
                $item_qti = $items[$item_id];
 /**
  * Save patch info into database & save uploaded files into content folder
  * @access  public
  * @return  xml string
  * @author  Cindy Qi Li
  */
 function saveInfo()
 {
     global $db;
     if ($this->current_patch_id == 0) {
         $sql = "INSERT INTO %smyown_patches \n\t\t               (atutor_patch_id, \n\t\t                applied_version,\n\t\t                description,\n\t\t                sql_statement,\n\t\t                status,\n\t\t                last_modified)\n\t\t\t        VALUES ('%s', '%s', '%s', '%s', 'Created', now())";
         $result = queryDB($sql, array(TABLE_PREFIX, $this->patch_info_array["atutor_patch_id"], $this->patch_info_array["atutor_version_to_apply"], $this->patch_info_array["description"], $this->patch_info_array["sql_statement"]));
     } else {
         $sql = "UPDATE %smyown_patches \n\t\t\t           SET atutor_patch_id = '%s',\n\t\t\t               applied_version = '%s',\n\t\t\t               description = '%s',\n\t\t\t               sql_statement = '%s',\n\t\t\t               status = 'Created',\n\t\t\t               last_modified = now()\n\t\t\t         WHERE myown_patch_id = %d";
         $result = queryDB($sql, array(TABLE_PREFIX, $this->patch_info_array["atutor_patch_id"], $this->patch_info_array["atutor_version_to_apply"], $this->patch_info_array["description"], $this->patch_info_array["sql_statement"], $this->current_patch_id));
     }
     if ($this->current_patch_id == 0) {
         $this->current_patch_id = at_insert_id();
     } else {
         $sql = "DELETE FROM %smyown_patches_dependent WHERE myown_patch_id = %d";
         $result = queryDB($sql, array(TABLE_PREFIX, $this->current_patch_id));
         $sql = "DELETE FROM %smyown_patches_files WHERE myown_patch_id = %d";
         $result = queryDB($sql, array(TABLE_PREFIX, $this->current_patch_id));
     }
     // insert records into table myown_patches_dependent
     if (is_array($this->patch_info_array["dependent_patches"])) {
         foreach ($this->patch_info_array["dependent_patches"] as $dependent_patch) {
             $sql = "INSERT INTO %smyown_patches_dependent (myown_patch_id, dependent_patch_id) VALUES (%d, '%s')";
             $result = queryDB($sql, array(TABLE_PREFIX, $this->current_patch_id, $dependent_patch));
         }
     }
     // insert records into table myown_patches_files
     if (is_array($this->patch_info_array["files"])) {
         foreach ($this->patch_info_array["files"] as $file_info) {
             if ($file_info["upload_tmp_name"] != "") {
                 $upload_to = $this->saveFile($file_info);
             } else {
                 $upload_to = "";
             }
             $sql = "INSERT INTO %smyown_patches_files\n\t\t               (myown_patch_id, action, name, location, code_from, code_to, uploaded_file)\n\t\t\t            VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s')";
             $result = queryDB($sql, array(TABLE_PREFIX, intval($this->current_patch_id), $file_info["action"], my_add_null_slashes($file_info["file_name"]), my_add_null_slashes($file_info["directory"]), my_add_null_slashes($file_info["code_from"]), my_add_null_slashes($file_info["code_to"]), my_add_null_slashes($upload_to)), FALSE, FALSE);
         }
     }
 }
 /**
  * Writing of the new data in the ATutor database
  * @access  private
  * @param   current item pointer, course id, parent id
  * @return  last inserted row id
  * @author  Mauro Donadio
  */
 private function _storeData($current_item, $course_id, $content_parent_id)
 {
     $ContentDAO = self::getInstance();
     $url = explode('home/course', $current_item->text);
     $uri = $GLOBALS['_config']['transformable_uri'] . 'home/course' . $url[1];
     $current_item->text = $uri;
     $current_item->content_path = $uri;
     if ($current_item->content_type == 0) {
         $current_item->content_type = 2;
         $current_item->formatting = 2;
     }
     $ContentDAO->Create($course_id, $content_parent_id, $current_item->ordering, $current_item->revision, $current_item->formatting, $current_item->keywords, $current_item->content_path, $current_item->title, $current_item->text, $current_item->head, $current_item->use_customized_head, $current_item->test_message, $current_item->content_type);
     return at_insert_id();
 }
Example #27
0
 }
 if ($_POST['website'] == 'http://') {
     $_POST['website'] = '';
 }
 $_POST['postal'] = strtoupper(trim($_POST['postal']));
 if (isset($_POST['private_email'])) {
     $_POST['private_email'] = 1;
 } else {
     $_POST['private_email'] = 0;
 }
 $now = date('Y-m-d H:i:s');
 // we use this later for the email confirmation.
 /* insert into the db. (the last 0 for status) */
 $sql = "INSERT INTO %smembers \n\t\t    VALUES (NULL,\n\t\t        '{$_POST['login']}',\n\t\t        '{$_POST['password']}',\n\t\t        '{$_POST['email']}',\n\t\t        '{$_POST['website']}',\n\t\t        '{$_POST['first_name']}', \n\t\t        '{$_POST['second_name']}', \n\t\t        '{$_POST['last_name']}', \n\t\t        '{$dob}', \n\t\t        '{$_POST['gender']}', \n\t\t        '{$_POST['address']}',\n\t\t        '{$_POST['postal']}',\n\t\t        '{$_POST['city']}',\n\t\t        '{$_POST['province']}',\n\t\t        '{$_POST['country']}', \n\t\t        '{$_POST['phone']}',\n\t\t        {$_POST['status']}, \n\t\t        '{$_config['pref_defaults']}', \n\t\t        '{$now}',\n\t\t        '{$_config['default_language']}', \n\t\t        {$_config['pref_inbox_notify']}, \n\t\t        {$_POST['private_email']}, \n\t\t        '0000-00-00 00:00:00')";
 $result = queryDB($sql, array(TABLE_PREFIX));
 $m_id = at_insert_id();
 if ($result == 0) {
     require AT_INCLUDE_PATH . 'header.inc.php';
     $msg->addError('DB_NOT_UPDATED');
     $msg->printAll();
     require AT_INCLUDE_PATH . 'footer.inc.php';
     exit;
 }
 if (defined('AT_MASTER_LIST') && AT_MASTER_LIST) {
     $student_id = $addslashes($_POST['student_id']);
     $student_pin = md5($addslashes($_POST['student_pin']));
     if ($student_id != '') {
         $sql = "UPDATE %smaster_list SET member_id=%d WHERE public_field='%s'";
         $result = queryDB($sql, array(TABLE_PREFIX, $m_id, $student_id));
         if ($result > 0) {
             $sql = "REPLACE INTO %smaster_list VALUES ('%s', '%s', %d)";
Example #28
0
 /**
  * This function is to import a test and returns the test id.
  * @param	string	custmom test title
  *
  * @return	int		test id
  */
 function importTest($title = '')
 {
     global $msg, $db;
     $missing_fields = array();
     $test_obj['title'] = $title == '' ? $this->title : $title;
     $test_obj['description'] = '';
     $test_obj['num_questions'] = 0;
     $test_obj['num_takes'] = 0;
     $test_obj['content_id'] = 0;
     $test_obj['passpercent'] = 0;
     $test_obj['passscore'] = 0;
     $test_obj['passfeedback'] = 0;
     $test_obj['failfeedback'] = 0;
     $test_obj['num_takes'] = 0;
     $test_obj['anonymous'] = 0;
     $test_obj['allow_guests'] = $_POST['allow_guests'] ? 1 : 0;
     $test_obj['instructions'] = '';
     $test_obj['display'] = 0;
     $test_obj['result_release'] = 0;
     $test_obj['random'] = 0;
     // currently these options are ignored for tests:
     $test_obj['format'] = intval($test_obj['format']);
     $test_obj['order'] = 1;
     //intval($test_obj['order']);
     $test_obj['difficulty'] = 0;
     //intval($test_obj['difficulty']); 	/* avman */
     //Title of the test is empty, could be from question database export or some other system's export.
     //Either prompt for a title, or generate a random title
     if ($test_obj['title'] == '') {
         if ($this->title != '') {
             $test_obj['title'] = $this->title;
         } else {
             //set marks to 0 if no title?
             $this->weights = array();
         }
     }
     $day_start = intval(date('j'));
     $month_start = intval(date('n'));
     $year_start = intval(date('Y'));
     $hour_start = intval(date('G'));
     $min_start = intval(date('i'));
     $day_end = $day_start;
     $month_end = $month_start;
     $year_end = $year_start;
     //as of Oct 21,09. Check http://www.atutor.ca/atutor/mantis/view.php?id=3961
     $hour_end = $hour_start;
     $min_end = $min_start;
     if (!checkdate($month_start, $day_start, $year_start)) {
         $msg->addError('START_DATE_INVALID');
     }
     if (!checkdate($month_end, $day_end, $year_end)) {
         $msg->addError('END_DATE_INVALID');
     }
     if (mktime($hour_end, $min_end, 0, $month_end, $day_end, $year_end) < mktime($hour_start, $min_start, 0, $month_start, $day_start, $year_start)) {
         $msg->addError('END_DATE_INVALID');
     }
     if (!$msg->containsErrors()) {
         if (strlen($month_start) == 1) {
             $month_start = "0{$month_start}";
         }
         if (strlen($day_start) == 1) {
             $day_start = "0{$day_start}";
         }
         if (strlen($hour_start) == 1) {
             $hour_start = "0{$hour_start}";
         }
         if (strlen($min_start) == 1) {
             $min_start = "0{$min_start}";
         }
         if (strlen($month_end) == 1) {
             $month_end = "0{$month_end}";
         }
         if (strlen($day_end) == 1) {
             $day_end = "0{$day_end}";
         }
         if (strlen($hour_end) == 1) {
             $hour_end = "0{$hour_end}";
         }
         if (strlen($min_end) == 1) {
             $min_end = "0{$min_end}";
         }
         $start_date = "{$year_start}-{$month_start}-{$day_start} {$hour_start}:{$min_start}:00";
         $end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
         //If title exceeded database defined length, truncate it.
         $test_obj['title'] = validate_length($test_obj['title'], 100);
         $sql_params = array($_SESSION['course_id'], $test_obj['title'], $test_obj['description'], $test_obj['format'], $start_date, $end_date, $test_obj['order'], $test_obj['num_questions'], $test_obj['instructions'], $test_obj['content_id'], $test_obj['passscore'], $test_obj['passpercent'], $test_obj['passfeedback'], $test_obj['failfeedback'], $test_obj['result_release'], $test_obj['random'], $test_obj['difficulty'], $test_obj['num_takes'], $test_obj['anonymous'], '', $test_obj['allow_guests'], $test_obj['display']);
         $sql = vsprintf(AT_SQL_TEST, $sql_params);
         $sql = str_replace("%", "%%", $sql);
         $result = queryDB($sql, array());
         $tid = at_insert_id();
     }
     return $tid;
 }
Example #29
0
     $sql = "UPDATE %sfiles SET file_name='%s', description='%s', num_comments=num_comments+%d, date=date WHERE file_id=%d AND owner_type=%d AND owner_id=%d";
     queryDB($sql, array(TABLE_PREFIX, $_POST['name'], $_POST['description'], $num_comments, $_POST['id'], $owner_type, $owner_id));
 } else {
     // this file is editable, and has changed
     $size = strlen($_POST['body']);
     if ($_POST['comment']) {
         $num_comments = 1;
     } else {
         $num_comments = 0;
     }
     $sql = "SELECT * FROM %sfiles WHERE file_id=%d AND owner_type=%d AND owner_id=%d";
     $row = queryDB($sql, array(TABLE_PREFIX, $_POST['id'], $owner_type, $owner_id), TRUE);
     if ($_config['fs_versioning']) {
         $sql = "INSERT INTO %sfiles VALUES (NULL, %d, %d, %d, %d, 0, NOW(), %d, %d+1, '%s', %d, '%s')";
         $result = queryDB($sql, array(TABLE_PREFIX, $row['owner_type'], $row['owner_id'], $_SESSION['member_id'], $row['folder_id'], $num_comments, $row['num_revisions'], $_POST['name'], $size, $_POST['description']));
         $file_id = at_insert_id();
         $file_path = fs_get_file_path($file_id);
         if ($fp = fopen($file_path . $file_id, 'wb')) {
             ftruncate($fp, 0);
             fwrite($fp, $_POST['body'], $size);
             fclose($fp);
             $sql = "UPDATE %sfiles SET parent_file_id=%d, date=date WHERE file_id=%d AND owner_type=%d AND owner_id=%d";
             $result = queryDB($sql, array(TABLE_PREFIX, $file_id, $_POST[id], $owner_type, $owner_id));
             if ($_POST['comment']) {
                 $sql = "INSERT INTO %sfiles_comments VALUES (NULL, %d, %d, NOW(), '%s')";
                 queryDB($sql, array(TABLE_PREFIX, $file_id, $_SESSION['member_id'], $_POST['comment']));
             }
         }
     } else {
         $file_path = fs_get_file_path($_POST['id']);
         if ($fp = fopen($file_path . $_POST['id'], 'wb')) {
Example #30
0
 }
 if (!$msg->containsErrors()) {
     $_POST['description'] = $addslashes(trim($_POST['description']));
     $_POST['comment'] = $addslashes(trim($_POST['comment']));
     $_POST['name'] = $addslashes($_POST['name']);
     $_POST['body'] = $stripslashes($_POST['body']);
     // file gets saved to disk not db, so no need to escape.
     if ($_POST['comment']) {
         $num_comments = 1;
     } else {
         $num_comments = 0;
     }
     $size = strlen($_POST['body']);
     $sql = "INSERT INTO %sfiles VALUES (NULL, %d, %d, %d, %d, 0, NOW(), %d, 0, '%s',%d, '%s')";
     $result = queryDB($sql, array(TABLE_PREFIX, $owner_type, $owner_id, $_SESSION['member_id'], $parent_folder_id, $num_comments, $_POST['name'], $size, $_POST['description']));
     if ($result > 0 && ($file_id = at_insert_id())) {
         $file_path = fs_get_file_path($file_id) . $file_id;
         $fp = fopen($file_path, 'wb');
         fwrite($fp, $_POST['body'], $size);
         fclose($fp);
         // check if this file name already exists
         $sql = "SELECT file_id, num_revisions FROM %sfiles WHERE owner_type=%d AND owner_id=%d AND folder_id=%d AND file_id<>%d AND file_name='%s' AND parent_file_id=0 ORDER BY file_id DESC LIMIT 1";
         $rows_revisions = queryDB($sql, array(TABLE_PREFIX, $owner_type, $owner_id, $parent_folder_id, $file_id, $_POST['name']));
         if (count($rows_revisions) > 0) {
             if ($_config['fs_versioning']) {
                 $sql = "UPDATE %sfiles SET parent_file_id=%d, date=date WHERE file_id=%d";
                 $result = queryDB($sql, array(TABLE_PREFIX, $file_id, $row['file_id']));
                 $sql = "UPDATE %sfiles SET num_revisions=%d+1, date=date WHERE file_id=%d";
                 $result = queryDB($sql, array(TABLE_PREFIX, $row['num_revisions'], $file_id));
             } else {
                 fs_delete_file($row['file_id'], $owner_type, $owner_id);