/**
* Move/ Delete the document in the seession
* @return void|Object
*/
function procDocumentManageCheckedDocument()
{
@set_time_limit(0);
if (!Context::get('is_logged')) {
return new Object(-1, 'msg_not_permitted');
}
if (!checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
$type = Context::get('type');
$target_module = Context::get('target_module');
$module_srl = Context::get('module_srl');
if ($target_module && !$module_srl) {
$module_srl = $target_module;
}
$category_srl = Context::get('target_category');
// send default message - misol 2015-07-23
$send_default_message = Context::get('send_default_message');
if ($send_default_message === 'Y') {
$logged_info = Context::get('logged_info');
$message_content = '';
$default_message_verbs = lang('default_message_verbs');
if (isset($default_message_verbs[$type]) && is_string($default_message_verbs[$type])) {
$message_content = sprintf(lang('default_message_format'), $logged_info->nick_name, $default_message_verbs[$type]);
}
} else {
$message_content = Context::get('message_content');
if ($message_content) {
$message_content = nl2br($message_content);
}
}
$cart = Context::get('cart');
if (!is_array($cart)) {
$document_srl_list = explode('|@|', $cart);
} else {
$document_srl_list = $cart;
}
$document_srl_count = count($document_srl_list);
$oDocumentModel = getModel('document');
$document_items = array();
foreach ($document_srl_list as $document_srl) {
$oDocument = $oDocumentModel->getDocument($document_srl);
$document_items[] = $oDocument;
if (!$oDocument->isGranted()) {
return $this->stop('msg_not_permitted');
}
}
// Set a spam-filer not to be filtered to spams
$oSpamController = getController('spamfilter');
$oSpamController->setAvoidLog();
$oDocumentAdminController = getAdminController('document');
if ($type == 'move') {
if (!$module_srl) {
return new Object(-1, 'fail_to_move');
}
$output = $oDocumentAdminController->moveDocumentModule($document_srl_list, $module_srl, $category_srl);
if (!$output->toBool()) {
return new Object(-1, 'fail_to_move');
}
$msg_code = 'success_moved';
} else {
if ($type == 'copy') {
if (!$module_srl) {
return new Object(-1, 'fail_to_move');
}
$output = $oDocumentAdminController->copyDocumentModule($document_srl_list, $module_srl, $category_srl);
if (!$output->toBool()) {
return new Object(-1, 'fail_to_move');
}
$msg_code = 'success_copied';
} else {
if ($type == 'delete') {
$oDB =& DB::getInstance();
$oDB->begin();
for ($i = 0; $i < $document_srl_count; $i++) {
$document_srl = $document_srl_list[$i];
$output = $this->deleteDocument($document_srl, true);
if (!$output->toBool()) {
return new Object(-1, 'fail_to_delete');
}
}
$oDB->commit();
$msg_code = 'success_deleted';
} else {
if ($type == 'trash') {
$args = new stdClass();
$args->description = $message_content;
$oDB =& DB::getInstance();
$oDB->begin();
for ($i = 0; $i < $document_srl_count; $i++) {
$args->document_srl = $document_srl_list[$i];
$output = $this->moveDocumentToTrash($args);
if (!$output || !$output->toBool()) {
return new Object(-1, 'fail_to_trash');
}
}
$oDB->commit();
$msg_code = 'success_trashed';
} else {
if ($type == 'cancelDeclare') {
$args = new stdClass();
$args->document_srl = $document_srl_list;
$output = executeQuery('document.deleteDeclaredDocuments', $args);
$msg_code = 'success_declare_canceled';
}
}
}
}
}
// Send a message
if ($message_content) {
$oCommunicationController = getController('communication');
$logged_info = Context::get('logged_info');
$title = cut_str($message_content, 10, '...');
$sender_member_srl = $logged_info->member_srl;
foreach ($document_items as $oDocument) {
if (!$oDocument->get('member_srl') || $oDocument->get('member_srl') == $sender_member_srl) {
continue;
}
if ($type == 'move') {
$purl = sprintf("<a href=\"%s\" onclick=\"window.open(this.href);return false;\" style=\"padding:10px 0;\">%s</a><hr />", $oDocument->getPermanentUrl(), $oDocument->getPermanentUrl());
} else {
$purl = "";
}
$content = sprintf("<div style=\"padding:10px 0;\"><p>%s</p></div><hr />%s<div style=\"padding:10px 0;font-weight:bold\">%s</div>%s", $message_content, $purl, $oDocument->getTitleText(), $oDocument->getContent(false, false, false));
$oCommunicationController->sendMessage($sender_member_srl, $oDocument->get('member_srl'), $title, $content, false);
}
}
$_SESSION['document_management'] = array();
$this->setMessage($msg_code);
$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'module', 'admin', 'act', 'dispDocumentAdminList');
$this->setRedirectUrl($returnUrl);
}
/**
* Add a user (Administrator)
* @return void|Object (void : success, Object : fail)
*/
function procMemberAdminInsert()
{
// if(Context::getRequestMethod() == "GET") return new Object(-1, "msg_invalid_request");
// Extract the necessary information in advance
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin != 'Y' || !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
$args = Context::gets('member_srl', 'email_address', 'find_account_answer', 'allow_mailing', 'allow_message', 'denied', 'is_admin', 'description', 'group_srl_list', 'limit_date');
$oMemberModel =& getModel('member');
$config = $oMemberModel->getMemberConfig();
$getVars = array();
if ($config->signupForm) {
foreach ($config->signupForm as $formInfo) {
if ($formInfo->isDefaultForm && ($formInfo->isUse || $formInfo->required || $formInfo->mustRequired)) {
$getVars[] = $formInfo->name;
}
}
}
foreach ($getVars as $val) {
$args->{$val} = Context::get($val);
}
$args->member_srl = Context::get('member_srl');
if (Context::get('reset_password')) {
$args->password = Context::get('reset_password');
} else {
unset($args->password);
}
// Remove some unnecessary variables from all the vars
$all_args = Context::getRequestVars();
unset($all_args->module);
unset($all_args->act);
unset($all_args->mid);
unset($all_args->error_return_url);
unset($all_args->success_return_url);
unset($all_args->ruleset);
if (!isset($args->limit_date)) {
$args->limit_date = "";
}
unset($all_args->password);
unset($all_args->password2);
unset($all_args->reset_password);
// Add extra vars after excluding necessary information from all the requested arguments
$extra_vars = delObjectVars($all_args, $args);
$args->extra_vars = serialize($extra_vars);
// Check if an original member exists having the member_srl
if ($args->member_srl) {
// Create a member model object
$oMemberModel = getModel('member');
// Get memebr profile
$columnList = array('member_srl');
$member_info = $oMemberModel->getMemberInfoByMemberSrl($args->member_srl, 0, $columnList);
// If no original member exists, make a new one
if ($member_info->member_srl != $args->member_srl) {
unset($args->member_srl);
}
}
// remove whitespace
$checkInfos = array('user_id', 'nick_name', 'email_address');
$replaceStr = array("\r\n", "\r", "\n", " ", "\t", "");
foreach ($checkInfos as $val) {
if (isset($args->{$val})) {
$args->{$val} = str_replace($replaceStr, '', $args->{$val});
}
}
$oMemberController = getController('member');
// Execute insert or update depending on the value of member_srl
if (!$args->member_srl) {
$args->password = Context::get('password');
$output = $oMemberController->insertMember($args);
$msg_code = 'success_registed';
} else {
$output = $oMemberController->updateMember($args);
$msg_code = 'success_updated';
}
if (!$output->toBool()) {
return $output;
}
// Save Signature
$signature = Context::get('signature');
$oMemberController->putSignature($args->member_srl, $signature);
// Return result
$this->add('member_srl', $args->member_srl);
$this->setMessage($msg_code);
$profile_image = $_FILES['profile_image'];
if (is_uploaded_file($profile_image['tmp_name'])) {
$oMemberController->insertProfileImage($args->member_srl, $profile_image['tmp_name']);
}
$image_mark = $_FILES['image_mark'];
if (is_uploaded_file($image_mark['tmp_name'])) {
$oMemberController->insertImageMark($args->member_srl, $image_mark['tmp_name']);
}
$image_name = $_FILES['image_name'];
if (is_uploaded_file($image_name['tmp_name'])) {
$oMemberController->insertImageName($args->member_srl, $image_name['tmp_name']);
}
$returnUrl = Context::get('success_return_url') ? Context::get('success_return_url') : getNotEncodedUrl('', 'module', 'admin', 'act', 'dispMemberAdminList');
$this->setRedirectUrl($returnUrl);
}
/**
* Fix the comment
* @param object $obj
* @param bool $is_admin
* @param bool $manual_updated
* @return object
*/
function updateComment($obj, $is_admin = FALSE, $manual_updated = FALSE)
{
if (!$manual_updated && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
if (!is_object($obj)) {
$obj = new stdClass();
}
$obj->__isupdate = TRUE;
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.updateComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// create a comment model object
$oCommentModel = getModel('comment');
// get the original data
$source_obj = $oCommentModel->getComment($obj->comment_srl);
if (!$source_obj->getMemberSrl()) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
// check if permission is granted
if (!$is_admin && !$source_obj->isGranted()) {
return new Object(-1, 'msg_not_permitted');
}
if ($obj->password) {
$obj->password = getModel('member')->hashPassword($obj->password);
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
// set modifier's information if logged-in and posting author and modifier are matched.
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($source_obj->member_srl == $logged_info->member_srl) {
$obj->member_srl = $logged_info->member_srl;
$obj->user_name = $logged_info->user_name;
$obj->nick_name = $logged_info->nick_name;
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// if nick_name of the logged-in author doesn't exist
if ($source_obj->get('member_srl') && !$obj->nick_name) {
$obj->member_srl = $source_obj->get('member_srl');
$obj->user_name = $source_obj->get('user_name');
$obj->nick_name = $source_obj->get('nick_name');
$obj->email_address = $source_obj->get('email_address');
$obj->homepage = $source_obj->get('homepage');
}
if (!$obj->content) {
$obj->content = $source_obj->get('content');
}
// remove XE's wn tags from contents
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
if (Mobile::isFromMobilePhone()) {
if ($obj->use_html != 'Y') {
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
$obj->content = nl2br($obj->content);
}
// remove iframe and script if not a top administrator on the session
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
// begin transaction
$oDB = DB::getInstance();
$oDB->begin();
// Update
$output = executeQuery('comment.updateComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// call a trigger (after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.updateComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
$output->add('comment_srl', $obj->comment_srl);
return $output;
}
/**
* Handle launch and/or set up the LTI session and global variables
*
* Make sure we have the values we need in the LTI session
* This routine will not start a session if none exists. It will
* die is there if no session_name() (PHPSESSID) cookie or
* parameter. No need to create any fresh sessions here.
*
* @param $needed (optional, mixed) Indicates which of
* the data structures are * needed. If this is omitted,
* this assumes that CONTEXT, LINK, and USER data are required.
* If LTIX::NONE is present, then none of the three are rquired.
* If some combination of the three are needed, this accepts
* an array of the LTIX::CONTEXT, LTIX: LINK, and LTIX::USER
* can be passed in.
*
*/
public static function requireData($needed = self::ALL)
{
global $CFG, $USER, $CONTEXT, $LINK;
if ($needed == self::NONE) {
$needed = array();
}
if ($needed == self::ALL) {
$needed = array(self::CONTEXT, self::LINK, self::USER);
}
if (is_string($needed)) {
$needed = array($needed);
}
// Check if we are processing an LTI launch. If so, handle it
self::launchCheck();
// Check to see if the session already exists.
$sess = session_name();
if (ini_get('session.use_cookies') != '0') {
if (!isset($_COOKIE[$sess])) {
send403();
die_with_error_log("Missing session cookie - please re-launch");
}
} else {
// non-cookie session
if (isset($_POST[$sess]) || isset($_GET[$sess])) {
// We tried to set a session..
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
send403();
die_with_error_log('Missing ' . $sess . ' from POST data');
} else {
send403();
die_with_error_log('This tool should be launched from a learning system using LTI');
}
}
}
// Start a session if it has not been started..
if (session_id() == "") {
session_start();
// Should reassociate
}
// This happens from time to time when someone closes and reopens a laptop
// Or their computer goes to sleep and wakes back up hours later.
// So it is just a warning - nothing much we can do except tell them.
if (!isset($_SESSION['lti'])) {
// $debug = safe_var_dump($_SESSION);
// error_log($debug);
send403();
error_log('Session expired - please re-launch ' . session_id());
die('Session expired - please re-launch');
// with error_log
}
// Check the referrer...
$trusted = checkReferer() || checkCSRF();
// Check to see if we switched browsers or IP addresses
// TODO: Change these to warnings once we get more data
if (!$trusted && isset($_SESSION['HTTP_USER_AGENT'])) {
if (!isset($_SERVER['HTTP_USER_AGENT']) || $_SESSION['HTTP_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) {
send403();
die_with_error_log("Session has expired", " " . session_id() . " HTTP_USER_AGENT " . $_SESSION['HTTP_USER_AGENT'] . ' ::: ' . isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'Empty user agent', 'DIE:');
}
}
// We only check the first three octets as some systems wander throught the addresses on
// class C - Perhaps it is even NAT - who knows - but we forgive those on the same Class C
if (!$trusted && isset($_SESSION['REMOTE_ADDR']) && isset($_SERVER['REMOTE_ADDR'])) {
$sess_pieces = explode('.', $_SESSION['REMOTE_ADDR']);
$serv_pieces = explode('.', $_SERVER['REMOTE_ADDR']);
if (count($sess_pieces) == 4 && count($serv_pieces) == 4) {
if ($sess_pieces[0] != $serv_pieces[0] || $sess_pieces[1] != $serv_pieces[1] || $sess_pieces[2] != $serv_pieces[2]) {
send403();
die_with_error_log('Session address has expired', " " . session_id() . " REMOTE_ADDR " . $_SESSION['REMOTE_ADDR'] . ' ' . $_SERVER['REMOTE_ADDR'], 'DIE:');
}
}
}
// Check to see if the user has navigated to a new place in the hierarchy
if (isset($_SESSION['script_path']) && getScriptPath() != 'core/blob' && strpos(getScriptPath(), $_SESSION['script_path']) !== 0) {
send403();
die_with_error_log('Improper navigation detected', " " . session_id() . " script_path " . $_SESSION['script_path'] . ' / ' . getScriptPath(), 'DIE:');
}
$LTI = $_SESSION['lti'];
if (is_array($needed)) {
foreach ($needed as $feature) {
if (isset($LTI[$feature])) {
continue;
}
die_with_error_log("This tool requires an LTI launch parameter:" . $feature);
}
}
// Check to see if the session needs to be extended due to this request
checkHeartBeat();
// Restart the number of continuous heartbeats
$_SESSION['HEARTBEAT_COUNT'] = 0;
// Populate the $USER $CONTEXT and $LINK objects
if (isset($LTI['user_id']) && !is_object($USER)) {
$USER = new \Tsugi\Core\User();
$USER->id = $LTI['user_id'];
if (isset($LTI['user_email'])) {
$USER->email = $LTI['user_email'];
}
if (isset($LTI['user_displayname'])) {
$USER->displayname = $LTI['user_displayname'];
$pieces = explode(' ', $USER->displayname);
if (count($pieces) > 0) {
$USER->firstname = $pieces[0];
}
if (count($pieces) > 1) {
$USER->lastname = $pieces[count($pieces) - 1];
}
}
$USER->instructor = isset($LTI['role']) && $LTI['role'] != 0;
}
if (isset($LTI['context_id']) && !is_object($CONTEXT)) {
$CONTEXT = new \Tsugi\Core\Context();
$CONTEXT->id = $LTI['context_id'];
if (isset($LTI['context_title'])) {
$CONTEXT->title = $LTI['context_title'];
}
}
if (isset($LTI['link_id']) && !is_object($LINK)) {
$LINK = new \Tsugi\Core\Link();
$LINK->id = $LTI['link_id'];
if (isset($LTI['grade'])) {
$LINK->grade = $LTI['grade'];
}
if (isset($LTI['link_title'])) {
$LINK->title = $LTI['link_title'];
}
if (isset($LTI['result_id'])) {
$LINK->result_id = $LTI['result_id'];
}
}
// Return the LTI structure
return $LTI;
}
$email = str_normalize($validator->optionalPostVar('email'));
$title = trim($validator->optionalPostVar('title'));
$rm_groups = $validator->optionalPostVar('remove_groups');
$add_groups = $validator->optionalPostVar('add_groups');
$enabled = $validator->optionalPostVar('enabled');
$primary_group_id = $validator->optionalPostVar('primary_group_id');
// For updating passwords. The user's current password must also be included (passwordcheck) if they are resetting their own password.
$password = $validator->optionalPostVar('password');
$passwordc = $validator->optionalPostVar('passwordc');
$passwordcheck = $validator->optionalPostVar('passwordcheck');
// Add alerts for any failed input validation
foreach ($validator->errors as $error) {
addAlert("danger", $error);
}
// Validate csrf token
checkCSRF($ajax, $csrf_token);
if (count($validator->errors) > 0) {
apiReturnError($ajax, getReferralPage());
}
// Special case to update the logged in user (self)
$self = false;
if ($user_id == "0") {
$self = true;
$user_id = $loggedInUser->user_id;
}
//Check if selected user exists
if (!$user_id or !userIdExists($user_id)) {
addAlert("danger", lang("ACCOUNT_INVALID_USER_ID"));
apiReturnError($ajax, getReferralPage());
}
$userdetails = fetchUserAuthById($user_id);
<?php
session_start();
include_once "testlogin.php";
redirectIfNotLoggedIn("https://127.0.0.1/");
?>
<html>
<body>
<?php
include_once "../nonPublic/csrftoken.php";
if (!checkCSRF()) {
if (!function_exists("redirect")) {
function redirect($url)
{
$h = "Location: " . $url;
header($h);
die;
}
redirect("https://127.0.0.1/searchView.php");
}
}
//Visa valda produkter.
echo "If confirmed, the following items will be purchased:<br/>";
echo "<table>";
for ($x = 1; $x <= $_SESSION['purchaseNbr']; $x++) {
$username = $_SESSION["username"];
$itemId = $_SESSION["purchasesId" . $x];
$itemName = $_SESSION["purchases" . $x];
echo "<tr><th> " . $itemName . " </th>";
/**
* Enter comments
* @param object $obj
* @param bool $manual_inserted
* @return object
*/
function insertComment($obj, $manual_inserted = FALSE)
{
if (!$manual_inserted && !checkCSRF()) {
return new Object(-1, 'msg_invalid_request');
}
if (!is_object($obj)) {
$obj = new stdClass();
}
// check if comment's module is using comment validation and set the publish status to 0 (false)
// for inserting query, otherwise default is 1 (true - means comment is published)
$using_validation = $this->isModuleUsingPublishValidation($obj->module_srl);
if (!$manual_inserted) {
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin == 'Y') {
$is_admin = TRUE;
} else {
$is_admin = FALSE;
}
}
} else {
$is_admin = FALSE;
}
if (!$using_validation) {
$obj->status = 1;
} else {
if ($is_admin) {
$obj->status = 1;
} else {
$obj->status = 0;
}
}
$obj->__isupdate = FALSE;
// call a trigger (before)
$output = ModuleHandler::triggerCall('comment.insertComment', 'before', $obj);
if (!$output->toBool()) {
return $output;
}
// check if a posting of the corresponding document_srl exists
$document_srl = $obj->document_srl;
if (!$document_srl) {
return new Object(-1, 'msg_invalid_document');
}
// get a object of document model
$oDocumentModel = getModel('document');
// even for manual_inserted if password exists, hash it.
if ($obj->password) {
$obj->password = getModel('member')->hashPassword($obj->password);
}
// get the original posting
if (!$manual_inserted) {
$oDocument = $oDocumentModel->getDocument($document_srl);
if ($document_srl != $oDocument->document_srl) {
return new Object(-1, 'msg_invalid_document');
}
if ($oDocument->isLocked()) {
return new Object(-1, 'msg_invalid_request');
}
if ($obj->homepage) {
$obj->homepage = removeHackTag($obj->homepage);
if (!preg_match('/^[a-z]+:\\/\\//i', $obj->homepage)) {
$obj->homepage = 'http://' . $obj->homepage;
}
}
// input the member's information if logged-in
if (Context::get('is_logged')) {
$logged_info = Context::get('logged_info');
$obj->member_srl = $logged_info->member_srl;
// user_id, user_name and nick_name already encoded
$obj->user_id = htmlspecialchars_decode($logged_info->user_id);
$obj->user_name = htmlspecialchars_decode($logged_info->user_name);
$obj->nick_name = htmlspecialchars_decode($logged_info->nick_name);
$obj->email_address = $logged_info->email_address;
$obj->homepage = $logged_info->homepage;
}
}
// error display if neither of log-in info and user name exist.
if (!$logged_info->member_srl && !$obj->nick_name) {
return new Object(-1, 'msg_invalid_request');
}
if (!$obj->comment_srl) {
$obj->comment_srl = getNextSequence();
} elseif (!$is_admin && !$manual_inserted && !checkUserSequence($obj->comment_srl)) {
return new Object(-1, 'msg_not_permitted');
}
// determine the order
$obj->list_order = getNextSequence() * -1;
// remove XE's own tags from the contents
$obj->content = preg_replace('!<\\!--(Before|After)(Document|Comment)\\(([0-9]+),([0-9]+)\\)-->!is', '', $obj->content);
if (Mobile::isFromMobilePhone()) {
if ($obj->use_html != 'Y') {
$obj->content = htmlspecialchars($obj->content, ENT_COMPAT | ENT_HTML401, 'UTF-8', false);
}
$obj->content = nl2br($obj->content);
}
if (!$obj->regdate) {
$obj->regdate = date("YmdHis");
}
// remove iframe and script if not a top administrator on the session.
if ($logged_info->is_admin != 'Y') {
$obj->content = removeHackTag($obj->content);
}
if (!$obj->notify_message) {
$obj->notify_message = 'N';
}
if (!$obj->is_secret) {
$obj->is_secret = 'N';
}
// begin transaction
$oDB = DB::getInstance();
$oDB->begin();
// Enter a list of comments first
$list_args = new stdClass();
$list_args->comment_srl = $obj->comment_srl;
$list_args->document_srl = $obj->document_srl;
$list_args->module_srl = $obj->module_srl;
$list_args->regdate = $obj->regdate;
// If parent comment doesn't exist, set data directly
if (!$obj->parent_srl) {
$list_args->head = $list_args->arrange = $obj->comment_srl;
$list_args->depth = 0;
// If parent comment exists, get information of the parent comment
} else {
// get information of the parent comment posting
$parent_args = new stdClass();
$parent_args->comment_srl = $obj->parent_srl;
$parent_output = executeQuery('comment.getCommentListItem', $parent_args);
// return if no parent comment exists
if (!$parent_output->toBool() || !$parent_output->data) {
return;
}
$parent = $parent_output->data;
$list_args->head = $parent->head;
$list_args->depth = $parent->depth + 1;
// if the depth of comments is less than 2, execute insert.
if ($list_args->depth < 2) {
$list_args->arrange = $obj->comment_srl;
// if the depth of comments is greater than 2, execute update.
} else {
// get the top listed comment among those in lower depth and same head with parent's.
$p_args = new stdClass();
$p_args->head = $parent->head;
$p_args->arrange = $parent->arrange;
$p_args->depth = $parent->depth;
$output = executeQuery('comment.getCommentParentNextSibling', $p_args);
if ($output->data->arrange) {
$list_args->arrange = $output->data->arrange;
$output = executeQuery('comment.updateCommentListArrange', $list_args);
} else {
$list_args->arrange = $obj->comment_srl;
}
}
}
$output = executeQuery('comment.insertCommentList', $list_args);
if (!$output->toBool()) {
return $output;
}
// insert comment
$output = executeQuery('comment.insertComment', $obj);
if (!$output->toBool()) {
$oDB->rollback();
return $output;
}
// creat the comment model object
$oCommentModel = getModel('comment');
// get the number of all comments in the posting
$comment_count = $oCommentModel->getCommentCount($document_srl);
// create the controller object of the document
$oDocumentController = getController('document');
// Update the number of comments in the post
if (!$using_validation) {
$output = $oDocumentController->updateCommentCount($document_srl, $comment_count, $obj->nick_name, TRUE);
} else {
if ($is_admin) {
$output = $oDocumentController->updateCommentCount($document_srl, $comment_count, $obj->nick_name, TRUE);
}
}
// grant autority of the comment
if (!$manual_inserted) {
$this->addGrant($obj->comment_srl);
}
// call a trigger(after)
if ($output->toBool()) {
$trigger_output = ModuleHandler::triggerCall('comment.insertComment', 'after', $obj);
if (!$trigger_output->toBool()) {
$oDB->rollback();
return $trigger_output;
}
}
// commit
$oDB->commit();
if (!$manual_inserted) {
// send a message if notify_message option in enabled in the original article
$oDocument->notify(Context::getLang('comment'), $obj->content);
// send a message if notify_message option in enabled in the original comment
if ($obj->parent_srl) {
$oParent = $oCommentModel->getComment($obj->parent_srl);
if ($oParent->get('member_srl') != $oDocument->get('member_srl')) {
$oParent->notify(Context::getLang('comment'), $obj->content);
}
}
}
$this->sendEmailToAdminAfterInsertComment($obj);
$output->add('comment_srl', $obj->comment_srl);
return $output;
}
/**
* get a module instance and execute an action
* @return ModuleObject executed module instance
* */
function procModule()
{
$oModuleModel = getModel('module');
$display_mode = Mobile::isFromMobilePhone() ? 'mobile' : 'view';
// If error occurred while preparation, return a message instance
if ($this->error) {
$this->_setInputErrorToContext();
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
if ($this->httpStatusCode) {
$oMessageObject->setHttpStatusCode($this->httpStatusCode);
}
return $oMessageObject;
}
// Get action information with conf/module.xml
$xml_info = $oModuleModel->getModuleActionXml($this->module);
// If not installed yet, modify act
if ($this->module == "install") {
if (!$this->act || !$xml_info->action->{$this->act}) {
$this->act = $xml_info->default_index_act;
}
}
// if act exists, find type of the action, if not use default index act
if (!$this->act) {
$this->act = $xml_info->default_index_act;
}
// still no act means error
if (!$this->act) {
$this->error = 'msg_module_is_not_exists';
$this->httpStatusCode = '404';
$this->_setInputErrorToContext();
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
if ($this->httpStatusCode) {
$oMessageObject->setHttpStatusCode($this->httpStatusCode);
}
return $oMessageObject;
}
// get type, kind
$type = $xml_info->action->{$this->act}->type;
$ruleset = $xml_info->action->{$this->act}->ruleset;
$kind = stripos($this->act, 'admin') !== FALSE ? 'admin' : '';
if (!$kind && $this->module == 'admin') {
$kind = 'admin';
}
// check REQUEST_METHOD in controller
if ($type == 'controller') {
$allowedMethod = $xml_info->action->{$this->act}->method;
if (!$allowedMethod) {
$allowedMethodList[0] = 'POST';
} else {
$allowedMethodList = explode('|', strtoupper($allowedMethod));
}
if (!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList)) {
$this->error = "msg_invalid_request";
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
if ($this->module_info->use_mobile != "Y") {
Mobile::setMobile(FALSE);
}
$logged_info = Context::get('logged_info');
// check CSRF for POST actions
if (Context::getRequestMethod() === 'POST' && Context::isInstalled() && $this->act !== 'procFileUpload' && !checkCSRF()) {
$this->error = 'msg_invalid_request';
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
// Admin ip
if ($kind == 'admin' && $_SESSION['denied_admin'] == 'Y') {
$this->_setInputErrorToContext();
$this->error = "msg_not_permitted_act";
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
// if(type == view, and case for using mobilephone)
if ($type == "view" && Mobile::isFromMobilePhone() && Context::isInstalled()) {
$orig_type = "view";
$type = "mobile";
// create a module instance
$oModule = $this->getModuleInstance($this->module, $type, $kind);
if (!is_object($oModule) || !method_exists($oModule, $this->act)) {
$type = $orig_type;
Mobile::setMobile(FALSE);
$oModule = $this->getModuleInstance($this->module, $type, $kind);
}
} else {
// create a module instance
$oModule = $this->getModuleInstance($this->module, $type, $kind);
}
if (!is_object($oModule)) {
$this->_setInputErrorToContext();
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
if ($this->httpStatusCode) {
$oMessageObject->setHttpStatusCode($this->httpStatusCode);
}
return $oMessageObject;
}
// If there is no such action in the module object
if (!isset($xml_info->action->{$this->act}) || !method_exists($oModule, $this->act)) {
if (!Context::isInstalled()) {
$this->_setInputErrorToContext();
$this->error = 'msg_invalid_request';
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
if ($this->httpStatusCode) {
$oMessageObject->setHttpStatusCode($this->httpStatusCode);
}
return $oMessageObject;
}
$forward = NULL;
// 1. Look for the module with action name
if (preg_match('/^([a-z]+)([A-Z])([a-z0-9\\_]+)(.*)$/', $this->act, $matches)) {
$module = strtolower($matches[2] . $matches[3]);
$xml_info = $oModuleModel->getModuleActionXml($module);
if ($xml_info->action->{$this->act} && (stripos($this->act, 'admin') !== FALSE || $xml_info->action->{$this->act}->standalone != 'false')) {
$forward = new stdClass();
$forward->module = $module;
$forward->type = $xml_info->action->{$this->act}->type;
$forward->ruleset = $xml_info->action->{$this->act}->ruleset;
$forward->act = $this->act;
} else {
$this->error = 'msg_invalid_request';
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
if (!$forward) {
$forward = $oModuleModel->getActionForward($this->act);
}
if ($forward->module && $forward->type && $forward->act && $forward->act == $this->act) {
$kind = stripos($forward->act, 'admin') !== FALSE ? 'admin' : '';
$type = $forward->type;
$ruleset = $forward->ruleset;
$tpl_path = $oModule->getTemplatePath();
$orig_module = $oModule;
$xml_info = $oModuleModel->getModuleActionXml($forward->module);
// SECISSUE also check foward act method
// check REQUEST_METHOD in controller
if ($type == 'controller') {
$allowedMethod = $xml_info->action->{$forward->act}->method;
if (!$allowedMethod) {
$allowedMethodList[0] = 'POST';
} else {
$allowedMethodList = explode('|', strtoupper($allowedMethod));
}
if (!in_array(strtoupper($_SERVER['REQUEST_METHOD']), $allowedMethodList)) {
$this->error = "msg_invalid_request";
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
if ($type == "view" && Mobile::isFromMobilePhone()) {
$orig_type = "view";
$type = "mobile";
// create a module instance
$oModule = $this->getModuleInstance($forward->module, $type, $kind);
if (!is_object($oModule) || !method_exists($oModule, $this->act)) {
$type = $orig_type;
Mobile::setMobile(FALSE);
$oModule = $this->getModuleInstance($forward->module, $type, $kind);
}
} else {
$oModule = $this->getModuleInstance($forward->module, $type, $kind);
}
if (!is_object($oModule)) {
$this->_setInputErrorToContext();
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage('msg_module_is_not_exists');
$oMessageObject->dispMessage();
if ($this->httpStatusCode) {
$oMessageObject->setHttpStatusCode($this->httpStatusCode);
}
return $oMessageObject;
}
if ($this->module == "admin" && $type == "view") {
if ($logged_info->is_admin == 'Y') {
if ($this->act != 'dispLayoutAdminLayoutModify') {
$oAdminView = getAdminView('admin');
$oAdminView->makeGnbUrl($forward->module);
$oModule->setLayoutPath("./modules/admin/tpl");
$oModule->setLayoutFile("layout.html");
}
} else {
$this->_setInputErrorToContext();
$this->error = 'msg_is_not_administrator';
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
if ($kind == 'admin') {
$grant = $oModuleModel->getGrant($this->module_info, $logged_info);
if (!$grant->manager) {
$this->_setInputErrorToContext();
$this->error = 'msg_is_not_manager';
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
} else {
if (!$grant->is_admin && $this->module != $this->orig_module->module && $xml_info->permission->{$this->act} != 'manager') {
$this->_setInputErrorToContext();
$this->error = 'msg_is_not_administrator';
$oMessageObject = ModuleHandler::getModuleInstance('message', $display_mode);
$oMessageObject->setError(-1);
$oMessageObject->setMessage($this->error);
$oMessageObject->dispMessage();
return $oMessageObject;
}
}
}
} else {
if ($xml_info->default_index_act && method_exists($oModule, $xml_info->default_index_act)) {
$this->act = $xml_info->default_index_act;
} else {
$this->error = 'msg_invalid_request';
$oModule->setError(-1);
$oModule->setMessage($this->error);
return $oModule;
}
}
}
// ruleset check...
if (!empty($ruleset)) {
$rulesetModule = $forward->module ? $forward->module : $this->module;
$rulesetFile = $oModuleModel->getValidatorFilePath($rulesetModule, $ruleset, $this->mid);
if (!empty($rulesetFile)) {
if ($_SESSION['XE_VALIDATOR_ERROR_LANG']) {
$errorLang = $_SESSION['XE_VALIDATOR_ERROR_LANG'];
foreach ($errorLang as $key => $val) {
Context::setLang($key, $val);
}
unset($_SESSION['XE_VALIDATOR_ERROR_LANG']);
}
$Validator = new Validator($rulesetFile);
$result = $Validator->validate();
if (!$result) {
$lastError = $Validator->getLastError();
$returnUrl = Context::get('error_return_url');
$errorMsg = $lastError['msg'] ? $lastError['msg'] : 'validation error';
//for xml response
$oModule->setError(-1);
$oModule->setMessage($errorMsg);
//for html redirect
$this->error = $errorMsg;
$_SESSION['XE_VALIDATOR_ERROR'] = -1;
$_SESSION['XE_VALIDATOR_MESSAGE'] = $this->error;
$_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] = 'error';
$_SESSION['XE_VALIDATOR_RETURN_URL'] = $returnUrl;
$_SESSION['XE_VALIDATOR_ID'] = Context::get('xe_validator_id');
$this->_setInputValueToSession();
return $oModule;
}
}
}
$oModule->setAct($this->act);
$this->module_info->module_type = $type;
$oModule->setModuleInfo($this->module_info, $xml_info);
$skipAct = array('dispEditorConfigPreview' => 1, 'dispLayoutPreviewWithModule' => 1);
$db_use_mobile = Mobile::isMobileEnabled();
if ($type == "view" && $this->module_info->use_mobile == "Y" && Mobile::isMobileCheckByAgent() && !isset($skipAct[Context::get('act')]) && $db_use_mobile === true) {
global $lang;
$header = '<style>div.xe_mobile{opacity:0.7;margin:1em 0;padding:.5em;background:#333;border:1px solid #666;border-left:0;border-right:0}p.xe_mobile{text-align:center;margin:1em 0}a.xe_mobile{color:#ff0;font-weight:bold;font-size:24px}@media only screen and (min-width:500px){a.xe_mobile{font-size:15px}}</style>';
$footer = '<div class="xe_mobile"><p class="xe_mobile"><a class="xe_mobile" href="' . getUrl('m', '1') . '">' . $lang->msg_pc_to_mobile . '</a></p></div>';
Context::addHtmlHeader($header);
Context::addHtmlFooter($footer);
}
if ($type == "view" && $kind != 'admin') {
$module_config = $oModuleModel->getModuleConfig('module');
if ($module_config->htmlFooter) {
Context::addHtmlFooter($module_config->htmlFooter);
}
if ($module_config->siteTitle) {
$siteTitle = Context::getBrowserTitle();
if (!$siteTitle) {
Context::setBrowserTitle($module_config->siteTitle);
}
}
}
// if failed message exists in session, set context
$this->_setInputErrorToContext();
$procResult = $oModule->proc();
$methodList = array('XMLRPC' => 1, 'JSON' => 1, 'JS_CALLBACK' => 1);
if (!$oModule->stop_proc && !isset($methodList[Context::getRequestMethod()])) {
$error = $oModule->getError();
$message = $oModule->getMessage();
$messageType = $oModule->getMessageType();
$redirectUrl = $oModule->getRedirectUrl();
if ($messageType == 'error') {
debugPrint($message, 'ERROR');
}
if (!$procResult) {
$this->error = $message;
if (!$redirectUrl && Context::get('error_return_url')) {
$redirectUrl = Context::get('error_return_url');
}
$this->_setInputValueToSession();
} else {
}
$_SESSION['XE_VALIDATOR_ERROR'] = $error;
$_SESSION['XE_VALIDATOR_ID'] = Context::get('xe_validator_id');
if ($message != 'success') {
$_SESSION['XE_VALIDATOR_MESSAGE'] = $message;
}
$_SESSION['XE_VALIDATOR_MESSAGE_TYPE'] = $messageType;
if (Context::get('xeVirtualRequestMethod') != 'xml') {
$_SESSION['XE_VALIDATOR_RETURN_URL'] = $redirectUrl;
}
}
unset($logged_info);
return $oModule;
}
<?php
session_start();
include_once "testlogin.php";
redirectIfNotLoggedIn("https://127.0.0.1/");
?>
<html>
<body>
<?php
include_once "../nonPublic/csrftoken.php";
include_once "database.php";
if (checkCSRF()) {
$database = new Database();
echo "If confirmed, the following items will be purchased:<br/>";
echo "<table>";
for ($x = 2; $x <= $_SESSION['purchaseNbr']; $x++) {
$username = $_SESSION["username"];
$itemId = $_SESSION["purchasesId" . $x];
$itemName = $_SESSION["purchases" . $x];
echo "<tr><th> " . $itemName . " </th>";
$mysqli = $database->openConnection();
$sql = "INSERT INTO purchases (email,itemId,purchDate) VALUES ( ? , ?, NOW() )";
$stmt = $mysqli->prepare($sql);
if ($stmt->bind_param('ss', $username, $itemId)) {
if ($stmt->execute()) {
echo "<th> purchase successful </th></tr>";
}
}
$stmt->free_result();
$database->closeConnection($mysqli);
}
/**
* Preview a layout
* @return void|Object (void : success, Object : fail)
*/
function dispLayoutPreview()
{
if (!checkCSRF()) {
$this->stop('msg_invalid_request');
return new Object(-1, 'msg_invalid_request');
}
// admin check
// this act is admin view but in normal view because do not load admin css/js files
$logged_info = Context::get('logged_info');
if ($logged_info->is_admin != 'Y') {
return $this->stop('msg_invalid_request');
}
$layout_srl = Context::get('layout_srl');
$code = Context::get('code');
$code_css = Context::get('code_css');
if (!$layout_srl || !$code) {
return new Object(-1, 'msg_invalid_request');
}
// Get the layout information
$oLayoutModel = getModel('layout');
$layout_info = $oLayoutModel->getLayout($layout_srl);
if (!$layout_info) {
return new Object(-1, 'msg_invalid_request');
}
// Separately handle the layout if its type is faceoff
if ($layout_info && $layout_info->type == 'faceoff') {
$oLayoutModel->doActivateFaceOff($layout_info);
}
// Apply CSS directly
Context::addHtmlHeader("<style type=\"text/css\" charset=\"UTF-8\">" . $code_css . "</style>");
// Set names and values of extra_vars to $layout_info
if ($layout_info->extra_var_count) {
foreach ($layout_info->extra_var as $var_id => $val) {
$layout_info->{$var_id} = $val->value;
}
}
// menu in layout information becomes an argument for Context:: set
if ($layout_info->menu_count) {
foreach ($layout_info->menu as $menu_id => $menu) {
$menu->php_file = FileHandler::getRealPath($menu->php_file);
if (FileHandler::exists($menu->php_file)) {
include $menu->php_file;
}
Context::set($menu_id, $menu);
}
}
Context::set('layout_info', $layout_info);
Context::set('content', lang('layout_preview_content'));
// Temporary save the codes
$edited_layout_file = _XE_PATH_ . 'files/cache/layout/tmp.tpl';
FileHandler::writeFile($edited_layout_file, $code);
// Compile
$oTemplate =& TemplateHandler::getInstance();
$layout_path = $layout_info->path;
$layout_file = 'layout';
$layout_tpl = $oTemplate->compile($layout_path, $layout_file, $edited_layout_file);
Context::set('layout', 'none');
// Convert widgets and others
$oContext =& Context::getInstance();
Context::set('layout_tpl', $layout_tpl);
// Delete Temporary Files
FileHandler::removeFile($edited_layout_file);
$this->setTemplateFile('layout_preview');
}
