Exemple #1
0
    $_POST['allowsetting'] = intval($_POST['allowsetting']);
    $_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
    $_POST['customparameters'] = str_replace('\\r\\n', "\r\n", $addslashes($_POST['customparameters']));
    $_POST['organizationid'] = $addslashes($_POST['organizationid']);
    $_POST['organizationurl'] = $addslashes($_POST['organizationurl']);
    //	$_POST['organizationdescr'] = $addslashes($_POST['organizationdescr']);
    $_POST['submit'] = $addslashes($_POST['submit']);
}
$tool = intval($_REQUEST['id']);
if (isset($_POST['cancel'])) {
    $msg->addFeedback('CANCELLED');
    header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php');
    exit;
} else {
    if (isset($_POST['form_basiclti'], $tool)) {
        if (at_form_validate($blti_admin_form, $msg)) {
            $sql = "SELECT count(*) cnt FROM " . TABLE_PREFIX . "basiclti_tools WHERE toolid = '" . mysql_real_escape_string($_POST['toolid']) . "' AND id != {$tool};";
            $result = mysql_query($sql, $db) or die(mysql_error());
            $row = mysql_fetch_assoc($result);
            if ($row["cnt"] != 0) {
                $msg->addFeedback('NEED_UNIQUE_TOOLID');
            } else {
                $sql = at_form_update($_POST, $blti_admin_form);
                $sql = 'UPDATE ' . TABLE_PREFIX . "basiclti_tools SET " . $sql . " WHERE id = {$tool};";
                $result = mysql_query($sql, $db) or die(mysql_error());
                write_to_log(AT_ADMIN_LOG_INSERT, 'basiclti_create', mysql_affected_rows($db), $sql);
                $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
                header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php');
                exit;
            }
        }
$_POST['toolid'] = $addslashes($_POST['toolid']);
$_POST['cid'] = intval($_POST['cid']);
$_POST['preferheight'] = intval($_POST['preferheight']);
$_POST['launchinpopup'] = intval($_POST['launchinpopup']);
$_POST['debuglaunch'] = intval($_POST['debuglaunch']);
$_POST['sendname'] = intval($_POST['sendname']);
$_POST['sendemailaddr'] = intval($_POST['sendemailaddr']);
$_POST['allowroster'] = intval($_POST['allowroster']);
$_POST['allowsetting'] = intval($_POST['allowsetting']);
$_POST['customparameters'] = $addslashes($_POST['customparameters']);
if (!is_int($_SESSION['course_id']) || $_SESSION['course_id'] < 1) {
    $msg->addFeedback('NEED_COURSE_ID');
    exit;
}
// Add/Update The Tool
if (isset($_POST['toolid']) && at_form_validate($blti_content_edit_form, $msg)) {
    $toolid = $_POST['toolid'];
    // Escaping is done in the at_form_util code
    $sql = "SELECT * FROM %sbasiclti_content WHERE content_id=%d AND course_id=%d";
    $row_content = queryDB($sql, array(TABLE_PREFIX, $_POST['cid'], $_SESSION['course_id']), TRUE);
    if ($toolid == '--none--') {
        $sql = "DELETE FROM %sbasiclti_content WHERE content_id=%d AND course_id=%d";
        $result = queryDB($sql, array(TABLE_PREFIX, $_POST['cid'], $_SESSION['course_id']));
        if ($result === false) {
            $msg->addError('MYSQL_FAILED');
        } else {
            $msg->addFeedback('BASICLTI_DELETED');
        }
    } else {
        if (count($row_content) == 0) {
            $sql = "INSERT INTO %sbasiclti_content SET toolid='%s', content_id=%d, course_id=%d";
    $_POST['acceptgrades'] = intval($_POST['acceptgrades']);
    $_POST['allowroster'] = intval($_POST['allowroster']);
    $_POST['allowsetting'] = intval($_POST['allowsetting']);
    $_POST['allowcustomparameters'] = intval($_POST['allowcustomparameters']);
    // this param won't take $addslashes. Some other form of filter is needed here before V1.0 goes out.
    //$_POST['customparameters'] = $addslashes($_POST['customparameters']);
    $_POST['submit'] = $addslashes($_POST['submit']);
}
$tool = intval($_REQUEST['id']);
if (isset($_POST['cancel'])) {
    $msg->addFeedback('CANCELLED');
    header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_instructor.php');
    exit;
} else {
    if (isset($_POST['form_basiclti'], $tool)) {
        if (at_form_validate($blti_instructor_form, $msg)) {
            $sql = "SELECT count(*) cnt FROM " . TABLE_PREFIX . "basiclti_tools WHERE toolid = '" . mysql_real_escape_string($_POST['toolid']) . "' AND id != {$tool}" . " AND course_id = " . $_SESSION['course_id'];
            $result = mysql_query($sql, $db) or die(mysql_error());
            $row = mysql_fetch_assoc($result);
            if ($row["cnt"] != 0) {
                $msg->addFeedback('NEED_UNIQUE_TOOLID');
            } else {
                $fields = array('course_id' => $_SESSION['course_id']);
                $sql = at_form_update($_POST, $blti_instructor_form, $fields);
                $sql = 'UPDATE ' . TABLE_PREFIX . "basiclti_tools SET " . $sql . " WHERE id = {$tool}" . " AND course_id = " . $_SESSION['course_id'];
                $result = mysql_query($sql, $db) or die(mysql_error());
                write_to_log(AT_ADMIN_LOG_INSERT, 'basiclti_create', mysql_affected_rows($db), $sql);
                $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
                header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_instructor.php');
                exit;
            }