$perpage = intval($_POST['perpage']); if (isset($CFG['GEN']['fixedhomelayout']) && $CFG['GEN']['homelayout']) { $deflayout = explode('|', $CFG['GEN']['homelayout']); foreach ($CFG['GEN']['fixedhomelayout'] as $k) { $homelayout[$k] = $deflayout[$k]; } } $layoutstr = implode('|', $homelayout); if (is_uploaded_file($_FILES['stupic']['tmp_name'])) { processImage($_FILES['stupic'], $userid, 200, 200); processImage($_FILES['stupic'], 'sm' . $userid, 40, 40); $chguserimg = ",hasuserimg=1"; } else { if (isset($_POST['removepic'])) { deletecoursefile('userimg_' . $userid . '.jpg'); deletecoursefile('userimg_sm' . $userid . '.jpg'); $chguserimg = ",hasuserimg=0"; } else { $chguserimg = ''; } } $_POST['theme'] = str_replace(array('/', '..'), '', $_POST['theme']); $query = "UPDATE imas_users SET FirstName='{$_POST['firstname']}',LastName='{$_POST['lastname']}',email='{$_POST['email']}',msgnotify={$msgnot},qrightsdef={$qrightsdef},deflib='{$deflib}',usedeflib='{$usedeflib}',homelayout='{$layoutstr}',theme='{$_POST['theme']}',listperpage='{$perpage}'{$chguserimg} "; $query .= "WHERE id='{$userid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); if (isset($_POST['dochgpw'])) { $query = "SELECT password FROM imas_users WHERE id = '{$userid}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); $line = mysql_fetch_array($result, MYSQL_ASSOC); if ((md5($_POST['oldpw']) == $line['password'] || isset($CFG['GEN']['newpasswords']) && password_verify($_POST['oldpw'], $line['password'])) && $_POST['newpw1'] == $_POST['newpw2'] && $myrights > 5) { if (isset($CFG['GEN']['newpasswords'])) {
function delitembyid($itemid) { $query = "SELECT itemtype,typeid FROM imas_items WHERE id='{$itemid}'"; $result = mysql_query($query) or die("Query failed :{$query} " . mysql_error()); list($itemtype, $typeid) = mysql_fetch_row($result); if ($itemtype == "InlineText") { $query = "DELETE FROM imas_inlinetext WHERE id='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "SELECT filename FROM imas_instr_files WHERE itemid='{$typeid}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); //$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/'; while ($row = mysql_fetch_row($result)) { $safefn = addslashes($row[0]); $query = "SELECT id FROM imas_instr_files WHERE filename='{$safefn}'"; $r2 = mysql_query($query) or die("Query failed : " . mysql_error()); if (mysql_num_rows($r2) == 1) { //unlink($uploaddir . $row[0]); deletecoursefile($row[0]); } } $query = "DELETE FROM imas_instr_files WHERE itemid='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); } else { if ($itemtype == "LinkedText") { $query = "SELECT text FROM imas_linkedtext WHERE id='{$typeid}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); $text = mysql_result($result, 0, 0); if (substr($text, 0, 5) == 'file:') { //delete file if not used $safetext = addslashes($text); $query = "SELECT id FROM imas_linkedtext WHERE text='{$safetext}'"; //any others using file? $result = mysql_query($query) or die("Query failed : " . mysql_error()); if (mysql_num_rows($result) == 1) { //$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/'; $filename = substr($text, 5); //unlink($uploaddir . $filename); deletecoursefile($filename); } } $query = "DELETE FROM imas_linkedtext WHERE id='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); } else { if ($itemtype == "Forum") { $query = "DELETE FROM imas_forums WHERE id='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "SELECT id FROM imas_forum_posts WHERE forumid='{$typeid}' AND files<>''"; $result = mysql_query($query) or die("Query failed : {$query} " . mysql_error()); while ($row = mysql_fetch_row($result)) { deleteallpostfiles($row[0]); } $query = "DELETE FROM imas_forum_subscriptions WHERE forumid='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "DELETE FROM imas_forum_views WHERE threadid IN (SELECT id FROM imas_forum_threads WHERE forumid='{$typeid}')"; mysql_query($query) or die("Query failed : {$query} " . mysql_error()); $query = "DELETE FROM imas_forum_posts WHERE forumid='{$typeid}'"; mysql_query($query) or die("Query failed : {$query} " . mysql_error()); $query = "DELETE FROM imas_forum_threads WHERE forumid='{$typeid}'"; mysql_query($query) or die("Query failed : {$query} " . mysql_error()); } else { if ($itemtype == "Assessment") { deleteallaidfiles($typeid); $query = "DELETE FROM imas_assessment_sessions WHERE assessmentid='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "DELETE FROM imas_questions WHERE assessmentid='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "DELETE FROM imas_assessments WHERE id='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); } else { if ($itemtype == "Drill") { $query = "DELETE FROM imas_drillassess_sessions WHERE drillassessid='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "DELETE FROM imas_drillassess WHERE id='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); } else { if ($itemtype == 'Wiki') { $query = "DELETE FROM imas_wikis WHERE id='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "DELETE FROM imas_wiki_revisions WHERE wikiid='{$typeid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "DELETE FROM imas_wiki_views WHERE wikiid='{$typeid}'"; mysql_query($query) or die("Query failed : {$query} " . mysql_error()); } } } } } } $query = "DELETE FROM imas_items WHERE id='{$itemid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); }
//already have id; update $query = "SELECT text FROM imas_linkedtext WHERE id='{$_GET['id']}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); $text = trim(mysql_result($result, 0, 0)); if (substr($text, 0, 5) == 'file:') { //has file $safetext = addslashes($text); if ($_POST['text'] != $safetext) { //if not same file, delete old if not used $query = "SELECT id FROM imas_linkedtext WHERE text='{$safetext}'"; //any others using file? $result = mysql_query($query) or die("Query failed : " . mysql_error()); if (mysql_num_rows($result) == 1) { //$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/'; $filename = substr($text, 5); deletecoursefile($filename); //if (file_exists($uploaddir . $filename)) { // unlink($uploaddir . $filename); //} } } } if (!$processingerror) { $query = "UPDATE imas_linkedtext SET title='{$_POST['title']}',summary='{$_POST['summary']}',text='{$_POST['text']}',startdate={$startdate},enddate={$enddate},avail='{$_POST['avail']}',oncal='{$oncal}',caltag='{$caltag}',target='{$_POST['target']}',outcomes='{$outcomes}',points={$points} "; $query .= "WHERE id='{$_GET['id']}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); } } else { if (!$processingerror) { //add new $query = "INSERT INTO imas_linkedtext (courseid,title,summary,text,startdate,enddate,avail,oncal,caltag,target,outcomes,points) VALUES ";
mysql_query($query) or die("Query failed : " . mysql_error()); } else { $query = "UPDATE imas_students SET code={$code},section={$section},timelimitmult='{$timelimitmult}',hidefromcourselist={$hide} WHERE userid='{$_GET['uid']}' AND courseid='{$cid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "UPDATE imas_students SET locked={$locked} WHERE userid='{$_GET['uid']}' AND courseid='{$cid}' AND locked=0"; mysql_query($query) or die("Query failed : " . mysql_error()); } require '../includes/userpics.php'; if (is_uploaded_file($_FILES['stupic']['tmp_name'])) { processImage($_FILES['stupic'], $_GET['uid'], 200, 200); processImage($_FILES['stupic'], 'sm' . $_GET['uid'], 40, 40); $chguserimg = "hasuserimg=1"; } else { if (isset($_POST['removepic'])) { deletecoursefile('userimg_' . $_GET['uid'] . '.jpg'); deletecoursefile('userimg_sm' . $_GET['uid'] . '.jpg'); $chguserimg = "hasuserimg=0"; } else { $chguserimg = ''; } } if ($chguserimg != '') { $query = "UPDATE imas_users SET {$chguserimg} WHERE id='{$_GET['uid']}'"; mysql_query($query) or die("Query failed : " . mysql_error()); } require "../header.php"; echo '<div class="breadcrumb">' . $curBreadcrumb . '</div>'; echo '<div id="headerlistusers" class="pagetitle"><h2>' . $pagetitle . '</h2></div>'; echo "<p>User info updated. "; if ($updateusername) { echo "User login changed to {$un}.";
$result = mysql_query($query) or die("Query failed : " . mysql_error()); $itemid = mysql_result($result, 0, 0); $query = "DELETE FROM imas_items WHERE id='{$itemid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "DELETE FROM imas_inlinetext WHERE id='{$textid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "SELECT filename FROM imas_instr_files WHERE itemid='{$textid}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); //$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/'; while ($row = mysql_fetch_row($result)) { $safefn = addslashes($row[0]); $query = "SELECT id FROM imas_instr_files WHERE filename='{$safefn}'"; $r2 = mysql_query($query) or die("Query failed : " . mysql_error()); if (mysql_num_rows($r2) == 1) { //unlink($uploaddir . $row[0]); deletecoursefile($row[0]); } } $query = "DELETE FROM imas_instr_files WHERE itemid='{$textid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "SELECT itemorder FROM imas_courses WHERE id='{$cid}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); $items = unserialize(mysql_result($result, 0, 0)); $blocktree = explode('-', $block); $sub =& $items; for ($i = 1; $i < count($blocktree); $i++) { $sub =& $sub[$blocktree[$i] - 1]['items']; //-1 to adjust for 1-indexing } $key = array_search($itemid, $sub); array_splice($sub, $key, 1);
$row = mysql_fetch_row($result); $text = trim($row[0]); $points = $row[1]; if (substr($text, 0, 5) == 'file:') { //delete file if not used $safetext = addslashes($text); $query = "SELECT id FROM imas_linkedtext WHERE text='{$safetext}'"; //any others using file? $result = mysql_query($query) or die("Query failed : " . mysql_error()); if (mysql_num_rows($result) == 1) { /*$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/'; $filename = substr($text,5); if (file_exists($uploaddir . $filename)) { unlink($uploaddir . $filename); }*/ deletecoursefile(substr($text, 5)); } } if ($points > 0) { $query = "DELETE FROM imas_grades WHERE gradetypeid='{$textid}' AND gradetype='exttool'"; mysql_query($query) or die("Query failed : " . mysql_error()); } $query = "DELETE FROM imas_linkedtext WHERE id='{$textid}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "SELECT itemorder FROM imas_courses WHERE id='{$_GET['cid']}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); $items = unserialize(mysql_result($result, 0, 0)); $blocktree = explode('-', $block); $sub =& $items; for ($i = 1; $i < count($blocktree); $i++) { $sub =& $sub[$blocktree[$i] - 1]['items'];
$query .= "WHERE id='{$_GET['id']}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); //update attached files $query = "SELECT id,description,filename FROM imas_instr_files WHERE itemid='{$_GET['id']}'"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); while ($row = mysql_fetch_row($result)) { if (isset($_POST['delfile-' . $row[0]])) { $filestoremove[] = $row[0]; $query = "DELETE FROM imas_instr_files WHERE id='{$row[0]}'"; mysql_query($query) or die("Query failed : " . mysql_error()); $query = "SELECT id FROM imas_instr_files WHERE filename='{$row[2]}'"; $r2 = mysql_query($query) or die("Query failed : " . mysql_error()); if (mysql_num_rows($r2) == 0) { //$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/files/'; //unlink($uploaddir . $row[2]); deletecoursefile($row[2]); } } else { if ($_POST['filedescr-' . $row[0]] != $row[1]) { $query = "UPDATE imas_instr_files SET description='{$_POST['filedescr-' . $row[0]]}' WHERE id='{$row[0]}'"; mysql_query($query) or die("Query failed : " . mysql_error()); } } } $newtextid = $_GET['id']; } else { //add new $query = "INSERT INTO imas_inlinetext (courseid,title,text,startdate,enddate,avail,oncal,caltag,outcomes,isplaylist) VALUES "; $query .= "('{$cid}','{$_POST['title']}','{$_POST['text']}',{$startdate},{$enddate},'{$_POST['avail']}','{$_POST['oncal']}','{$caltag}','{$outcomes}',{$isplaylist});"; $result = mysql_query($query) or die("Query failed : " . mysql_error()); $newtextid = mysql_insert_id();