// Create quiz entries if don't already exist // Load existing quizzes $all_quizzes = new Quizzes(); $quiz_array = $qdb->getQuizzesAll(); // add this one to allQuizzes foreach ($quiz_array as $this_quiz_array) { $all_quizzes->addQuiz(new Quiz($this_quiz_array)); } if ($debug) { print "Checking for new quizzes <br />\n"; } // Now look at old quiznames and check if they exist // use the validateQuizname function on the $all_quizzes foreach ($quiznames as $key => $value) { // not found so create if ($all_quizzes->validateQuizname($key) == false) { if ($debug) { print "New quiz found {$key} <br />\n"; } $new_quiz = array(); // use new_quizname as well as the array to make it easier to follow (rather than nesting arrays) $new_quizname = $new_quiz['quizname'] = $key; $new_quiz['title'] = $quiznames[$new_quizname]; $new_quiz['numquestions'] = $numquestions[$new_quizname]; // offline quiz was not set on a per quiz basis on old version // set the same as online and then use enable to turn on / off $new_quiz['numquestionsoffline'] = $new_quiz['numquestions']; $new_quiz['quizintro'] = $quizintro[$new_quizname]; // priority is a new setting $new_quiz['priority'] = 1; // if offline previously enabled then set appropriate - otherwise set to disabled
// we save even if no changes - more work for sql, but less checking within PHP $qdb->updateQuiz($post_details); } if ($debug) { print "\nSave completed - quiznname is {$quizname}\n"; } // if it's a new one we have just created now change to edit and add this quiz if ($action == 'new') { $action = 'edit'; $message .= "<p class=\"" . CSS_CLASS_ADMIN_EDIT_MESSAGE . "\">New quiz saved</p>"; } else { $message .= "<p class=\"" . CSS_CLASS_ADMIN_EDIT_MESSAGE . "\">Changes saved</p>"; } } elseif (isset($_GET['quiz']) && ctype_alnum($_GET['quiz'])) { // check it's valid existing if ($all_quizzes->validateQuizname($_GET['quiz'])) { $quizname = $_GET['quiz']; $action = 'edit'; } else { $err = Errors::getInstance(); $err->errorEvent(ERROR_PARAMETER, "Invalid quizname"); exit(0); } } elseif (isset($_GET['action']) && $_GET['action'] == 'new') { $action = 'new'; } else { $err = Errors::getInstance(); $err->errorEvent(ERROR_PARAMETER, "Missing action request"); exit(0); } // no quizname for edit - error and back to index page
// Very important // todo // validate field input $quiz = $_POST['quizname']; //first check that this is just a string - no if (!ctype_alnum($quiz)) { $err = Errors::getInstance(); $err->errorEvent(ERROR_SECURITY, "Error security violation - quizname is invalid"); exit(0); } // set quiztype to offline $quiz_type = 'offline'; //check that this is a valid quizname // handle this as a warning using the errorEvent - we then provide a more user friendly error // this is not a security event, but is still wrong if (!$all_quizzes->validateQuizname($quiz)) { // include header for menu / error display $templates->includeTemplate('header', 'normal'); // we handle error in more user friendly way than if we suspect attempt to hack $err = Errors::getInstance(); $err->errorEvent(WARNING_PARAMETER, "Warning parameter incorrect - quizname is invalid"); print "<h3>Invalid quizname specified</h3>\n"; printMenu($all_quizzes); $templates->includeTemplate('footer', 'normal'); exit(0); } else { if ($debug) { print "Getting Quiz \n"; } // Get quizobject for this particular quiz $this_quiz = $all_quizzes->getQuiz($quiz);
} else { $action = 'save'; } // we validate all details before storing them into an array (we then use this to save to DB) $post_details = array(); // store quizzes seperately as those are not saved in the question table in the DB $post_quizzes = array(); // Quizzes // we need to check all possible quizzes if ($debug) { print "Quizzes: "; } for ($i = 0; $i < $all_quizzes->count(); $i++) { if (isset($_POST["quiz_" . $i])) { // only add if is a valid quiz - if invalid we just ignore if ($all_quizzes->validateQuizname($_POST["quiz_" . $i])) { $post_quizzes[] = $_POST["quiz_" . $i]; if ($debug) { print $_POST["quiz_" . $i] . " "; } } } } if ($debug) { print "\n"; } // If this is just a next no save // this will redirect with a header - we do not continue after this point if ($action == 'next') { getNextQuestion($questionid); // exit not really neccessary - makes it obvious we are not continuing