/**
* Prepare field value for SQL query.<br>
* Returns the num if different from zero, NULL otherwise.
* @param $num (string) string to check.
* @return string $num if != 0, NULL otherwise
*/
function F_zero_to_null($num)
{
require_once '../../shared/code/tce_db_dal.php';
if ($num == 0) {
return 'NULL';
}
return F_escape_sql($num);
}
if (!F_check_unique(K_TABLE_ATTRIBUTE_TYPES, 'atb_name=\'' . F_escape_sql($atb_name) . '\'')) {
F_print_error('WARNING', $l['m_duplicate_name']);
$formstatus = FALSE;
F_stripslashes_formfields();
break;
}
$sql = 'INSERT INTO ' . K_TABLE_ATTRIBUTE_TYPES . ' (
atb_name,
atb_description,
atb_type,
atb_default
) VALUES (
\'' . F_escape_sql($atb_name) . '\',
' . F_empty_to_null($atb_description) . ',
\'' . F_escape_sql($atb_type) . '\',
\'' . F_escape_sql($atb_default) . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
$atb_id = F_db_insert_id($db, K_TABLE_ATTRIBUTE_TYPES, 'atb_id');
}
}
break;
case 'clear':
// Clear form fields
$atb_name = '';
$atb_description = '';
$atb_type = '';
$atb_default = '';
break;
if (!F_check_unique(K_TABLE_CABLES, 'cab_a_obj_id=' . $cab_a_obj_id . ' AND cab_b_obj_id=' . $cab_b_obj_id . ' AND cab_cbt_id=' . $cab_cbt_id)) {
F_print_error('WARNING', $l['m_duplicate_connection']);
$formstatus = false;
F_stripslashes_formfields();
break;
}
$sql = 'INSERT INTO ' . K_TABLE_CABLES . ' (
cab_a_obj_id,
cab_b_obj_id,
cab_cbt_id,
cab_color
) VALUES (
' . $cab_a_obj_id . ',
' . $cab_b_obj_id . ',
' . $cab_cbt_id . ',
\'' . F_escape_sql($cab_color) . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
}
$cab_ids = $cab_a_obj_id . '|' . $cab_b_obj_id . '|' . $cab_cbt_id;
$sel_a_obj_id = $cab_a_obj_id;
$sel_b_obj_id = $cab_b_obj_id;
$sel_cbt_id = $cab_cbt_id;
}
break;
case 'clear':
// Clear form fields
$cbt_name = '';
$cab_color = 'd3d3d3';
break;
echo '<input type="text" name="searchterms" id="searchterms" value="' . htmlspecialchars($searchterms, ENT_COMPAT, $l['a_meta_charset']) . '" size="20" maxlength="255" title="' . $l['w_search_keywords'] . '" />';
F_submit_button('search', $l['w_search'], $l['w_search']);
echo '</div>' . K_NEWLINE;
// build a search query
if (strlen($searchterms) > 0) {
$searchterms = trim($searchterms);
if (preg_match("/^([0-9A-F]{2})[\\:\\-]([0-9A-F]{2})[\\:\\-]([0-9A-F]{2})/i", $searchterms, $matches) > 0) {
// MAC address
$mac = strtoupper($matches[1] . $matches[2] . $matches[3]);
$sql = 'SELECT mnf_id, mnf_name FROM ' . K_TABLE_MANUFACTURES . ', ' . K_TABLE_MANUFACTURES_MAC . ' WHERE mnf_id=mac_mnf_id AND mac_mac=\'' . $mac . '\' ORDER BY mnf_name ASC';
} else {
$wherequery = '';
$terms = preg_split("/[\\s]+/i", $searchterms);
// Get all the words into an array
foreach ($terms as $word) {
$word = F_escape_sql($word);
$wherequery .= ' AND (mnf_name LIKE \'%' . $word . '%\')';
}
$wherequery = substr($wherequery, 5);
$sql = 'SELECT * FROM ' . K_TABLE_MANUFACTURES . ' WHERE ' . $wherequery . ' ORDER BY mnf_name ASC';
}
} else {
$sql = 'SELECT mnf_id, mnf_name FROM ' . K_TABLE_MANUFACTURES . ' ORDER BY mnf_name ASC';
}
if ($r = F_db_query($sql, $db)) {
echo '<ul>' . K_NEWLINE;
while ($m = F_db_fetch_array($r)) {
// on click the manufacturer ID will be returned on the calling form field
$jsaction = 'javascript:window.opener.document.getElementById(\'' . $cid . '\').value=' . $m['mnf_id'] . ';';
$jsaction .= 'window.opener.document.getElementById(\'' . $cid . '\').onchange();';
$jsaction .= 'window.close();';
}
switch ($menu_mode) {
case 'update':
// Update
if ($formstatus = F_check_form_fields()) {
if (isset($testlog_score) and isset($max_score)) {
// score cannot be greater than max_score
$testlog_score = floatval($testlog_score);
$max_score = floatval($max_score);
if ($testlog_score > $max_score) {
F_print_error('WARNING', $l['m_score_higher_than_max']);
break;
}
$sql = 'UPDATE ' . K_TABLE_TESTS_LOGS . ' SET
testlog_score=' . $testlog_score . ',
testlog_comment=\'' . F_escape_sql($db, $testlog_comment) . '\'
WHERE testlog_id=' . $testlog_id . '';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
F_print_error('MESSAGE', $l['m_updated']);
$testlog_score = '';
$testlog_id = '';
$testlog_comment = '';
}
}
}
break;
default:
break;
}
/**
* Display online users.
* @author Nicola Asuni
* @since 2001-10-18
* @param $wherequery (string) users selection query
* @param $order_field (string) order by column name
* @param $orderdir (int) oreder direction
* @param $firstrow (int) number of first row to display
* @param $rowsperpage (int) number of rows per page
* @return false in case of empty database, true otherwise
*/
function F_list_online_users($wherequery, $order_field, $orderdir, $firstrow, $rowsperpage)
{
global $l, $db;
require_once '../config/tce_config.php';
require_once '../../shared/code/tce_functions_page.php';
require_once 'tce_functions_user_select.php';
//initialize variables
$orderdir = intval($orderdir);
$firstrow = intval($firstrow);
$rowsperpage = intval($rowsperpage);
// order fields for SQL query
if (empty($order_field) or !in_array($order_field, array('cpsession_id', 'cpsession_data'))) {
$order_field = 'cpsession_expiry';
}
if ($orderdir == 0) {
$nextorderdir = 1;
$full_order_field = $order_field;
} else {
$nextorderdir = 0;
$full_order_field = $order_field . ' DESC';
}
if (!F_count_rows(K_TABLE_SESSIONS)) {
//if the table is void (no items) display message
echo '<h2>' . $l['m_databasempty'] . '</h2>';
return FALSE;
}
if (empty($wherequery)) {
$sql = 'SELECT * FROM ' . K_TABLE_SESSIONS . ' ORDER BY ' . $full_order_field . '';
} else {
$wherequery = F_escape_sql($db, $wherequery);
$sql = 'SELECT * FROM ' . K_TABLE_SESSIONS . ' ' . $wherequery . ' ORDER BY ' . $full_order_field . '';
}
if (K_DATABASE_TYPE == 'ORACLE') {
$sql = 'SELECT * FROM (' . $sql . ') WHERE rownum BETWEEN ' . $firstrow . ' AND ' . ($firstrow + $rowsperpage) . '';
} else {
$sql .= ' LIMIT ' . $rowsperpage . ' OFFSET ' . $firstrow . '';
}
echo '<div class="container">' . K_NEWLINE;
echo '<table class="userselect">' . K_NEWLINE;
echo '<tr>' . K_NEWLINE;
echo '<th>' . $l['w_user'] . '</th>' . K_NEWLINE;
echo '<th>' . $l['w_level'] . '</th>' . K_NEWLINE;
echo '<th>' . $l['w_ip'] . '</th>' . K_NEWLINE;
echo '</tr>' . K_NEWLINE;
if ($r = F_db_query($sql, $db)) {
while ($m = F_db_fetch_array($r)) {
$this_session = F_session_string_to_array($m['cpsession_data']);
echo '<tr>';
echo '<td align="left">';
$user_str = '';
if ($this_session['session_user_lastname']) {
$user_str .= urldecode($this_session['session_user_lastname']) . ', ';
}
if ($this_session['session_user_firstname']) {
$user_str .= urldecode($this_session['session_user_firstname']) . '';
}
$user_str .= ' (' . urldecode($this_session['session_user_name']) . ')';
if (F_isAuthorizedEditorForUser($this_session['session_user_id'])) {
echo '<a href="tce_edit_user.php?user_id=' . $this_session['session_user_id'] . '">' . $user_str . '</a>';
} else {
echo $user_str;
}
echo '</td>';
echo '<td>' . $this_session['session_user_level'] . '</td>';
echo '<td>' . $this_session['session_user_ip'] . '</td>';
echo '</tr>' . K_NEWLINE;
}
} else {
F_display_db_error();
}
echo '</table>' . K_NEWLINE;
// --- ------------------------------------------------------
// --- page jump
if ($rowsperpage > 0) {
$sql = 'SELECT count(*) AS total FROM ' . K_TABLE_SESSIONS . ' ' . $wherequery . '';
if (!empty($order_field)) {
$param_array = '&order_field=' . urlencode($order_field) . '';
}
if (!empty($orderdir)) {
$param_array .= '&orderdir=' . $orderdir . '';
}
$param_array .= '&submitted=1';
F_show_page_navigator($_SERVER['SCRIPT_NAME'], $sql, $firstrow, $rowsperpage, $param_array);
}
echo '<div class="pagehelp">' . $l['hp_online_users'] . '</div>' . K_NEWLINE;
echo '</div>' . K_NEWLINE;
return TRUE;
}
if ($formstatus = F_check_form_fields()) {
// check if name is unique
if (!F_check_unique(K_TABLE_SUBJECTS, 'subject_name=\'' . F_escape_sql($db, $subject_name) . '\' AND subject_module_id=' . $subject_module_id . '')) {
F_print_error('WARNING', $l['m_duplicate_name']);
$formstatus = FALSE;
F_stripslashes_formfields();
break;
}
$sql = 'INSERT INTO ' . K_TABLE_SUBJECTS . ' (
subject_name,
subject_description,
subject_enabled,
subject_user_id,
subject_module_id
) VALUES (
\'' . F_escape_sql($db, $subject_name) . '\',
' . F_empty_to_null($subject_description) . ',
\'' . intval($subject_enabled) . '\',
\'' . intval($_SESSION['session_user_id']) . '\',
' . $subject_module_id . '
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
$subject_id = F_db_insert_id($db, K_TABLE_SUBJECTS, 'subject_id');
}
}
break;
case 'clear':
// Clear form fields
$subject_name = '';
$_SESSION['session_user_name'] = $m['user_name'];
$_SESSION['session_user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
$_SESSION['session_user_level'] = $m['user_level'];
$_SESSION['session_user_firstname'] = urlencode($m['user_firstname']);
$_SESSION['session_user_lastname'] = urlencode($m['user_lastname']);
// read client cookie
if (isset($_COOKIE['LastVisit'])) {
$_SESSION['session_last_visit'] = intval($_COOKIE['LastVisit']);
} else {
$_SESSION['session_last_visit'] = 0;
}
$logged = true;
} else {
$login_error = true;
}
} elseif (!F_check_unique(K_TABLE_USERS, 'user_name=\'' . F_escape_sql($_POST['xuser_name']) . '\'')) {
// the user name exist but the password is wrong
//F_print_error('WARNING', $l['m_login_wrong']);
$login_error = true;
} else {
// this user doesn't exist on RackMap database
$login_error = true;
}
} else {
F_display_db_error();
}
}
}
if (!isset($pagelevel)) {
// set default page level
$pagelevel = 0;
}
} else {
echo '</select></span></div>' . K_NEWLINE;
F_display_db_error();
}
echo '</select>' . K_NEWLINE;
echo '<input type="text" name="searchterms" id="searchterms" value="' . htmlspecialchars($searchterms, ENT_COMPAT, $l['a_meta_charset']) . '" size="20" maxlength="255" title="' . $l['w_search'] . '" />';
F_submit_button('search', $l['w_search'], $l['w_search']);
echo '</span></div>' . K_NEWLINE;
// build a search query
$wherequery = '';
if (strlen($searchterms) > 0) {
$terms = preg_split("/[\\s]+/i", $searchterms);
// Get all the words into an array
foreach ($terms as $word) {
$word = F_escape_sql($db, $word);
$wherequery .= ' AND ((user_name LIKE \'%' . $word . '%\')';
$wherequery .= ' OR (user_email LIKE \'%' . $word . '%\')';
$wherequery .= ' OR (user_firstname LIKE \'%' . $word . '%\')';
$wherequery .= ' OR (user_lastname LIKE \'%' . $word . '%\')';
$wherequery .= ' OR (user_regnumber LIKE \'%' . $word . '%\')';
$wherequery .= ' OR (user_ssn LIKE \'%' . $word . '%\'))';
}
$wherequery = '(' . substr($wherequery, 5) . ')';
}
// select only specified User IDs
if (isset($uids) and !empty($uids)) {
$uid_list = '';
$uids = explode('x', $uids);
foreach ($uids as $id) {
$uid_list .= ',' . intval($id);
/**
* Sets the end element handler function for the XML parser parser.end_element_handler.
* @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler.
* @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters.
* @private
*/
private function endElementHandler($parser, $name)
{
global $l, $db;
require_once '../config/tce_config.php';
require_once 'tce_functions_user_select.php';
switch (strtolower($name)) {
case 'name':
case 'password':
case 'email':
case 'regdate':
case 'ip':
case 'firstname':
case 'lastname':
case 'birthdate':
case 'birthplace':
case 'regnumber':
case 'ssn':
case 'level':
case 'verifycode':
$this->current_data = F_escape_sql(F_xml_to_text($this->current_data));
$this->user_data[$this->current_element] = $this->current_data;
$this->current_element = '';
$this->current_data = '';
break;
case 'group':
$group_name = F_escape_sql(F_xml_to_text($this->current_data));
// check if group already exist
$sql = 'SELECT group_id
FROM ' . K_TABLE_GROUPS . '
WHERE group_name=\'' . $group_name . '\'
LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
// the group has been already added
$this->group_data[] = $m['group_id'];
} else {
// add new group
$sqli = 'INSERT INTO ' . K_TABLE_GROUPS . ' (
group_name
) VALUES (
\'' . $group_name . '\'
)';
if (!($ri = F_db_query($sqli, $db))) {
F_display_db_error(false);
} else {
$this->group_data[] = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id');
}
}
} else {
F_display_db_error();
}
break;
case 'user':
// insert users
if (!empty($this->user_data['user_name'])) {
if (empty($this->user_data['user_regdate'])) {
$this->user_data['user_regdate'] = date(K_TIMESTAMP_FORMAT);
}
if (empty($this->user_data['user_ip'])) {
$this->user_data['user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
}
if (!isset($this->user_data['user_level']) or strlen($this->user_data['user_level']) == 0) {
$this->user_data['user_level'] = 1;
}
if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
// you cannot edit a user with a level equal or higher than yours
$this->user_data['user_level'] = min(max(0, $_SESSION['session_user_level'] - 1), $this->user_data['user_level']);
// non-administrator can access only to his/her groups
if (empty($this->group_data)) {
break;
}
$common_groups = array_intersect(F_get_user_groups($_SESSION['session_user_id']), $this->group_data);
if (empty($common_groups)) {
break;
}
}
// check if user already exist
$sql = 'SELECT user_id,user_level
FROM ' . K_TABLE_USERS . '
WHERE user_name=\'' . $this->user_data['user_name'] . '\'
OR user_regnumber=\'' . $this->user_data['user_regnumber'] . '\'
OR user_ssn=\'' . $this->user_data['user_ssn'] . '\'
LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
// the user has been already added
$user_id = $m['user_id'];
if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR or $_SESSION['session_user_level'] > $m['user_level']) {
//update user data
$sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET
user_regdate=\'' . $this->user_data['user_regdate'] . '\',
user_ip=\'' . $this->user_data['user_ip'] . '\',
user_name=\'' . $this->user_data['user_name'] . '\',
user_email=' . F_empty_to_null($this->user_data['user_email']) . ',';
// update password only if it is specified
if (!empty($this->user_data['user_password'])) {
$sqlu .= ' user_password=\'' . md5($this->user_data['user_password']) . '\',';
}
$sqlu .= '
user_regnumber=' . F_empty_to_null($this->user_data['user_regnumber']) . ',
user_firstname=' . F_empty_to_null($this->user_data['user_firstname']) . ',
user_lastname=' . F_empty_to_null($this->user_data['user_lastname']) . ',
user_birthdate=' . F_empty_to_null($this->user_data['user_birthdate']) . ',
user_birthplace=' . F_empty_to_null($this->user_data['user_birthplace']) . ',
user_ssn=' . F_empty_to_null($this->user_data['user_ssn']) . ',
user_level=\'' . $this->user_data['user_level'] . '\',
user_verifycode=' . F_empty_to_null($this->user_data['user_verifycode']) . '
WHERE user_id=' . $user_id . '';
if (!($ru = F_db_query($sqlu, $db))) {
F_display_db_error(false);
return FALSE;
}
} else {
// no user is updated, so empty groups
$this->group_data = array();
}
} else {
// add new user
$sqlu = 'INSERT INTO ' . K_TABLE_USERS . ' (
user_regdate,
user_ip,
user_name,
user_email,
user_password,
user_regnumber,
user_firstname,
user_lastname,
user_birthdate,
user_birthplace,
user_ssn,
user_level,
user_verifycode
) VALUES (
' . F_empty_to_null($this->user_data['user_regdate']) . ',
\'' . $this->user_data['user_ip'] . '\',
\'' . $this->user_data['user_name'] . '\',
' . F_empty_to_null($this->user_data['user_email']) . ',
\'' . md5($this->user_data['user_password']) . '\',
' . F_empty_to_null($this->user_data['user_regnumber']) . ',
' . F_empty_to_null($this->user_data['user_firstname']) . ',
' . F_empty_to_null($this->user_data['user_lastname']) . ',
' . F_empty_to_null($this->user_data['user_birthdate']) . ',
' . F_empty_to_null($this->user_data['user_birthplace']) . ',
' . F_empty_to_null($this->user_data['user_ssn']) . ',
\'' . $this->user_data['user_level'] . '\',
' . F_empty_to_null($this->user_data['user_verifycode']) . '
)';
if (!($ru = F_db_query($sqlu, $db))) {
F_display_db_error(false);
return FALSE;
} else {
$user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id');
}
}
} else {
F_display_db_error(false);
return FALSE;
}
// user's groups
if (!empty($this->group_data)) {
while (list($key, $group_id) = each($this->group_data)) {
// check if user-group already exist
$sqls = 'SELECT *
FROM ' . K_TABLE_USERGROUP . '
WHERE usrgrp_group_id=\'' . $group_id . '\'
AND usrgrp_user_id=\'' . $user_id . '\'
LIMIT 1';
if ($rs = F_db_query($sqls, $db)) {
if (!($ms = F_db_fetch_array($rs))) {
// associate group to user
$sqlg = 'INSERT INTO ' . K_TABLE_USERGROUP . ' (
usrgrp_user_id,
usrgrp_group_id
) VALUES (
' . $user_id . ',
' . $group_id . '
)';
if (!($rg = F_db_query($sqlg, $db))) {
F_display_db_error(false);
return FALSE;
}
}
} else {
F_display_db_error(false);
return FALSE;
}
}
}
}
break;
default:
break;
}
}
test_answers_order_mode, test_comment_enabled, test_menu_enabled, test_noanswer_enabled, test_mcma_radio, test_repeatable, test_mcma_partial_score, test_logout_on_timeout, test_password ) VALUES ( \'' . F_escape_sql($db, $test_name) . '\', \'' . F_escape_sql($db, $test_description) . '\', ' . F_empty_to_null($test_begin_time) . ', ' . F_empty_to_null($test_end_time) . ', \'' . $test_duration_time . '\', \'' . F_escape_sql($db, $test_ip_range) . '\', \'' . intval($test_results_to_users) . '\', \'' . intval($test_report_to_users) . '\', \'' . $test_score_right . '\', \'' . $test_score_wrong . '\', \'' . $test_score_unanswered . '\', \'' . $test_max_score . '\', \'' . intval($_SESSION['session_user_id']) . '\', \'' . $test_score_threshold . '\', \'' . intval($test_random_questions_select) . '\', \'' . intval($test_random_questions_order) . '\', \'' . $test_questions_order_mode . '\', \'' . intval($test_random_answers_select) . '\', \'' . intval($test_random_answers_order) . '\', \'' . $test_answers_order_mode . '\', \'' . intval($test_comment_enabled) . '\',
/**
* Return the object type ID with the selected name.
* @param $name (string) Name of the object type.
* @return int.
*/
function F_getObjectTypeID($name)
{
global $l, $db;
require_once '../config/tce_config.php';
$obt_id = 0;
$sql = 'SELECT obt_id FROM ' . K_TABLE_OBJECT_TYPES . ' WHERE obt_name=\'' . F_escape_sql($name) . '\' LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
$obt_id = $m['obt_id'];
}
} else {
F_display_db_error();
}
return $obt_id;
}
/**
* Copy selected question to another topic
* @author Nicola Asuni
* @since 2008-11-26
* @param $question_id (int) question ID
* @param $new_subject_id (int) new subject ID
*/
function F_question_copy($question_id, $new_subject_id)
{
global $l, $db;
require_once '../config/tce_config.php';
$question_id = intval($question_id);
$new_subject_id = intval($new_subject_id);
// check authorization
$sql = 'SELECT subject_module_id FROM ' . K_TABLE_SUBJECTS . ' WHERE subject_id=' . $new_subject_id . ' LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
$subject_module_id = $m['subject_module_id'];
// check user's authorization for parent module
if (!F_isAuthorizedUser(K_TABLE_MODULES, 'module_id', $subject_module_id, 'module_user_id')) {
return;
}
}
} else {
F_display_db_error();
return;
}
$q = F_question_get_data($question_id);
if ($q !== false) {
if (K_DATABASE_TYPE == 'ORACLE') {
$chksql = 'dbms_lob.instr(question_description,\'' . F_escape_sql($db, $q['question_description']) . '\',1,1)>0';
} elseif (K_DATABASE_TYPE == 'MYSQL' and defined('K_MYSQL_QA_BIN_UNIQUITY') and K_MYSQL_QA_BIN_UNIQUITY) {
$chksql = 'question_description=\'' . F_escape_sql($db, $q['question_description']) . '\' COLLATE utf8_bin';
} else {
$chksql = 'question_description=\'' . F_escape_sql($db, $q['question_description']) . '\'';
}
if (F_check_unique(K_TABLE_QUESTIONS, $chksql . ' AND question_subject_id=' . $new_subject_id . '')) {
$sql = 'START TRANSACTION';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
break;
}
// adjust questions ordering
if ($q['question_position'] > 0) {
$sql = 'UPDATE ' . K_TABLE_QUESTIONS . ' SET
question_position=question_position+1
WHERE question_subject_id=' . $new_subject_id . '
AND question_position>=' . $q['question_position'] . '';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
F_db_query('ROLLBACK', $db);
// rollback transaction
}
}
$sql = 'INSERT INTO ' . K_TABLE_QUESTIONS . ' (
question_subject_id,
question_description,
question_explanation,
question_type,
question_difficulty,
question_enabled,
question_position,
question_timer,
question_fullscreen,
question_inline_answers,
question_auto_next
) VALUES (
' . $new_subject_id . ',
\'' . F_escape_sql($db, $q['question_description']) . '\',
\'' . F_escape_sql($db, $q['question_explanation']) . '\',
\'' . $q['question_type'] . '\',
\'' . $q['question_difficulty'] . '\',
\'' . $q['question_enabled'] . '\',
' . F_zero_to_null($q['question_position']) . ',
\'' . $q['question_timer'] . '\',
\'' . $q['question_fullscreen'] . '\',
\'' . $q['question_inline_answers'] . '\',
\'' . $q['question_auto_next'] . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
$new_question_id = F_db_insert_id($db, K_TABLE_QUESTIONS, 'question_id');
}
// copy associated answers
$sql = 'SELECT *
FROM ' . K_TABLE_ANSWERS . '
WHERE answer_question_id=' . $question_id . '';
if ($r = F_db_query($sql, $db)) {
while ($m = F_db_fetch_array($r)) {
$sqli = 'INSERT INTO ' . K_TABLE_ANSWERS . ' (
answer_question_id,
answer_description,
answer_explanation,
answer_isright,
answer_enabled,
answer_position,
answer_keyboard_key
) VALUES (
' . $new_question_id . ',
\'' . F_escape_sql($db, $m['answer_description']) . '\',
\'' . F_escape_sql($db, $m['answer_explanation']) . '\',
\'' . $m['answer_isright'] . '\',
\'' . $m['answer_enabled'] . '\',
' . F_zero_to_null($m['answer_position']) . ',
' . F_empty_to_null($m['answer_keyboard_key']) . '
)';
if (!($ri = F_db_query($sqli, $db))) {
F_display_db_error(false);
F_db_query('ROLLBACK', $db);
// rollback transaction
}
}
} else {
F_display_db_error();
}
$sql = 'COMMIT';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
break;
}
}
}
}
/**
* Deletes the specific session.
* @param $key (string) session ID of session to destroy.
* @return resource database query result.
*/
function F_session_destroy($key)
{
global $db;
$key = F_escape_sql($key);
$sql = 'DELETE FROM ' . K_TABLE_SESSIONS . ' WHERE cpsession_id=\'' . $key . '\'';
return F_db_query($sql, $db);
}
// get object ID
$object_id = intval(substr($k, 3));
// delete previous value
$sql = 'DELETE FROM ' . K_TABLE_ATTRIBUTE_VALUES . ' WHERE atv_obj_id=' . $object_id . ' AND atv_atb_id=' . $atb_id . '';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
}
if (strlen($atb_value) > 0) {
$sql = 'INSERT INTO ' . K_TABLE_ATTRIBUTE_VALUES . ' (
atv_obj_id,
atv_atb_id,
atv_value
) VALUES (
' . $object_id . ',
' . $atb_id . ',
\'' . F_escape_sql($atb_value) . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
}
}
}
}
F_print_error('MESSAGE', $l['m_updated']);
break;
default:
break;
}
//end of switch
// -----------------------------------------------------------------------------
echo '<div class="container">' . K_NEWLINE;
/**
* Return the user ID from registration number.
* @param $regnumber (int) user registration number.
* @return (int) User ID or 0 in case of error.
* @since 11.3.005 (2012-07-31)
*/
function F_getUIDfromRegnum($regnum)
{
global $l, $db;
require_once '../config/tce_config.php';
$sql = 'SELECT user_id FROM ' . K_TABLE_USERS . ' WHERE user_regnumber=\'' . F_escape_sql($db, $regnum) . '\' LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
return $m['user_id'];
}
}
return 0;
}
/**
* Sets the end element handler function for the XML parser parser.end_element_handler.
* @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler.
* @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters.
* @private
*/
private function endElementHandler($parser, $name)
{
global $l, $db;
require_once '../config/tce_config.php';
$name = strtolower($name);
switch ($name) {
case 'module':
$this->addModule();
$this->level = '';
break;
case 'subject':
$this->addSubject();
$this->level = 'module';
break;
case 'question':
$this->addQuestion();
$this->level = 'subject';
break;
case 'answer':
$this->addAnswer();
$this->level = 'question';
break;
default:
$elname = $this->level . '_' . $name;
if ($this->current_element == $elname) {
// convert XML special chars
$this->level_data[$this->level][$this->current_element] = F_xml_to_text(utrim($this->current_data));
if ($this->current_element == 'question_description' or $this->current_element == 'answer_description') {
// normalize UTF-8 string based on settings
$this->level_data[$this->level][$this->current_element] = F_utf8_normalizer($this->level_data[$this->level][$this->current_element], K_UTF8_NORMALIZATION_MODE);
}
// escape for SQL
$this->level_data[$this->level][$this->current_element] = F_escape_sql($db, $this->level_data[$this->level][$this->current_element], false);
}
break;
}
}
/**
* Export user results in XML format.
* @param $user_id (int) user ID - if greater than zero, filter stats for the specified user.
* @param $startdate (string) start date ID - if greater than zero, filter stats for the specified starting date
* @param $enddate (string) end date ID - if greater than zero, filter stats for the specified ending date
* @param $order_field (string) Ordering fields for SQL query.
* @author Nicola Asuni
* @return XML data
*/
function F_xml_export_user_results($user_id, $startdate, $enddate, $order_field)
{
global $l, $db;
require_once '../config/tce_config.php';
// define symbols for answers list
$qtype = array('S', 'M', 'T', 'O');
// question types
$type = array('single', 'multiple', 'text', 'ordering');
$boolean = array('false', 'true');
$xml = '';
// XML data to be returned
$xml .= '<' . '?xml version="1.0" encoding="UTF-8" ?' . '>' . K_NEWLINE;
$xml .= '<tcexamuserresults version="' . K_TCEXAM_VERSION . '">' . K_NEWLINE;
$xml .= K_TAB . '<header';
$xml .= ' lang="' . K_USER_LANG . '"';
$xml .= ' date="' . date(K_TIMESTAMP_FORMAT) . '">' . K_NEWLINE;
$xml .= K_TAB . K_TAB . '<user_id>' . $user_id . '</user_id>' . K_NEWLINE;
$sql = 'SELECT user_name, user_lastname, user_firstname FROM ' . K_TABLE_USERS . ' WHERE user_id=' . $user_id . '';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
$xml .= K_TAB . K_TAB . '<user_name>' . $m['user_name'] . '</user_name>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . '<user_lastname>' . $m['user_lastname'] . '</user_lastname>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . '<user_firstname>' . $m['user_firstname'] . '</user_firstname>' . K_NEWLINE;
}
} else {
F_display_db_error();
}
$xml .= K_TAB . K_TAB . '<date_from>' . $startdate . '</date_from>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . '<date_to>' . $enddate . '</date_to>' . K_NEWLINE;
$xml .= K_TAB . '</header>' . K_NEWLINE;
$xml .= K_TAB . '<body>' . K_NEWLINE;
$statsdata = array();
$statsdata['score'] = array();
$statsdata['right'] = array();
$statsdata['wrong'] = array();
$statsdata['unanswered'] = array();
$statsdata['undisplayed'] = array();
$statsdata['unrated'] = array();
$sql = 'SELECT
testuser_id,
test_id,
test_name,
testuser_creation_time,
testuser_status,
SUM(testlog_score) AS total_score,
MAX(testlog_change_time) AS testuser_end_time
FROM ' . K_TABLE_TESTS_LOGS . ', ' . K_TABLE_TEST_USER . ', ' . K_TABLE_TESTS . '
WHERE testuser_status>0
AND testuser_creation_time>=\'' . F_escape_sql($db, $startdate) . '\'
AND testuser_creation_time<=\'' . F_escape_sql($db, $enddate) . '\'
AND testuser_user_id=' . $user_id . '
AND testlog_testuser_id=testuser_id
AND testuser_test_id=test_id';
if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
$sql .= ' AND test_user_id IN (' . F_getAuthorizedUsers($_SESSION['session_user_id']) . ')';
}
$sql .= ' GROUP BY testuser_id, test_id, test_name, testuser_creation_time, testuser_status ORDER BY ' . F_escape_sql($db, $order_field) . '';
if ($r = F_db_query($sql, $db)) {
$passed = 0;
while ($m = F_db_fetch_array($r)) {
$testuser_id = $m['testuser_id'];
$usrtestdata = F_getUserTestStat($m['test_id'], $user_id);
$halfscore = $usrtestdata['max_score'] / 2;
$xml .= K_TAB . K_TAB . '<test id=\'' . $m['test_id'] . '\'>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<start_time>' . $m['testuser_creation_time'] . '</start_time>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<end_time>' . $m['testuser_end_time'] . '</end_time>' . K_NEWLINE;
$time_diff = strtotime($m['testuser_end_time']) - strtotime($m['testuser_creation_time']);
//sec
$time_diff = gmdate('H:i:s', $time_diff);
$xml .= K_TAB . K_TAB . K_TAB . '<time>' . $time_diff . '</time>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<name>' . F_text_to_xml($m['test_name']) . '</name>' . K_NEWLINE;
if ($usrtestdata['score_threshold'] > 0) {
if ($usrtestdata['score'] >= $usrtestdata['score_threshold']) {
$xml .= K_TAB . K_TAB . K_TAB . '<passed>true</passed>' . K_NEWLINE;
$passed++;
} else {
$xml .= K_TAB . K_TAB . K_TAB . '<passed>false</passed>' . K_NEWLINE;
}
} elseif ($usrtestdata['score'] > $halfscore) {
$passed++;
}
$xml .= K_TAB . K_TAB . K_TAB . '<score>' . round($m['total_score'], 3) . '</score>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<score_percent>' . round(100 * $usrtestdata['score'] / $usrtestdata['max_score']) . '</score_percent>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<right>' . $usrtestdata['right'] . '</right>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<right_percent>' . round(100 * $usrtestdata['right'] / $usrtestdata['all']) . '</right_percent>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<wrong>' . $usrtestdata['wrong'] . '</wrong>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<wrong_percent>' . round(100 * $usrtestdata['wrong'] / $usrtestdata['all']) . '</wrong_percent>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<unanswered>' . $usrtestdata['unanswered'] . '</unanswered>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<unanswered_percent>' . round(100 * $usrtestdata['unanswered'] / $usrtestdata['all']) . '</unanswered_percent>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<undisplayed>' . $usrtestdata['undisplayed'] . '</undisplayed>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<undisplayed_percent>' . round(100 * $usrtestdata['undisplayed'] / $usrtestdata['all']) . '</undisplayed_percent>' . K_NEWLINE;
if ($m['testuser_status'] == 4) {
$status = $l['w_locked'];
} else {
$status = $l['w_unlocked'];
}
$xml .= K_TAB . K_TAB . K_TAB . '<status>' . $status . '</status>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<comment>' . F_text_to_xml($usrtestdata['comment']) . '</comment>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . '</test>' . K_NEWLINE;
// collects data for descriptive statistics
$statsdata['score'][] = $m['total_score'] / $usrtestdata['max_score'];
$statsdata['right'][] = $usrtestdata['right'] / $usrtestdata['all'];
$statsdata['wrong'][] = $usrtestdata['wrong'] / $usrtestdata['all'];
$statsdata['unanswered'][] = $usrtestdata['unanswered'] / $usrtestdata['all'];
$statsdata['undisplayed'][] = $usrtestdata['undisplayed'] / $usrtestdata['all'];
$statsdata['unrated'][] = $usrtestdata['unrated'] / $usrtestdata['all'];
}
} else {
F_display_db_error();
}
// calculate statistics
$stats = F_getArrayStatistics($statsdata);
$excludestat = array('sum', 'variance');
$calcpercent = array('mean', 'median', 'mode', 'minimum', 'maximum', 'range', 'standard_deviation');
$xml .= K_TAB . K_TAB . '<teststatistics>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . '<passed>' . $passed . '</passed>' . K_NEWLINE;
$passed_perc = 0;
if ($itemcount > 0) {
$passed_perc = $passed / $stats['number']['score'];
}
$xml .= K_TAB . K_TAB . K_TAB . '<passed_percent>' . round(100 * $passed_perc) . '</passed_percent>' . K_NEWLINE;
foreach ($stats as $row => $columns) {
if (!in_array($row, $excludestat)) {
$xml .= K_TAB . K_TAB . K_TAB . '<' . $row . '>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<score>' . round($columns['score'], 3) . '</score>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<right>' . round($columns['right'], 3) . '</right>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<wrong>' . round($columns['wrong'], 3) . '</wrong>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<unanswered>' . round($columns['unanswered'], 3) . '</unanswered>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<undisplayed>' . round($columns['undisplayed'], 3) . '</undisplayed>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<unrated>' . round($columns['unrated'], 3) . '</unrated>' . K_NEWLINE;
if (in_array($row, $calcpercent)) {
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<score_percent>' . round(100 * ($columns['score'] / $usrtestdata['max_score'])) . '</score_percent>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<right_percent>' . round(100 * ($columns['right'] / $usrtestdata['all'])) . '</right_percent>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<wrong_percent>' . round(100 * ($columns['wrong'] / $usrtestdata['all'])) . '</wrong_percent>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<unanswered_percent>' . round(100 * ($columns['unanswered'] / $usrtestdata['all'])) . '</unanswered_percent>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<undisplayed_percent>' . round(100 * ($columns['undisplayed'] / $usrtestdata['all'])) . '</undisplayed_percent>' . K_NEWLINE;
$xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<unrated_percent>' . round(100 * ($columns['unrated'] / $usrtestdata['all'])) . '</unrated_percent>' . K_NEWLINE;
}
$xml .= K_TAB . K_TAB . K_TAB . '</' . $row . '>' . K_NEWLINE;
}
}
$xml .= K_TAB . K_TAB . '</teststatistics>' . K_NEWLINE;
$xml .= K_TAB . '</body>' . K_NEWLINE;
$xml .= '</tcexamuserresults>' . K_NEWLINE;
return $xml;
}
break;
case 'add':
// Add user
if ($formstatus = F_check_form_fields()) {
// check submitted form fields
// check if name is unique
if (!F_check_unique(K_TABLE_GROUPS, 'group_name=\'' . F_escape_sql($group_name) . '\'')) {
F_print_error('WARNING', $l['m_duplicate_name']);
$formstatus = FALSE;
F_stripslashes_formfields();
break;
}
$sql = 'INSERT INTO ' . K_TABLE_GROUPS . ' (
group_name
) VALUES (
\'' . F_escape_sql($group_name) . '\')';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
$group_id = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id');
}
// add current user to the new group
$sql = 'INSERT INTO ' . K_TABLE_USERGROUP . ' (
usrgrp_user_id,
usrgrp_group_id
) VALUES (
\'' . $_SESSION['session_user_id'] . '\',
\'' . $group_id . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
F_print_error('WARNING', $l['m_duplicate_name']);
$formstatus = FALSE;
F_stripslashes_formfields();
break;
}
if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
$module_user_id = intval($module_user_id);
} else {
$module_user_id = intval($_SESSION['session_user_id']);
}
$sql = 'INSERT INTO ' . K_TABLE_MODULES . ' (
module_name,
module_enabled,
module_user_id
) VALUES (
\'' . F_escape_sql($module_name) . '\',
\'' . $module_enabled . '\',
\'' . $module_user_id . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
$module_id = F_db_insert_id($db, K_TABLE_MODULES, 'module_id');
}
}
break;
case 'clear':
// Clear form fields
$module_name = '';
$module_enabled = true;
$module_user_id = intval($_SESSION['session_user_id']);
if ($formstatus = F_check_form_fields()) {
// check submitted form fields
// check if name is unique
if (!F_check_unique(K_TABLE_OBJECT_TYPES, 'obt_name=\'' . F_escape_sql($obt_name) . '\'')) {
F_print_error('WARNING', $l['m_duplicate_name']);
$formstatus = FALSE;
F_stripslashes_formfields();
break;
}
$sql = 'INSERT INTO ' . K_TABLE_OBJECT_TYPES . ' (
obt_name,
obt_description,
obt_color,
obt_virtual
) VALUES (
\'' . F_escape_sql($obt_name) . '\',
' . F_empty_to_null($obt_description) . ',
' . F_empty_to_null($obt_color) . ',
\'' . $obt_virtual . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
$obt_id = F_db_insert_id($db, K_TABLE_OBJECT_TYPES, 'obt_id');
}
// add attribute
if (!empty($object_attributes)) {
foreach ($object_attributes as $atb_id) {
$sql = 'INSERT INTO ' . K_TABLE_OBJECT_ATTRIBUTES_MAP . ' (
oam_obt_id,
oam_atb_id
/**
* Updates user's test comment.<br>
* @param $test_id (int) test ID
* @param $testcomment (string) user comment.
* @return string XHTML code
* @since 4.0.000 (2006-10-01)
*/
function F_updateTestComment($test_id, $testcomment)
{
require_once '../config/tce_config.php';
global $db, $l;
$test_id = intval($test_id);
$testcomment = F_escape_sql($testcomment);
$user_id = intval($_SESSION['session_user_id']);
$sql = 'UPDATE ' . K_TABLE_TEST_USER . '
SET testuser_comment=\'' . $testcomment . '\'
WHERE testuser_test_id=' . $test_id . '
AND testuser_user_id=' . $user_id . '';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error();
}
}
user_password,
user_regnumber,
user_firstname,
user_lastname,
user_birthdate,
user_birthplace,
user_ssn,
user_level,
user_verifycode,
user_otpkey
) VALUES (
\'' . F_escape_sql($db, $user_regdate) . '\',
\'' . F_escape_sql($db, $user_ip) . '\',
\'' . F_escape_sql($db, $user_name) . '\',
' . F_empty_to_null($user_email) . ',
\'' . F_escape_sql($db, $user_password) . '\',
' . F_empty_to_null($user_regnumber) . ',
' . F_empty_to_null($user_firstname) . ',
' . F_empty_to_null($user_lastname) . ',
' . F_empty_to_null($user_birthdate) . ',
' . F_empty_to_null($user_birthplace) . ',
' . F_empty_to_null($user_ssn) . ',
\'' . $usrlevel . '\',
\'' . $user_verifycode . '\',
' . F_empty_to_null($user_otpkey) . '
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
$user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id');
}
}
$sql = 'INSERT INTO ' . K_TABLE_QUESTIONS . ' (
question_subject_id,
question_description,
question_explanation,
question_type,
question_difficulty,
question_enabled,
question_position,
question_timer,
question_fullscreen,
question_inline_answers,
question_auto_next
) VALUES (
' . $question_subject_id . ',
\'' . F_escape_sql($question_description) . '\',
' . F_empty_to_null($question_explanation) . ',
\'' . $question_type . '\',
\'' . $question_difficulty . '\',
\'' . $question_enabled . '\',
' . F_zero_to_null($question_position) . ',
\'' . $question_timer . '\',
\'' . $question_fullscreen . '\',
\'' . $question_inline_answers . '\',
\'' . $question_auto_next . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
$question_id = F_db_insert_id($db, K_TABLE_QUESTIONS, 'question_id');
}
/**
* Returns true if the current user is authorized to update and delete the selected database record.
* @author Nicola Asuni
* @since 2006-03-11
* @param $table (string) table to be modified
* @param $field_id_name (string) name of the main ID field of the table
* @param $value_id (int) value of the ID field of the table
* @param $field_user_id (string) name of the foreign key to to user_id
* @return boolean true if the user is authorized, false otherwise
*/
function F_isAuthorizedUser($table, $field_id_name, $value_id, $field_user_id)
{
global $l, $db;
require_once '../config/tce_config.php';
$table = F_escape_sql($table);
$field_id_name = F_escape_sql($field_id_name);
$value_id = intval($value_id);
$field_user_id = F_escape_sql($field_user_id);
$user_id = intval($_SESSION['session_user_id']);
// check for administrator
if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
return true;
}
// check for original author
if (F_count_rows($table . ' WHERE ' . $field_id_name . '=' . $value_id . ' AND ' . $field_user_id . '=' . $user_id . ' LIMIT 1') > 0) {
return true;
}
// check for author's groups
// get author ID
$author_id = 0;
$sql = 'SELECT ' . $field_user_id . ' FROM ' . $table . ' WHERE ' . $field_id_name . '=' . $value_id . ' LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
$author_id = $m[0];
}
} else {
F_display_db_error();
}
if ($author_id > 1 and F_count_rows(K_TABLE_USERGROUP . ' AS ta, ' . K_TABLE_USERGROUP . ' AS tb
WHERE ta.usrgrp_group_id=tb.usrgrp_group_id
AND ta.usrgrp_user_id=' . $author_id . '
AND tb.usrgrp_user_id=' . $user_id . '
LIMIT 1') > 0) {
return true;
}
return false;
}
\'' . getPasswordHash($_POST['xuser_password']) . '\',
' . F_empty_to_null($altusr['user_regnumber']) . ',
' . F_empty_to_null($altusr['user_firstname']) . ',
' . F_empty_to_null($altusr['user_lastname']) . ',
' . F_empty_to_null($altusr['user_birthdate']) . ',
' . F_empty_to_null($altusr['user_birthplace']) . ',
' . F_empty_to_null($altusr['user_ssn']) . ',
\'' . intval($altusr['user_level']) . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error();
} else {
$user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id');
// sets some user's session data
$_SESSION['session_user_id'] = $user_id;
$_SESSION['session_user_name'] = F_escape_sql($db, $_POST['xuser_name']);
$_SESSION['session_user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
$_SESSION['session_user_level'] = intval($altusr['user_level']);
$_SESSION['session_user_firstname'] = urlencode($altusr['user_firstname']);
$_SESSION['session_user_lastname'] = urlencode($altusr['user_lastname']);
$_SESSION['session_last_visit'] = 0;
$_SESSION['session_test_login'] = '';
$logged = true;
// sync user groups
F_syncUserGroups($_SESSION['session_user_id'], $altusr['usrgrp_group_id']);
}
} else {
$login_error = true;
}
}
} else {
header('Location: ' . K_PATH_HOST . K_PATH_TCEXAM);
exit;
}
$email = $_REQUEST['a'];
$verifycode = $_REQUEST['b'];
$userid = intval($_REQUEST['c']);
$pagelevel = 0;
require_once '../../shared/code/tce_authorization.php';
$thispage_title = $l['t_user_registration'];
$thispage_description = '';
require_once '../code/tce_page_header.php';
$sql = 'SELECT *
FROM ' . K_TABLE_USERS . '
WHERE (user_verifycode=\'' . F_escape_sql($verifycode) . '\'
AND user_id=\'' . $userid . '\'
AND user_email=\'' . F_escape_sql($email) . '\')
LIMIT 1';
if ($r = F_db_query($sql, $db)) {
if ($m = F_db_fetch_array($r)) {
// update user level
$sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET
user_level=\'1\',
user_verifycode=NULL
WHERE user_id=' . $userid . '';
if (!($ru = F_db_query($sqlu, $db))) {
F_display_db_error(false);
} else {
F_print_error('MESSAGE', $l['m_user_registration_ok']);
echo K_NEWLINE;
echo '<div class="container">' . K_NEWLINE;
if (K_OTP_LOGIN) {
if ($formstatus = F_check_form_fields()) {
// check password
if (!empty($user_email) or !empty($user_email_repeat)) {
if ($user_email != $user_email_repeat) {
//print message and exit
F_print_error('WARNING', $l['m_different_emails']);
$formstatus = FALSE;
F_stripslashes_formfields();
break;
}
}
mt_srand((double) microtime() * 1000000);
$user_verifycode = md5(uniqid(mt_rand(), true));
// verification code
$sql = 'UPDATE ' . K_TABLE_USERS . ' SET
user_email=\'' . F_escape_sql($user_email) . '\',
user_level=\'0\',
user_verifycode=\'' . $user_verifycode . '\'
WHERE user_id=' . $user_id . ' AND user_password=\'' . getPasswordHash($currentpassword) . '\'';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
F_print_error('MESSAGE', $l['m_email_updated']);
// require email confirmation
require_once '../../shared/code/tce_functions_user_registration.php';
F_send_user_reg_email($user_id, $user_email, $user_verifycode);
F_print_error('MESSAGE', $user_email . ': ' . $l['m_user_verification_sent']);
echo '<div class="container">' . K_NEWLINE;
echo '<strong><a href="index.php" title="' . $l['h_index'] . '">' . $l['h_index'] . ' ></a></strong>' . K_NEWLINE;
echo '</div>' . K_NEWLINE;
require_once 'tce_page_footer.php';
/**
* Sets the end element handler function for the XML parser parser.end_element_handler.
* @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler.
* @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters.
* @private
*/
private function endElementHandler($parser, $name)
{
global $l, $db;
require_once '../config/tce_config.php';
$name = strtolower($name);
switch ($name) {
case 'module':
$this->addModule();
$this->level = '';
break;
case 'subject':
$this->addSubject();
$this->level = 'module';
break;
case 'question':
$this->addQuestion();
$this->level = 'subject';
break;
case 'answer':
$this->addAnswer();
$this->level = 'question';
break;
default:
$elname = $this->level . '_' . $name;
if ($this->current_element == $elname) {
$this->level_data[$this->level][$this->current_element] = F_escape_sql(F_xml_to_text(utrim($this->current_data)), false);
}
break;
}
}
// Add
if ($formstatus = F_check_form_fields()) {
// check submitted form fields
// check if name is unique
if (!F_check_unique(K_TABLE_TEMPLATES, 'tmp_name=\'' . F_escape_sql($tmp_name) . '\'')) {
F_print_error('WARNING', $l['m_duplicate_name']);
$formstatus = FALSE;
F_stripslashes_formfields();
break;
}
$sql = 'INSERT INTO ' . K_TABLE_TEMPLATES . ' (
tmp_name,
tmp_template
) VALUES (
\'' . F_escape_sql($tmp_name) . '\',
\'' . F_escape_sql($tmp_template) . '\'
)';
if (!($r = F_db_query($sql, $db))) {
F_display_db_error(false);
} else {
$tmp_id = F_db_insert_id($db, K_TABLE_TEMPLATES, 'tmp_id');
}
}
break;
case 'clear':
// Clear form fields
$tmp_name = '';
$tmp_template = '';
break;
default:
break;
