/** * Sets the end element handler function for the XML parser parser.end_element_handler. * @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler. * @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters. * @private */ private function endElementHandler($parser, $name) { global $l, $db; require_once '../config/tce_config.php'; $name = strtolower($name); switch ($name) { case 'module': $this->addModule(); $this->level = ''; break; case 'subject': $this->addSubject(); $this->level = 'module'; break; case 'question': $this->addQuestion(); $this->level = 'subject'; break; case 'answer': $this->addAnswer(); $this->level = 'question'; break; default: $elname = $this->level . '_' . $name; if ($this->current_element == $elname) { // convert XML special chars $this->level_data[$this->level][$this->current_element] = F_xml_to_text(utrim($this->current_data)); if ($this->current_element == 'question_description' or $this->current_element == 'answer_description') { // normalize UTF-8 string based on settings $this->level_data[$this->level][$this->current_element] = F_utf8_normalizer($this->level_data[$this->level][$this->current_element], K_UTF8_NORMALIZATION_MODE); } // escape for SQL $this->level_data[$this->level][$this->current_element] = F_escape_sql($db, $this->level_data[$this->level][$this->current_element], false); } break; } }
/** * Sets the end element handler function for the XML parser parser.end_element_handler. * @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler. * @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters. * @private */ private function endElementHandler($parser, $name) { global $l, $db; require_once '../config/tce_config.php'; $name = strtolower($name); switch ($name) { case 'module': $this->addModule(); $this->level = ''; break; case 'subject': $this->addSubject(); $this->level = 'module'; break; case 'question': $this->addQuestion(); $this->level = 'subject'; break; case 'answer': $this->addAnswer(); $this->level = 'question'; break; default: $elname = $this->level . '_' . $name; if ($this->current_element == $elname) { $this->level_data[$this->level][$this->current_element] = F_escape_sql(F_xml_to_text(utrim($this->current_data)), false); } break; } }
/** * Sets the end element handler function for the XML parser parser.end_element_handler. * @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler. * @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters. * @private */ private function endElementHandler($parser, $name) { global $l, $db; require_once '../config/tce_config.php'; require_once 'tce_functions_user_select.php'; switch (strtolower($name)) { case 'name': case 'password': case 'email': case 'regdate': case 'ip': case 'firstname': case 'lastname': case 'birthdate': case 'birthplace': case 'regnumber': case 'ssn': case 'level': case 'verifycode': $this->current_data = F_escape_sql(F_xml_to_text($this->current_data)); $this->user_data[$this->current_element] = $this->current_data; $this->current_element = ''; $this->current_data = ''; break; case 'group': $group_name = F_escape_sql(F_xml_to_text($this->current_data)); // check if group already exist $sql = 'SELECT group_id FROM ' . K_TABLE_GROUPS . ' WHERE group_name=\'' . $group_name . '\' LIMIT 1'; if ($r = F_db_query($sql, $db)) { if ($m = F_db_fetch_array($r)) { // the group has been already added $this->group_data[] = $m['group_id']; } else { // add new group $sqli = 'INSERT INTO ' . K_TABLE_GROUPS . ' ( group_name ) VALUES ( \'' . $group_name . '\' )'; if (!($ri = F_db_query($sqli, $db))) { F_display_db_error(false); } else { $this->group_data[] = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id'); } } } else { F_display_db_error(); } break; case 'user': // insert users if (!empty($this->user_data['user_name'])) { if (empty($this->user_data['user_regdate'])) { $this->user_data['user_regdate'] = date(K_TIMESTAMP_FORMAT); } if (empty($this->user_data['user_ip'])) { $this->user_data['user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']); } if (!isset($this->user_data['user_level']) or strlen($this->user_data['user_level']) == 0) { $this->user_data['user_level'] = 1; } if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) { // you cannot edit a user with a level equal or higher than yours $this->user_data['user_level'] = min(max(0, $_SESSION['session_user_level'] - 1), $this->user_data['user_level']); // non-administrator can access only to his/her groups if (empty($this->group_data)) { break; } $common_groups = array_intersect(F_get_user_groups($_SESSION['session_user_id']), $this->group_data); if (empty($common_groups)) { break; } } // check if user already exist $sql = 'SELECT user_id,user_level FROM ' . K_TABLE_USERS . ' WHERE user_name=\'' . $this->user_data['user_name'] . '\' OR user_regnumber=\'' . $this->user_data['user_regnumber'] . '\' OR user_ssn=\'' . $this->user_data['user_ssn'] . '\' LIMIT 1'; if ($r = F_db_query($sql, $db)) { if ($m = F_db_fetch_array($r)) { // the user has been already added $user_id = $m['user_id']; if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR or $_SESSION['session_user_level'] > $m['user_level']) { //update user data $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET user_regdate=\'' . $this->user_data['user_regdate'] . '\', user_ip=\'' . $this->user_data['user_ip'] . '\', user_name=\'' . $this->user_data['user_name'] . '\', user_email=' . F_empty_to_null($this->user_data['user_email']) . ','; // update password only if it is specified if (!empty($this->user_data['user_password'])) { $sqlu .= ' user_password=\'' . md5($this->user_data['user_password']) . '\','; } $sqlu .= ' user_regnumber=' . F_empty_to_null($this->user_data['user_regnumber']) . ', user_firstname=' . F_empty_to_null($this->user_data['user_firstname']) . ', user_lastname=' . F_empty_to_null($this->user_data['user_lastname']) . ', user_birthdate=' . F_empty_to_null($this->user_data['user_birthdate']) . ', user_birthplace=' . F_empty_to_null($this->user_data['user_birthplace']) . ', user_ssn=' . F_empty_to_null($this->user_data['user_ssn']) . ', user_level=\'' . $this->user_data['user_level'] . '\', user_verifycode=' . F_empty_to_null($this->user_data['user_verifycode']) . ' WHERE user_id=' . $user_id . ''; if (!($ru = F_db_query($sqlu, $db))) { F_display_db_error(false); return FALSE; } } else { // no user is updated, so empty groups $this->group_data = array(); } } else { // add new user $sqlu = 'INSERT INTO ' . K_TABLE_USERS . ' ( user_regdate, user_ip, user_name, user_email, user_password, user_regnumber, user_firstname, user_lastname, user_birthdate, user_birthplace, user_ssn, user_level, user_verifycode ) VALUES ( ' . F_empty_to_null($this->user_data['user_regdate']) . ', \'' . $this->user_data['user_ip'] . '\', \'' . $this->user_data['user_name'] . '\', ' . F_empty_to_null($this->user_data['user_email']) . ', \'' . md5($this->user_data['user_password']) . '\', ' . F_empty_to_null($this->user_data['user_regnumber']) . ', ' . F_empty_to_null($this->user_data['user_firstname']) . ', ' . F_empty_to_null($this->user_data['user_lastname']) . ', ' . F_empty_to_null($this->user_data['user_birthdate']) . ', ' . F_empty_to_null($this->user_data['user_birthplace']) . ', ' . F_empty_to_null($this->user_data['user_ssn']) . ', \'' . $this->user_data['user_level'] . '\', ' . F_empty_to_null($this->user_data['user_verifycode']) . ' )'; if (!($ru = F_db_query($sqlu, $db))) { F_display_db_error(false); return FALSE; } else { $user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id'); } } } else { F_display_db_error(false); return FALSE; } // user's groups if (!empty($this->group_data)) { while (list($key, $group_id) = each($this->group_data)) { // check if user-group already exist $sqls = 'SELECT * FROM ' . K_TABLE_USERGROUP . ' WHERE usrgrp_group_id=\'' . $group_id . '\' AND usrgrp_user_id=\'' . $user_id . '\' LIMIT 1'; if ($rs = F_db_query($sqls, $db)) { if (!($ms = F_db_fetch_array($rs))) { // associate group to user $sqlg = 'INSERT INTO ' . K_TABLE_USERGROUP . ' ( usrgrp_user_id, usrgrp_group_id ) VALUES ( ' . $user_id . ', ' . $group_id . ' )'; if (!($rg = F_db_query($sqlg, $db))) { F_display_db_error(false); return FALSE; } } } else { F_display_db_error(false); return FALSE; } } } } break; default: break; } }