function delete_course($course, $material) { global $db, $moduleFactory; $delete_groups = FALSE; // whether or not to delete the groups as well $groups = array(); //unset s_cid var if ($material === TRUE) { unset($_SESSION['s_cid']); $delete_groups = TRUE; // get a list of groups in an array to send to module::delete() // get groups $sql = "SELECT G.group_id FROM %sgroups G INNER JOIN %sgroups_types T USING (type_id) WHERE T.course_id=%d"; $group_rows = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $course)); foreach ($group_rows as $group_row) { $groups[] = $group_row['group_id']; } } $module_list = $moduleFactory->getModules(AT_MODULE_STATUS_ENABLED | AT_MODULE_STATUS_DISABLED); $keys = array_keys($module_list); //loop through mods and call delete function foreach ($keys as $module_name) { if ($module_name == '_core/groups') { continue; } if ($module_name == '_core/enrolment') { continue; } $module = $module_list[$module_name]; if ($material === TRUE || isset($material[$module_name])) { $module->delete($course, $groups); ////// Breaks here } } // groups and enrollment must be deleted last because that info is used by other modules if ($material === TRUE || isset($material['_core/groups'])) { $module =& $moduleFactory->getModule('_core/groups'); $module->delete($course, $groups); } if ($material === TRUE || isset($material['_core/enrolment'])) { $module =& $moduleFactory->getModule('_core/enrolment'); $module->delete($course, $groups); } if ($material === TRUE) { // delete actual course $sql = "DELETE FROM %scourses WHERE course_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $course)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'courses', $result, $sqlout); } }
function query($querystring) { // log the query global $config; if ($config['keep_log']) { write_to_log($querystring); } // run the query $result = $this->handle->query(stripslashes(trim($querystring))); if ($result) { $result->setFetchMode(PDO::FETCH_ASSOC); } return $result; }
$msg->addFeedback('CANCELLED'); header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php'); exit; } else { if (isset($_POST['form_basiclti'], $tool)) { if (at_form_validate($blti_admin_form, $msg)) { $sql = "SELECT count(*) cnt FROM " . TABLE_PREFIX . "basiclti_tools WHERE toolid = '" . mysql_real_escape_string($_POST['toolid']) . "' AND id != {$tool};"; $result = mysql_query($sql, $db) or die(mysql_error()); $row = mysql_fetch_assoc($result); if ($row["cnt"] != 0) { $msg->addFeedback('NEED_UNIQUE_TOOLID'); } else { $sql = at_form_update($_POST, $blti_admin_form); $sql = 'UPDATE ' . TABLE_PREFIX . "basiclti_tools SET " . $sql . " WHERE id = {$tool};"; $result = mysql_query($sql, $db) or die(mysql_error()); write_to_log(AT_ADMIN_LOG_INSERT, 'basiclti_create', mysql_affected_rows($db), $sql); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php'); exit; } } } } $sql = "SELECT * FROM " . TABLE_PREFIX . "basiclti_tools WHERE id = " . $tool . ";"; $result = mysql_query($sql, $db) or die(mysql_error()); $toolrow = mysql_fetch_assoc($result); if ($toolrow['id'] != $tool) { $msg->addFeedback('COULD_NOT_LOAD_TOOL'); header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php'); exit; }
$msg->addError(array('EMPTY_FIELDS', _AT('title'))); } $cat_name = validate_length($cat_name, 100); if ($_POST['theme_parent']) { $sql = "SELECT theme FROM %scourse_cats WHERE cat_id=%d"; $rows_cats = queryDB($sql, array(TABLE_PREFIX, $cat_parent_id)); if (count($rows_cats) > 0) { $cat_theme = $row['theme']; } } if (!$msg->containsErrors()) { $sql = "INSERT INTO %scourse_cats VALUES (NULL, '%s', %d, '%s')"; $rows_cats = queryDB($sql, array(TABLE_PREFIX, $cat_name, $cat_parent_id, $cat_theme)); $cat_id = at_insert_id($db); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); write_to_log(AT_ADMIN_LOG_INSERT, 'course_cats', count($rows_cats), $sqlout); header('Location: course_categories.php'); exit; } } else { if (isset($_POST['cancel'])) { $msg->addFeedback('CANCELLED'); header('Location: course_categories.php'); exit; } } /* $categories[category_id] = array(cat_name, cat_parent, num_courses, [array(children)]) */ $categories = get_categories(); require AT_INCLUDE_PATH . 'header.inc.php'; $msg->printAll(); ?>
function ajax_batch_status() { if (!isset($_REQUEST['items']) || empty($_REQUEST['items'])) { $this->ajaxReturn(0, '更新出错,未传入商品ID'); } $type = $_REQUEST['type']; if (!isset($_REQUEST['type']) || !in_array($_REQUEST['type'], array('status', 'desc'))) { $type = 'status'; } $ids = mysql_escape_string($_REQUEST['items']); $items = $this->_mod->where(array('id' => array('in', $ids)))->field('num_iid')->select(); if (!is_array($items)) { $this->ajaxReturn(1); } array_walk($items, create_function('&$v,$k', '$v=$v["num_iid"];')); $items = array_chunk($items, 10); $top = $this->_get_tb_top(); $res = $top->load_api('TaobaokeItemsDetailGetRequest'); switch ($type) { case 'status': $fields = 'num_iid,approve_status'; $res->setFields($fields); $delete_items = ''; foreach ($items as $group) { $res->setNumIids(implode(',', $group)); $resp1 = $top->execute($res); $resp = get_object_vars($resp1->taobaoke_item_details); if (!is_array($resp['taobaoke_item_detail'])) { write_to_log('接口调用失败,淘宝返回:' . var_export($resp1, true)); continue; } foreach ((array) $resp['taobaoke_item_detail'] as $item) { $item = get_object_vars($item->item); if ($item['approve_status'] == 'instock') { $delete_items .= $item['num_iid'] . ','; } } } $delete_items = substr($delete_items, 0, -1); $condition['_logic'] = 'OR'; if ($delete_items) { $condition['num_iid'] = array('in', $delete_items); } $condition['coupon_end_time'] = array('elt', time()); $this->_mod->where($condition)->delete(); break; case 'desc': $fields = 'num_iid,desc'; $res->setFields($fields); foreach ($items as $group) { $res->setNumIids(implode(',', $group)); $resp1 = $top->execute($res); $resp = get_object_vars($resp1->taobaoke_item_details); if (!is_array($resp['taobaoke_item_detail'])) { write_to_log('接口调用失败,淘宝返回:' . var_export($resp1, true)); continue; } foreach ((array) $resp['taobaoke_item_detail'] as $item) { $item = get_object_vars($item->item); $this->_mod->where(array('num_iid' => $item['num_iid']))->save(array('desc' => $item['desc'])); } } break; } $this->ajaxReturn(1); }
header('Location: auto_enroll.php'); exit; } } } else { if (isset($_POST['delete'])) { if (!$_POST['delete_ids']) { $msg->addError('NO_ITEM_SELECTED'); } if (!$msg->containsErrors()) { foreach ($_POST['delete_ids'] as $elem) { $sql = "DELETE FROM %sauto_enroll_courses WHERE auto_enroll_courses_id = %d"; $rows_deleted = queryDB($sql, array(TABLE_PREFIX, $elem)); } $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); write_to_log(AT_ADMIN_LOG_DELETE, 'auto_enroll_courses', $rows_deleted, $sqlout); } } else { if (isset($_POST['cancel'])) { $msg->addFeedback('CANCELLED'); header('Location: auto_enroll.php'); exit; } } } /* $categories[category_id] = array(cat_name, cat_parent, num_courses, [array(children)]) */ require AT_INCLUDE_PATH . 'header.inc.php'; $msg->printAll(); // existing auto enrollment if ($auto_enroll_id > 0) { $sql = "SELECT * FROM %sauto_enroll\n\t WHERE auto_enroll_id = %d";
header('Location: bounce.php?course=' . $_POST['form_course_id']); exit; } } else { // check if it's an admin login. $rows = queryDB("SELECT login, `privileges`, language FROM %sadmins WHERE login='******' AND SHA1(CONCAT(password, '%s'))='%s' AND `privileges`>0", array(TABLE_PREFIX, $this_login, $_SESSION['token'], $this_password)); if ($row = $rows[0]) { $sql = "UPDATE %sadmins SET last_login=NOW() WHERE login='******'"; $num_login = queryDB($sql, array(TABLE_PREFIX, $this_login)); $_SESSION['login'] = $row['login']; $_SESSION['valid_user'] = true; $_SESSION['course_id'] = -1; $_SESSION['privileges'] = intval($row['privileges']); $_SESSION['lang'] = $row['language']; $sql = "UPDATE " . TABLE_PREFIX . "admins SET last_login=NOW() WHERE login='******'"; write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', $num_login, $sql); //clear login attempt on successful login queryDB("DELETE FROM %smember_login_attempt WHERE login='******'", array(TABLE_PREFIX, $this_login)); $msg->addFeedback('LOGIN_SUCCESS'); header('Location: admin/index.php'); exit; } else { $expiry_stmt = ''; $attempt_login++; if ($attempt_expiry == 0) { $expiry = time() + LOGIN_ATTEMPT_LOCKED_TIME * 60; //an hour from now } else { $expiry = $attempt_expiry; } queryDB("REPLACE INTO %smember_login_attempt SET attempt='%s', expiry='%s', login='******'", array(TABLE_PREFIX, $attempt_login, $expiry, $this_login));
admin_authenticate(AT_ADMIN_PRIV_CATEGORIES); if (isset($_POST['submit_no'])) { $msg->addFeedback('CANCELLED'); header('Location: course_categories.php'); exit; } else { if (isset($_POST['submit_yes'])) { /* delete has been confirmed, delete this category */ $cat_id = intval($_POST['cat_id']); if (!is_array($categories[$cat_id]['children'])) { $sql = "DELETE FROM " . TABLE_PREFIX . "course_cats WHERE cat_id={$cat_id}"; $result = mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'course_cats', mysql_affected_rows($db), $sql); $sql = "UPDATE " . TABLE_PREFIX . "courses SET cat_id=0 WHERE cat_id={$cat_id}"; $result = mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'courses', mysql_affected_rows($db), $sql); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: course_categories.php'); exit; } } } require AT_INCLUDE_PATH . 'header.inc.php'; $_GET['cat_id'] = intval($_GET['cat_id']); $sql = "SELECT * FROM " . TABLE_PREFIX . "course_cats WHERE cat_id={$_GET['cat_id']}"; $result = mysql_query($sql, $db); if (mysql_num_rows($result) == 0) { $msg->printErrors('ITEM_NOT_FOUND'); } else { $row = mysql_fetch_assoc($result); $hidden_vars['cat_name'] = $row['cat_name'];
echo '<div style="padding-left: 30px;"><pre>'; echo "cpID\torder\t cID"; $sql = "SELECT content_id, content_parent_id, ordering, course_id FROM " . TABLE_PREFIX . "content ORDER BY course_id, content_parent_id, ordering"; $result = mysql_query($sql, $db); while ($row = mysql_fetch_assoc($result)) { if ($current_course_id != $row['course_id']) { echo "\n\n-- course id {$row['course_id']}\n\n"; $current_course_id = $row['course_id']; unset($current_parent_id); unset($ordering); } echo $row['content_parent_id'] . "\t" . $row['ordering'] . "\t" . $row['content_id']; if ($current_parent_id != $row['content_parent_id']) { $current_parent_id = $row['content_parent_id']; $ordering = 1; } if ($row['ordering'] != $ordering) { echo "\t mismatch : expecting {$ordering} [fixed]"; $sql = "UPDATE " . TABLE_PREFIX . "content SET ordering={$ordering} WHERE content_id={$row['content_id']}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_UPDATE, 'content', mysql_affected_rows($db), $sql); } echo "\n"; $ordering++; } $savant->assign('ordering', $ordering); $savant->assign('content_id', $content_id); $savant->assign('content_parent_id', $content_parent_id); echo ' </pre></div>'; $savant->display('admin/fix_content.tmpl.php'); require AT_INCLUDE_PATH . 'footer.inc.php';
} else { if (isset($_POST['submit_yes'])) { /* delete has been confirmed, delete this category */ $myown_patch_id = intval($_POST['myown_patch_id']); $sql = "DELETE FROM %smyown_patches WHERE myown_patch_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $myown_patch_id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches', $result, $sqlout); $sql = "DELETE FROM %smyown_patches_dependent WHERE myown_patch_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $myown_patch_id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches_dependent', $result, $sqlout); $sql = "DELETE FROM %smyown_patches_files WHERE myown_patch_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $myown_patch_id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches_files', $result, $sqlout); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: myown_patches.php'); exit; } } require AT_INCLUDE_PATH . 'header.inc.php'; $_GET['myown_patch_id'] = intval($_GET['myown_patch_id']); $sql = "SELECT myown_patch_id, atutor_patch_id FROM %smyown_patches m WHERE m.myown_patch_id=%d"; $row = queryDB($sql, array(TABLE_PREFIX, $_GET['myown_patch_id']), TRUE); if (count($row) == 0) { $msg->printErrors('ITEM_NOT_FOUND'); } else { $hidden_vars['atutor_patch_id'] = $row['atutor_patch_id']; $hidden_vars['myown_patch_id'] = $row['myown_patch_id']; $confirm = array('DELETE_MYOWN_PATCH', $row['atutor_patch_id']);
function delete_user($id) { global $db, $msg; //make sure not instructor of a course $sql = "SELECT course_id FROM %scourses WHERE member_id=%d"; $row_instructor = queryDB($sql, array(TABLE_PREFIX, $id), TRUE); // WHAT'S THE PURPOSE OF THIS CONDITION? if (count($row_instructor) > 0) { /*$msg->addError('NODELETE_USER'); header('Location: '.AT_BASE_HREF.'users.php'); exit;*/ return; } $sql = "DELETE FROM %scourse_enrollment WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout); $sql = "DELETE FROM %sforums_accessed WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'forums_accessed', $result, $sqlout); $sql = "DELETE FROM %sforums_subscriptions WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'forums_subscriptions', $result, $sqlout); /****/ /* delete forum threads block: */ /* delete the thread replies: */ $sql = "SELECT COUNT(*) AS cnt, parent_id, forum_id FROM %sforums_threads WHERE member_id=%d AND parent_id<>0 GROUP BY parent_id"; $rows_threads = queryDB($sql, array(TABLE_PREFIX, $id)); foreach ($rows_threads as $row) { /* update the forum posts counter */ $sql = "UPDATE %sforums SET num_posts=num_posts - %d, last_post=last_post WHERE forum_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $row['cnt'], $row['forum_id'])); global $sqlout; write_to_log(AT_ADMIN_LOG_UPDATE, 'forums', $result, $sqlout); /* update the topics reply counter */ $sql = "UPDATE %sforums_threads SET num_comments=num_comments-%d, last_comment=last_comment, date=date WHERE post_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $row['cnt'], $row['parent_id'])); global $sqlout; write_to_log(AT_ADMIN_LOG_UPDATE, 'forums_threads', $result, $sqlout); } /* delete threads this member started: */ $sql = "SELECT post_id, forum_id, num_comments FROM %sforums_threads WHERE member_id=%d AND parent_id=0"; $rows_posts = queryDB($sql, array(TABLE_PREFIX, $id)); foreach ($rows_posts as $row) { /* update the forum posts and topics counters */ $num_posts = $row['num_comments'] + 1; $sql = "UPDATE %sforums SET num_topics=num_topics-1, num_posts=num_posts - %d, last_post=last_post WHERE forum_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $num_posts, $row['forum_id'])); global $sqlout; write_to_log(AT_ADMIN_LOG_UPDATE, 'forums', $result, $sqlout); /* delete the replies */ $sql = "DELETE FROM %sforums_threads WHERE parent_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $row['post_id'])); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'forums_threads', $result, $sqlout); } /* delete the actual threads */ $sql = "DELETE FROM %sforums_threads WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'forums_threads', $result, $sqlout); /* end delete forum threads block. */ /****/ $sql = "DELETE FROM %sinstructor_approvals WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'instructor_approvals', $result, $sqlout); $sql = "DELETE FROM %smessages WHERE from_member_id=%d OR to_member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'messages', $result, $sqlout); $sql = "DELETE FROM %spolls_members WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'polls_members', $result, $sqlout); $sql = "DELETE FROM %stests_answers WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'tests_answers', $result, $sqlout); $sql = "DELETE FROM %stests_results WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'tests_results', $result, $sqlout); $sql = "DELETE FROM %susers_online WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'users_online', $result, $sqlout); $sql = "DELETE FROM %smembers WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'members', $result, $sqlout); $sql = "DELETE FROM %smember_track WHERE member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'member_track', $result, $sqlout); // delete personal files from file storage fs_delete_workspace(WORKSPACE_PERSONAL, $id); return; }
$msg->addFeedback('CANCELLED'); header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php'); exit; } else { if (isset($_POST['form_basiclti'])) { if (at_form_validate($blti_admin_form, $msg)) { $sql = "SELECT count(*) cnt FROM %sbasiclti_tools WHERE toolid = '%s'"; $row = queryDB($sql, array(TABLE_PREFIX, $_POST['toolid']), TRUE); if ($row["cnt"] != 0) { $msg->addError('NEED_UNIQUE_TOOLID'); } else { $sql = at_form_insert($_POST, $blti_admin_form); $sql = 'INSERT INTO %sbasiclti_tools ' . $sql; $result = queryDB($sql, array(TABLE_PREFIX)); global $sqlout; write_to_log(AT_ADMIN_LOG_INSERT, 'basiclti_create', $result, $sqlout); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: ' . AT_BASE_HREF . 'mods/_standard/basiclti/index_admin.php'); exit; } } } } include AT_INCLUDE_PATH . 'header.inc.php'; $msg->printAll(); ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?> " name="basiclti_form" enctype="multipart/form-data"> <input type="hidden" name="form_basiclti" value="true" />
/* This program is free software. You can redistribute it and/or*/ /* modify it under the terms of the GNU General Public License */ /* as published by the Free Software Foundation. */ /****************************************************************/ // $Id$ define('AT_INCLUDE_PATH', '../../../../include/'); require AT_INCLUDE_PATH . 'vitals.inc.php'; admin_authenticate(AT_ADMIN_PRIV_ADMIN); if (isset($_POST['submit_no'])) { $msg->addFeedback('CANCELLED'); header('Location: ./log.php'); exit; } else { if (isset($_POST['submit_yes'])) { //clean up the db $sql = "DELETE FROM %sadmin_log"; $result = queryDB($sql, array(TABLE_PREFIX)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'admin_log', $result, $sqlout); $msg->addFeedback('ADMIN_LOG_RESET'); header('Location: ./log.php'); exit; } } require AT_INCLUDE_PATH . 'header.inc.php'; //print confirmation $hidden_vars['all'] = TRUE; $confirm = array('RESET_ADMIN_LOG', $_SERVER['PHP_SELF']); $msg->addConfirm($confirm, $hidden_vars); $msg->printConfirm(); require AT_INCLUDE_PATH . 'footer.inc.php';
$request_id = intval($_REQUEST['id']); $sql = "SELECT * FROM " . TABLE_PREFIX . "members WHERE member_id=" . $request_id; $result = mysql_query($sql, $db); if (!($row = mysql_fetch_array($result))) { require AT_INCLUDE_PATH . 'header.inc.php'; echo _AT('no_user_found'); require AT_INCLUDE_PATH . 'footer.inc.php'; exit; } // message options $msg_options = array(_AT('leave_blank'), _AT('instructor_request_denymsg1'), _AT('instructor_request_denymsg2'), _AT('instructor_request_denymsg3'), _AT('instructor_request_denymsg4'), _AT('other')); $other_option = count($msg_options) - 1; if (isset($_POST['submit'])) { $sql = 'DELETE FROM ' . TABLE_PREFIX . 'instructor_approvals WHERE member_id=' . $request_id; $result = mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'instructor_approvals', mysql_affected_rows($db), $sql); $msg->addFeedback('PROFILE_UPDATED_ADMIN'); /* notify the users that they have been denied: */ $sql = "SELECT email, first_name, last_name FROM " . TABLE_PREFIX . "members WHERE member_id=" . $_POST['id']; $result = mysql_query($sql, $db); if ($row = mysql_fetch_array($result)) { $to_email = $row['email']; $message = _AT('instructor_request_deny', AT_BASE_HREF) . " \n"; if ($_POST['msg_option'] == $other_option) { $message .= addslashes($_POST['other_msg']); } else { if ($_POST['msg_option']) { $message .= "\n" . $msg_options[$_POST['msg_option']]; } } if ($to_email != '') {
$extra_info = $xml_parser->theme_rows['extra_info']; } if ($title == '') { $title = str_replace('_', ' ', $theme); } $last_updated = date('Y-m-d'); $status = '1'; //if version number is not compatible with current Atutor version, set theme as disabled if ($version != VERSION) { $status = '0'; } //save information in database $sql = "INSERT INTO %sthemes (title, version, dir_name, type, last_updated, extra_info, status, customized) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', %d, 1)"; $result = queryDB($sql, array(TABLE_PREFIX, $title, $version, $theme, $type, $last_updated, $extra_info, $status)); global $sqlout; write_to_log(AT_ADMIN_LOG_INSERT, 'themes', $result, $sqlout); } if (!$result) { clr_dir("../../themes/" . $theme); if ($_GET['permission_granted'] == 1) { header('Location: ' . AT_BASE_HREF . 'mods/_core/themes/theme_install_step_3.php?error=1'); } else { $msg->addError('IMPORT_FAILED'); header('Location: ' . AT_BASE_HREF . 'mods/_core/themes/install_themes.php'); } } else { if ($_GET['permission_granted'] == 1) { header('Location: ' . AT_BASE_HREF . 'mods/_core/themes/theme_install_step_3.php?installed=1'); } else { $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: ' . AT_BASE_HREF . 'mods/_core/themes/index.php');
function delete_theme($theme_dir) { global $msg; $theme_dir = addslashes($theme_dir); //check status $sql = "SELECT status, customized FROM %sthemes WHERE dir_name='%s'"; $row = queryDB($sql, array(TABLE_PREFIX, $theme_dir), TRUE); $status = intval($row['status']); $customized = intval($row['customized']); //can't delete if // 1. a system default // 2. current default theme // 3. a system level theme if ($theme_dir == 'default' || $status == 2 || !$customized && defined('IS_SUBSITE') && IS_SUBSITE) { $msg->addError('THEME_NOT_DELETED'); return FALSE; } else { //disable, clear directory and delete theme from db require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php'; /* for clr_dir() */ if ($status != 0) { disable_theme($theme_dir); $msg->deleteFeedback('THEME_DISABLED'); } $dir = get_main_theme_dir($customized) . $theme_dir; //chmod($dir, 0777); @clr_dir($dir); $sql1 = "DELETE FROM %sthemes WHERE dir_name = '%s'"; $result1 = queryDB($sql1, array(TABLE_PREFIX, $theme_dir)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'themes', $result1, $sqlout); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); return TRUE; } }
fclose($fp); if ($_POST['override'] == 1 && $existing_accounts) { // disable missing accounts $existing_accounts = implode(',', $existing_accounts); $sql = "UPDATE %smembers SET status=%d, creation_date=creation_date, last_login=last_login WHERE member_id IN (%s)"; $result = queryDB($sql, array(TABLE_PREFIX, AT_STATUS_DISABLED, $existing_accounts)); global $sqlout; write_to_log(AT_ADMIN_LOG_UPDATE, 'members', $result, $sqlout); // un-enrol disabled accounts $sql = "DELETE FROM %scourse_enrollment WHERE member_id IN (%s)"; $result = queryDB($sql, array(TABLE_PREFIX, $existing_accounts)); if ($result > 0) { $number_of_updated += $num_affected; } global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout); } else { if ($_POST['override'] == 2) { // delete missing accounts } } if ($number_of_updated > 0) { $msg->addFeedback('MASTER_LIST_UPLOADED'); } else { $msg->addFeedback('MASTER_LIST_NO_CHANGES'); } header('Location: ' . $_SERVER['PHP_SELF']); } exit; } else { if (isset($_GET['edit'], $_GET['id'])) {
if ($_POST['password_error'] != "") { $pwd_errors = explode(",", $_POST['password_error']); foreach ($pwd_errors as $pwd_error) { if ($pwd_error == "missing_password") { $missing_fields[] = _AT('password'); } else { $msg->addError($pwd_error); } } } if (!$msg->containsErrors()) { $password = $addslashes($_POST['form_password_hidden']); $sql = "UPDATE " . TABLE_PREFIX . "admins SET password='******', last_login=last_login WHERE login='******'login']}'"; $result = mysql_query($sql, $db); $sql = "UPDATE " . TABLE_PREFIX . "admins SET password='******' WHERE login='******'login']}'"; write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: ' . AT_BASE_HREF . 'mods/_core/users/admins/index.php'); exit; } $_POST['login'] = $stripslashes($_POST['login']); } } $_GET['login'] = $addslashes($_REQUEST['login']); $sql = "SELECT login FROM " . TABLE_PREFIX . "admins WHERE login='******'login']}'"; $result = mysql_query($sql, $db); if (!($row = mysql_fetch_assoc($result))) { $msg->addError('USER_NOT_FOUND'); $msg->printErrors(); require AT_INCLUDE_PATH . 'footer.inc.php'; exit;
/** * Imports a theme from a URL or Zip file to Atutor * @access private * @author Shozub Qureshi */ function import_theme() { global $db; global $msg; if (isset($_POST['url']) && $_POST['url'] != 'http://') { if ($content = @file_get_contents($_POST['url'])) { // save file to /themes/ $filename = pathinfo($_POST['url']); $filename = $filename['basename']; $full_filename = AT_CONTENT_DIR . '/' . $filename; if (!($fp = fopen($full_filename, 'w+b'))) { //Cannot open file ($filename)"; $errors = array('CANNOT_OPEN_FILE', $filename); $msg->addError($errors); header('Location: index.php'); exit; } if (fwrite($fp, $content, strlen($content)) === FALSE) { //"Cannot write to file ($filename)"; $errors = array('CANNOT_WRITE_FILE', $filename); $msg->addError($errors); header('Location: index.php'); exit; } fclose($fp); } $_FILES['file']['name'] = $filename; $_FILES['file']['tmp_name'] = $full_filename; $_FILES['file']['size'] = strlen($content); unset($content); $url_parts = pathinfo($_POST['url']); $package_base_name_url = $url_parts['basename']; } $ext = pathinfo($_FILES['file']['name']); $ext = $ext['extension']; //error in the file if ($_FILES['file']['error'] == 1) { $errors = array('FILE_MAX_SIZE', ini_get('upload_max_filesize')); $msg->addError($errors); header('Location: index.php'); exit; } //If file has no name or no address or if the extension is not .zip if (!$_FILES['file']['name'] || !is_uploaded_file($_FILES['file']['tmp_name']) && !$_POST['url']) { $msg->addError('FILE_NOT_SELECTED'); header('Location: index.php'); exit; } if ($ext != 'zip') { $msg->addError('IMPORT_NOT_PROPER_FORMAT'); header('Location: index.php'); exit; } //check if file size is ZERO if ($_FILES['file']['size'] == 0) { $msg->addError('IMPORTFILE_EMPTY'); header('Location: index.php'); exit; } // new directory name is the filename minus the extension $fldrname = substr($_FILES['file']['name'], 0, -4); $fldrname = str_replace(' ', '_', $fldrname); $import_path = AT_SUBSITE_THEME_DIR . $fldrname; //check if Folder by that name already exists if (is_dir($import_path)) { $i = 1; while (is_dir($import_path . '_' . $i)) { $i++; } $fldrname = $fldrname . '_' . $i; $import_path = $import_path . '_' . $i; } //if folder does not exist previously if (!@mkdir($import_path, 0700)) { $msg->addError('IMPORTDIR_FAILED'); header('Location: index.php'); exit; } // unzip file and save into directory in themes $archive = new PclZip($_FILES['file']['tmp_name']); //extract contents to importpath/foldrname if (!$archive->extract($import_path)) { $errors = array('IMPORT_ERROR_IN_ZIP', $archive->errorInfo(true)); clr_dir($import_path); $msg->addError($errors); header('Location: index.php'); exit; } $handle = opendir($import_path); while ($file = readdir($handle)) { if (is_dir($import_path . '/' . $file) && $file != '.' && $file != '..') { $folder = $file; } } //copy contents from importpath/foldrname to importpath copys($import_path . '/' . $folder, $import_path); //delete importpath/foldrname clr_dir($import_path . '/' . $folder); $theme_xml = @file_get_contents($import_path . '/theme_info.xml'); //Check if XML file exists (if it doesnt send error and clear directory) if ($theme_xml == false) { $version = '1.4.x'; $extra_info = 'unspecified'; } else { //parse information $xml_parser = new ThemeParser(); $xml_parser->parse($theme_xml); $version = $xml_parser->theme_rows['version']; $extra_info = $xml_parser->theme_rows['extra_info']; $type = $xml_parser->theme_rows['type']; } $title = str_replace('_', ' ', $fldrname); $last_updated = date('Y-m-d'); $status = '1'; //if version number is not compatible with current Atutor version, set theme as disabled if ($version != VERSION) { $status = '0'; } //save information in database $sql = "INSERT INTO %sthemes (title, version, dir_name, type, last_updated, extra_info, status, customized) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', %d, 1)"; $result = queryDB($sql, array(TABLE_PREFIX, $title, $version, $fldrname, $type, $last_updated, $extra_info, $status)); global $sqlout; write_to_log(AT_ADMIN_LOG_INSERT, 'themes', $result, $sqlout); if (!$result) { $msg->addError('IMPORT_FAILED'); header('Location: index.php'); exit; } if (isset($_POST['url'])) { @unlink($full_filename); } }
function add_update_course($course_data, $isadmin = FALSE) { require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php'; global $addslashes; global $db; global $system_courses; global $MaxCourseSize; global $msg; global $_config; global $_config_defaults; global $stripslashes; $Backup = new Backup($db); $missing_fields = array(); if ($course_data['title'] == '') { $missing_fields[] = _AT('title'); } if (!$course_data['instructor']) { $missing_fields[] = _AT('instructor'); } if ($missing_fields) { $missing_fields = implode(', ', $missing_fields); $msg->addError(array('EMPTY_FIELDS', $missing_fields)); } $course_data['access'] = $addslashes($course_data['access']); $course_data['title'] = $addslashes($course_data['title']); $course_data['description'] = $addslashes($course_data['description']); $course_data['hide'] = $addslashes($course_data['hide']); $course_data['pri_lang'] = $addslashes($course_data['pri_lang']); $course_data['created_date'] = $addslashes($course_data['created_date']); $course_data['copyright'] = $addslashes($course_data['copyright']); $course_data['icon'] = $addslashes($course_data['icon']); $course_data['banner'] = $addslashes($course_data['banner']); $course_data['course_dir_name'] = $addslashes($course_data['course_dir_name']); $course_data['course'] = intval($course_data['course']); $course_data['notify'] = intval($course_data['notify']); $course_data['hide'] = intval($course_data['hide']); $course_data['instructor'] = intval($course_data['instructor']); $course_data['category_parent'] = intval($course_data['category_parent']); $course_data['rss'] = intval($course_data['rss']); // Course directory name (aka course slug) if ($course_data['course_dir_name'] != '') { //validate the course_dir_name, allow only alphanumeric, underscore. if (preg_match('/^[\\w][\\w\\d\\_]+$/', $course_data['course_dir_name']) == 0) { $msg->addError('COURSE_DIR_NAME_INVALID'); } //check if the course_dir_name is already being used $sql = "SELECT COUNT(course_id) as cnt FROM %scourses WHERE course_id!=%d AND course_dir_name='%s'"; $num_of_dir = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['course_dir_name']), TRUE); if (intval($num_of_dir['cnt']) > 0) { $msg->addError('COURSE_DIR_NAME_IN_USE'); } } // Custom icon if ($_FILES['customicon']['name'] != '') { // Use custom icon instead if it exists $course_data['icon'] = $addslashes($_FILES['customicon']['name']); } if ($_FILES['customicon']['error'] == UPLOAD_ERR_FORM_SIZE) { // Check if filesize is too large for a POST $msg->addError(array('FILE_MAX_SIZE', $_config['prof_pic_max_file_size'] . ' ' . _AT('bytes'))); } if ($course_data['release_date']) { $day_release = intval($course_data['day_release']); $month_release = intval($course_data['month_release']); $year_release = intval($course_data['year_release']); $hour_release = intval($course_data['hour_release']); $min_release = intval($course_data['min_release']); if (!checkdate($month_release, $day_release, $year_release)) { //or date is in the past $msg->addError('RELEASE_DATE_INVALID'); } if (strlen($month_release) == 1) { $month_release = "0{$month_release}"; } if (strlen($day_release) == 1) { $day_release = "0{$day_release}"; } if (strlen($hour_release) == 1) { $hour_release = "0{$hour_release}"; } if (strlen($min_release) == 1) { $min_release = "0{$min_release}"; } $release_date = "{$year_release}-{$month_release}-{$day_release} {$hour_release}:{$min_release}:00"; } else { $release_date = "0000-00-00 00:00:00"; } if ($course_data['end_date']) { $day_end = intval($course_data['day_end']); $month_end = intval($course_data['month_end']); $year_end = intval($course_data['year_end']); $hour_end = intval($course_data['hour_end']); $min_end = intval($course_data['min_end']); if (!checkdate($month_end, $day_end, $year_end)) { //or date is in the past $msg->addError('END_DATE_INVALID'); } if (strlen($month_end) == 1) { $month_end = "0{$month_end}"; } if (strlen($day_end) == 1) { $day_end = "0{$day_end}"; } if (strlen($hour_end) == 1) { $hour_end = "0{$hour_end}"; } if (strlen($min_end) == 1) { $min_end = "0{$min_end}"; } $end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00"; } else { $end_date = "0000-00-00 00:00:00"; } $initial_content_info = explode('_', $course_data['initial_content'], 2); //admin $course_quotas = ''; if ($isadmin) { $instructor = $course_data['instructor']; $quota = intval($course_data['quota']); $quota_entered = intval($course_data['quota_entered']); $filesize = intval($course_data['filesize']); $filesize_entered = intval($course_data['filesize_entered']); //if they checked 'other', set quota=entered value, if it is empty or negative, set to default (-2) if ($quota == '2') { if ($quota_entered == '' || empty($quota_entered) || $quota_entered < 0) { $quota = AT_COURSESIZE_DEFAULT; } else { $quota = floatval($quota_entered); $quota = megabytes_to_bytes($quota); } } //if they checked 'other', set filesize=entered value, if it is empty or negative, set to default if ($filesize == '2') { if ($filesize_entered == '' || empty($filesize_entered) || $filesize_entered < 0) { $filesize = AT_FILESIZE_DEFAULT; $msg->addFeedback('COURSE_DEFAULT_FSIZE'); } else { $filesize = floatval($filesize_entered); $filesize = megabytes_to_bytes($filesize); } } $course_quotas = "max_quota='{$quota}', max_file_size='{$filesize}',"; } else { $instructor = $_SESSION['member_id']; if (!$course_data['course']) { $course_quotas = "max_quota=" . AT_COURSESIZE_DEFAULT . ", max_file_size=" . AT_FILESIZE_DEFAULT . ","; $row = $Backup->getRow($initial_content_info[0], $initial_content_info[1]); if (count($initial_content_info) == 2 && $system_courses[$initial_content_info[1]]['member_id'] == $_SESSION['member_id']) { if ($MaxCourseSize < $row['contents']['file_manager']) { $msg->addError('RESTORE_TOO_BIG'); } } else { $initial_content_info = intval($course_data['initial_content']); } } else { unset($initial_content_info); $course_quotas = "max_quota='{$system_courses[$course_data[course]][max_quota]}', max_file_size='{$system_courses[$course_data[course]][max_file_size]}',"; } } if ($msg->containsErrors()) { return FALSE; } //display defaults if (!$course_data['course']) { $menu_defaults = ",home_links='{$_config['home_defaults']}', main_links='{$_config['main_defaults']}', side_menu='{$_config['side_defaults']}'"; } else { $menu_defaults = ',home_links=\'' . $system_courses[$course_data['course']]['home_links'] . '\', main_links=\'' . $system_courses[$course_data['course']]['main_links'] . '\', side_menu=\'' . $system_courses[$course_data['course']]['side_menu'] . '\''; } $sql = "REPLACE INTO %scourses \n SET \n course_id=%d, \n member_id='%s', \n access='%s', \n title='%s', \n description='%s', \n course_dir_name='%s', \n cat_id=%d, \n content_packaging='%s', \n notify=%d, \n hide=%d, \n {$course_quotas}\n primary_language='%s',\n created_date='%s',\n rss=%d,\n copyright='%s',\n icon='%s',\n banner='%s',\n release_date='%s', \n end_date='%s' \n {$menu_defaults}"; $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['instructor'], $course_data['access'], $course_data['title'], $course_data['description'], $course_data['course_dir_name'], $course_data['category_parent'], $course_data['content_packaging'], $course_data['notify'], $course_data['hide'], $course_data['pri_lang'], $course_data['created_date'], $course_data['rss'], $course_data['copyright'], $course_data['icon'], $course_data['banner'], $release_date, $end_date)); if (!$result) { echo at_db_error(); echo 'DB Error'; exit; } $new_course_id = $_SESSION['course_id'] = at_insert_id(); if (isset($isadmin)) { global $sqlout; write_to_log(AT_ADMIN_LOG_REPLACE, 'courses', $result, $sqlout); } if (isset($isadmin)) { //get current instructor and unenroll from course if different from POST instructor $old_instructor = $system_courses[$course_data['course']]['member_id']; if ($old_instructor != $course_data['instructor']) { //remove old from course enrollment $sql = "DELETE FROM %scourse_enrollment WHERE course_id=%d AND member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $old_instructor)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout); } } //enroll new instructor $sql = "REPLACE INTO %scourse_enrollment VALUES (%d, %d, 'y', 0, '" . _AT('instructor') . "', 0)"; $result = queryDB($sql, array(TABLE_PREFIX, $course_data['instructor'], $new_course_id)); if (isset($isadmin)) { global $sqlout; write_to_log(AT_ADMIN_LOG_REPLACE, 'course_enrollment', $result, $sqlout); } // create the course content directory $path = AT_CONTENT_DIR . $new_course_id . '/'; @mkdir($path, 0700); @copy(AT_CONTENT_DIR . 'index.html', AT_CONTENT_DIR . $new_course_id . '/index.html'); // create the course backup directory $path = AT_BACKUP_DIR . $new_course_id . '/'; @mkdir($path, 0700); @copy(AT_CONTENT_DIR . 'index.html', AT_BACKUP_DIR . $new_course_id . '/index.html'); /* insert some default content: */ if (!$course_data['course_id'] && $course_data['initial_content'] == '1') { $contentManager = new ContentManager($db, $new_course_id); $contentManager->initContent(); $cid = $contentManager->addContent($new_course_id, 0, 1, _AT('welcome_to_atutor'), addslashes(_AT('this_is_content')), '', '', 1, date('Y-m-d H:00:00')); $announcement = _AT('default_announcement'); $sql = "INSERT INTO %snews VALUES (NULL, %d, %d, NOW(), 1, '%s', '%s')"; $result = queryDB($sql, array(TABLE_PREFIX, $new_course_id, $instructor, _AT('welcome_to_atutor'), $announcement)); if ($isadmin) { global $sqlout; write_to_log(AT_ADMIN_LOG_INSERT, 'news', $result, $sqlout); } } else { if (!$course_data['course'] && count($initial_content_info) == 2) { $Backup->setCourseID($new_course_id); $Backup->restore($material = TRUE, 'append', $initial_content_info[0], $initial_content_info[1]); } } // custom icon, have to be after directory is created if ($_FILES['customicon']['tmp_name'] != '') { $course_data['comments'] = trim($course_data['comments']); $owner_id = $_SESSION['course_id']; $owner_type = "1"; if ($_FILES['customicon']['error'] == UPLOAD_ERR_INI_SIZE) { $msg->addError(array('FILE_TOO_BIG', get_human_size(megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1))))); } else { if (!isset($_FILES['customicon']['name']) || $_FILES['customicon']['error'] == UPLOAD_ERR_NO_FILE || $_FILES['customicon']['size'] == 0) { $msg->addError('FILE_NOT_SELECTED'); } else { if ($_FILES['customicon']['error'] || !is_uploaded_file($_FILES['customicon']['tmp_name'])) { $msg->addError('FILE_NOT_SAVED'); } } } if (!$msg->containsErrors()) { $course_data['description'] = $addslashes(trim($course_data['description'])); $_FILES['customicon']['name'] = addslashes($_FILES['customicon']['name']); if ($course_data['comments']) { $num_comments = 1; } else { $num_comments = 0; } $path = AT_CONTENT_DIR . $owner_id . "/custom_icons/"; if (!is_dir($path)) { @mkdir($path); } // if we can upload custom course icon, it means GD is enabled, no need to check extension again. $gd_info = gd_info(); $supported_images = array(); if ($gd_info['GIF Create Support']) { $supported_images[] = 'gif'; } if ($gd_info['JPG Support'] || $gd_info['JPEG Support']) { $supported_images[] = 'jpg'; } if ($gd_info['PNG Support']) { $supported_images[] = 'png'; } // check if this is a supported file type $filename = $stripslashes($_FILES['customicon']['name']); $path_parts = pathinfo($filename); $extension = strtolower($path_parts['extension']); $image_attributes = getimagesize($_FILES['customicon']['tmp_name']); if ($extension == 'jpeg') { $extension = 'jpg'; } // resize the original but don't backup a copy. $width = $image_attributes[0]; $height = $image_attributes[1]; $original_img = $_FILES['customicon']['tmp_name']; $thumbnail_img = $path . $_FILES['customicon']['name']; if ($width > $height && $width > 79) { $thumbnail_height = intval(79 * $height / $width); $thumbnail_width = 79; if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) { $msg->addError('FILE_NOT_SAVED'); } } else { if ($width <= $height && $height > 79) { $thumbnail_height = 100; $thumbnail_width = intval(100 * $width / $height); if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) { $msg->addError('FILE_NOT_SAVED'); } } else { // no resizing, just copy the image. // it's too small to resize. copy($original_img, $thumbnail_img); } } } else { $msg->addError('FILE_NOT_SAVED'); } } //---------------------------------------- /* delete the RSS feeds just in case: */ if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS1.0.xml')) { @unlink(AT_CONTENT_DIR . 'feeds/' . $course_data['course'] . '/RSS1.0.xml'); } if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml')) { @unlink(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml'); } if ($isadmin) { $_SESSION['course_id'] = -1; } $_SESSION['course_title'] = $stripslashes($course_data['title']); return $new_course_id; }
$sql = "SELECT * FROM %smembers WHERE member_id=%d"; $row_member = queryDB($sql, array(TABLE_PREFIX, $request_id)); if (count($row_member) == 0) { require AT_INCLUDE_PATH . 'header.inc.php'; echo _AT('no_user_found'); require AT_INCLUDE_PATH . 'footer.inc.php'; exit; } // message options $msg_options = array(_AT('leave_blank'), _AT('instructor_request_denymsg1'), _AT('instructor_request_denymsg2'), _AT('instructor_request_denymsg3'), _AT('instructor_request_denymsg4'), _AT('other')); $other_option = count($msg_options) - 1; if (isset($_POST['submit'])) { $sql = 'DELETE FROM %sinstructor_approvals WHERE member_id=%d'; $result = queryDB($sql, array(TABLE_PREFIX, $request_id)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'instructor_approvals', $result, $sqlout); $msg->addFeedback('PROFILE_UPDATED_ADMIN'); /* notify the users that they have been denied: */ $sql = "SELECT email, first_name, last_name FROM %smembers WHERE member_id=%d"; $row_member = queryDB($sql, array(TABLE_PREFIX, $_POST['id']), TRUE); if (count($row_member) > 0) { $to_email = $row_member['email']; $message = _AT('instructor_request_deny', AT_BASE_HREF) . " \n"; if ($_POST['msg_option'] == $other_option) { $message .= addslashes($_POST['other_msg']); } else { if ($_POST['msg_option']) { $message .= "\n" . $msg_options[$_POST['msg_option']]; } } if ($to_email != '') {
$myown_patch_id = intval($_POST['myown_patch_id']); $sql = "DELETE FROM ".TABLE_PREFIX."myown_patches WHERE myown_patch_id=$myown_patch_id"; $result = mysql_query($sql, $db) or die(mysql_error()); write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches', mysql_affected_rows($db), $sql); $sql = "DELETE FROM ".TABLE_PREFIX."myown_patches_dependent WHERE myown_patch_id=$myown_patch_id"; $result = mysql_query($sql, $db) or die(mysql_error()); write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches_dependent', mysql_affected_rows($db), $sql); $sql = "DELETE FROM ".TABLE_PREFIX."myown_patches_files WHERE myown_patch_id=$myown_patch_id"; $result = mysql_query($sql, $db) or die(mysql_error()); write_to_log(AT_ADMIN_LOG_DELETE, 'myown_patches_files', mysql_affected_rows($db), $sql); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: myown_patches.php'); exit; } //require('../../include/header.inc.php'); require(AT_INCLUDE_PATH.'header.inc.php'); $_GET['myown_patch_id'] = intval($_GET['myown_patch_id']); $sql = "SELECT myown_patch_id, atutor_patch_id FROM ".TABLE_PREFIX."myown_patches m WHERE m.myown_patch_id=$_GET[myown_patch_id]"; $result = mysql_query($sql,$db) or die(mysql_error()); if (mysql_num_rows($result) == 0) {
$msg->addError(array('EMPTY_FIELDS', _AT('title'))); } $cat_name = validate_length($cat_name, 100); if ($_POST['theme_parent']) { $sql = "SELECT theme FROM " . TABLE_PREFIX . "course_cats WHERE cat_id={$cat_parent_id}"; $result = mysql_query($sql, $db); if ($row = mysql_fetch_assoc($result)) { $cat_theme = $row['theme']; } } if (!$msg->containsErrors()) { $sql = "INSERT INTO " . TABLE_PREFIX . "course_cats VALUES (NULL, '{$cat_name}', {$cat_parent_id}, '{$cat_theme}')"; $result = mysql_query($sql, $db); $cat_id = mysql_insert_id($db); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); write_to_log(AT_ADMIN_LOG_INSERT, 'course_cats', mysql_affected_rows($db), $sql); header('Location: course_categories.php'); exit; } } else { if (isset($_POST['cancel'])) { $msg->addFeedback('CANCELLED'); header('Location: course_categories.php'); exit; } } /* $categories[category_id] = array(cat_name, cat_parent, num_courses, [array(children)]) */ $categories = get_categories(); require AT_INCLUDE_PATH . 'header.inc.php'; $msg->printAll(); ?>
$tool = intval($_REQUEST['id']); $sql = "SELECT title FROM %sbasiclti_tools WHERE id = %d AND course_id = %d"; $row = queryDB($sql, array(TABLE_PREFIX, $tool, $_SESSION['course_id']), TRUE); if (strlen($row["title"]) < 1) { $msg->addError('UNABLE_TO_FIND_TOOL'); header('Location: ../index_instructor.php'); exit; } if (isset($_POST['submit_no'])) { $msg->addFeedback('CANCELLED'); header('Location: ../index_instructor.php'); exit; } else { if (isset($_POST['step']) && $_POST['step'] == 1 && isset($_POST['submit_yes'])) { $sql = "DELETE FROM %sbasiclti_tools WHERE id = %d AND course_id = %d"; $result = queryDB($sql, array(TABLE_PREFIX, $tool, $_SESSION['course_id'])); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'basiclti_delete', $result, $sqlout); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); header('Location: ../index_instructor.php'); exit; } } require AT_INCLUDE_PATH . 'header.inc.php'; if (!isset($_POST['step'])) { $hidden_vars['step'] = 1; $hidden_vars['id'] = $tool; $msg->addConfirm(array('DELETE_TOOL_1', $row['title']), $hidden_vars); $msg->printConfirm(); } require AT_INCLUDE_PATH . 'footer.inc.php';
function delete_theme($theme_dir) { global $msg, $db; $theme_dir = addslashes($theme_dir); //check status $sql = "SELECT status, customized FROM " . TABLE_PREFIX . "themes WHERE dir_name='" . $theme_dir . "'"; $result = mysql_query($sql, $db); $row = mysql_fetch_assoc($result); $status = intval($row['status']); $customized = intval($row['customized']); //can't delete if // 1. a system default // 2. current default theme // 3. a system level theme if ($theme_dir == 'default' || $status == 2 || !$customized) { $msg->addError('THEME_NOT_DELETED'); return FALSE; } else { //disable, clear directory and delete theme from db require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php'; /* for clr_dir() */ if ($status != 0) { disable_theme($theme_dir); $msg->deleteFeedback('THEME_DISABLED'); } $dir = get_main_theme_dir($customized) . $theme_dir; //chmod($dir, 0777); @clr_dir($dir); $sql1 = "DELETE FROM " . TABLE_PREFIX . "themes WHERE dir_name = '{$theme_dir}'"; $result1 = mysql_query($sql1, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'themes', mysql_affected_rows($db), $sql); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); return TRUE; } }
function delete_theme ($theme_dir) { global $msg, $db; //check status $sql = "SELECT status FROM ".TABLE_PREFIX."themes WHERE dir_name='$theme_dir'"; $result = mysql_query ($sql, $db); $row = mysql_fetch_assoc($result); $status = intval($row['status']); //can't delete original default or current default theme if (($theme_dir == 'default') || ($status == 2)) { $msg->addError('THEME_NOT_DELETED'); return FALSE; } else { //disable, clear directory and delete theme from db require_once(AT_INCLUDE_PATH.'../mods/_core/file_manager/filemanager.inc.php'); /* for clr_dir() */ if ($status != 0) { disable_theme($theme_dir); $msg->deleteFeedback('THEME_DISABLED'); } $dir = '../../../themes/' . $theme_dir; //chmod($dir, 0777); @clr_dir($dir); $sql1 = "DELETE FROM ".TABLE_PREFIX."themes WHERE dir_name = '$theme_dir'"; $result1 = mysql_query ($sql1, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'themes', mysql_affected_rows($db), $sql); $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); return TRUE; } }
$_POST['site_name'] = $addslashes($_POST['site_name']); $_POST['home_url'] = $addslashes($_POST['home_url']); $_POST['default_language'] = $addslashes($_POST['default_language']); $_POST['contact_email'] = $addslashes($_POST['contact_email']); $_POST['time_zone'] = $addslashes($_POST['time_zone']); foreach ($_config as $name => $value) { // the isset() is needed to avoid overridding settings that don't get set here (ie. modules) if (isset($_POST[$name]) && $stripslashes($_POST[$name]) != $value && $stripslashes($_POST[$name]) != $_config_defaults[$name]) { $sql = 'REPLACE INTO %sconfig VALUES ("%s", "%s")'; $num_rows = queryDB($sql, array(TABLE_PREFIX, $name, $_POST[$name])); write_to_log(AT_ADMIN_LOG_REPLACE, 'config', $num_rows, $sqlout); } else { if (isset($_POST[$name]) && $stripslashes($_POST[$name]) == $_config_defaults[$name]) { $sql = "DELETE FROM %sconfig WHERE name='%s'"; $num_rows = queryDB($sql, array(TABLE_PREFIX, $name)); write_to_log(AT_ADMIN_LOG_DELETE, 'config', $num_rows, $sqlout); } } } $msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY'); // special case: disabling the mail queue should flush all queued mail: if (!$_POST['enable_mail_queue'] && $_POST['old_enable_mail_queue']) { require_once AT_INCLUDE_PATH . 'classes/phpmailer/atutormailer.class.php'; $mail = new ATutorMailer(); $mail->SendQueue(); } header('Location: ' . $_SERVER['PHP_SELF']); exit; } } }
define('AT_INCLUDE_PATH', '../../../../include/'); require(AT_INCLUDE_PATH.'vitals.inc.php'); admin_authenticate(AT_ADMIN_PRIV_ADMIN); if (isset($_POST['submit_no'])) { $msg->addFeedback('CANCELLED'); header('Location: ./log.php'); exit; } else if (isset($_POST['submit_yes'])) { //clean up the db $sql = "DELETE FROM ".TABLE_PREFIX."admin_log"; $result = mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'admin_log', mysql_affected_rows($db), $sql); $msg->addFeedback('ADMIN_LOG_RESET'); header('Location: ./log.php'); exit; } require(AT_INCLUDE_PATH.'header.inc.php'); //print confirmation $hidden_vars['all'] = TRUE; $confirm = array('RESET_ADMIN_LOG', $_SERVER['PHP_SELF']); $msg->addConfirm($confirm, $hidden_vars); $msg->printConfirm();
function delete_user($id) { global $db, $msg; //make sure not instructor of a course $sql = "SELECT course_id FROM " . TABLE_PREFIX . "courses WHERE member_id={$id}"; $result = mysql_query($sql, $db); if ($row = mysql_fetch_assoc($result)) { /*$msg->addError('NODELETE_USER'); header('Location: '.AT_BASE_HREF.'users.php'); exit;*/ return; } $sql = "DELETE FROM " . TABLE_PREFIX . "course_enrollment WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', mysql_affected_rows($db), $sql); $sql = "DELETE FROM " . TABLE_PREFIX . "forums_accessed WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'forums_accessed', mysql_affected_rows($db), $sql); $sql = "DELETE FROM " . TABLE_PREFIX . "forums_subscriptions WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'forums_subscriptions', mysql_affected_rows($db), $sql); /****/ /* delete forum threads block: */ /* delete the thread replies: */ $sql = "SELECT COUNT(*) AS cnt, parent_id, forum_id FROM " . TABLE_PREFIX . "forums_threads WHERE member_id={$id} AND parent_id<>0 GROUP BY parent_id"; $result = mysql_query($sql, $db); while ($row = mysql_fetch_assoc($result)) { /* update the forum posts counter */ $sql = "UPDATE " . TABLE_PREFIX . "forums SET num_posts=num_posts - {$row['cnt']}, last_post=last_post WHERE forum_id={$row['forum_id']}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_UPDATE, 'forums', mysql_affected_rows($db), $sql); /* update the topics reply counter */ $sql = "UPDATE " . TABLE_PREFIX . "forums_threads SET num_comments=num_comments-{$row['cnt']}, last_comment=last_comment, date=date WHERE post_id={$row['parent_id']}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_UPDATE, 'forums_threads', mysql_affected_rows($db), $sql); } /* delete threads this member started: */ $sql = "SELECT post_id, forum_id, num_comments FROM " . TABLE_PREFIX . "forums_threads WHERE member_id={$id} AND parent_id=0"; $result = mysql_query($sql, $db); while ($row = mysql_fetch_assoc($result)) { /* update the forum posts and topics counters */ $num_posts = $row['num_comments'] + 1; $sql = "UPDATE " . TABLE_PREFIX . "forums SET num_topics=num_topics-1, num_posts=num_posts - {$num_posts}, last_post=last_post WHERE forum_id={$row['forum_id']}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_UPDATE, 'forums', mysql_affected_rows($db), $sql); /* delete the replies */ $sql = "DELETE FROM " . TABLE_PREFIX . "forums_threads WHERE parent_id={$row['post_id']}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'forums_threads', mysql_affected_rows($db), $sql); } /* delete the actual threads */ $sql = "DELETE FROM " . TABLE_PREFIX . "forums_threads WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'forums_threads', mysql_affected_rows($db), $sql); /* end delete forum threads block. */ /****/ $sql = "DELETE FROM " . TABLE_PREFIX . "instructor_approvals WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'instructor_approvals', mysql_affected_rows($db), $sql); $sql = "DELETE FROM " . TABLE_PREFIX . "messages WHERE from_member_id={$id} OR to_member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'messages', mysql_affected_rows($db), $sql); $sql = "DELETE FROM " . TABLE_PREFIX . "polls_members WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'polls_members', mysql_affected_rows($db), $sql); $sql = "DELETE FROM " . TABLE_PREFIX . "tests_answers WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'tests_answers', mysql_affected_rows($db), $sql); $sql = "DELETE FROM " . TABLE_PREFIX . "tests_results WHERE member_id='{$id}'"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'tests_results', mysql_affected_rows($db), $sql); $sql = "DELETE FROM " . TABLE_PREFIX . "users_online WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'users_online', mysql_affected_rows($db), $sql); $sql = "DELETE FROM " . TABLE_PREFIX . "members WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'members', mysql_affected_rows($db), $sql); $sql = "DELETE FROM " . TABLE_PREFIX . "member_track WHERE member_id={$id}"; mysql_query($sql, $db); write_to_log(AT_ADMIN_LOG_DELETE, 'member_track', mysql_affected_rows($db), $sql); // delete personal files from file storage fs_delete_workspace(WORKSPACE_PERSONAL, $id); return; }
if ($error != '') { //There was an issue with the connection, log the error write_to_log($error); header("HTTP/1.1 503 Service Unavailable"); exit; } } else { //error connecting $error = "Could not make a connection with fsockopen: {$errstr}\t" . http_build_query($_POST); write_to_log($error); header("HTTP/1.1 503 Service Unavailable"); exit; } //Yeay! Everything worked! Lets log it anyway $message = "Successfuly sent to " . $appDomain . $appPath . ": \t" . http_build_query($_POST); write_to_log($message); exit; } else { // Did not find expected POST variables. Possible access attempt from a non PayPal site. header("HTTP/1.1 401 Authorization Required"); echo 'Error: Missing POST variables. Identification is not possible.'; exit; } function write_to_log($error) { //create filename for each month $filename = 'logs/IPN_Log_' . date('Y_m') . '.log'; //add timestamp to error $message = gmdate('[Y-m-d H:i:s] ') . $error; //write to file $contents = @file_get_contents($filename);