public function reloadSettings() { // get the current settings from the database $this->settings = $this->qdb_object->getSettingsAll(); // perform error checking if (isset($this->settings['ERRORS']) && $this->settings['ERRORS'] != '') { // fatal error as we need these settings for everything else to work $err = Errors::getInstance(); $err->errorEvent(ERROR_SETTINGS, "Error reloading settings " . $this->settings['ERRORS']); } }
public function getSessionInfo() { // first check status - if not set then return empty array $session_info = array(); $status = $this->getValue('status'); if (!isset($status) || !is_int($status)) { $err = Errors::getInstance(); $err->errorEvent(INFO_SESSION, "No session found"); return $session_info; } $session_info['status'] = $status; $session_info['username'] = $this->getValue('username'); return $session_info; }
public function writeFile($contents) { $fh = fopen($this->filename, 'w'); if ($fh) { fwrite($fh, $this->file_header); fwrite($fh, $contents); } else { if (isset($debug) && $debug) { print "Error in writeFile " . $this->filename . "\n"; } $err = Errors::getInstance(); $err->errorEvent(ERROR_FILEWRITE, "Error writing to file " . $this->filename); exit(0); } }
public static function runException($needle, $argument = false) { $error = false; $type = is_int($needle) ? "code" : "key"; foreach (Errors::getInstance()->errors as $value) { if ($value[$type] == $needle) { $error = $value; break; } } if ($error['message'] && $argument) { $error['message'] = str_replace("%1", $argument, $error['message']); } if (!$error) { Errors::getInstance()->runException("E_UNKNOWN_ERROR"); } throw new ResponseException($error['message'], $error['code']); }
// this will normally just load the name of the real config file // note can't try/catch around an include so use @include and check it's loaded later @(include $app_dir . "/" . $default_cfg_file); // $cfgfile is in the default_cfg_file and points to the 'real' config file // $cfgfile is loaded after all the entries in $default_cfg_file // if no local cfg file so see if master cfg file has been customised if (!isset($cfgfile) || $cfgfile == '') { // check master file has settings - just check one of them if (!isset($dbsettings)) { $err = Errors::getInstance(); $err->errorEvent(ERROR_CFG, "Error loading master config file ({$default_cfg_file}), or file is corrupt / incomplete"); } } else { // information message - only log if in debug mode if (isset($debug) && $debug) { $err = Errors::getInstance(); $err->errorEvent(INFO_CFG, "Loaded main config - now loading local config {$cfgfile}"); } @(include $cfgfile); // make sure required dbsettings is loaded if (!isset($dbsettings)) { $err->errorEvent(ERROR_CFG, "Error loading local config file ({$cfgfile}), or file is corrupt / incomplete"); } } if ($debug) { print "config files loaded\n"; } /*** Connect to database - $db can be used to access by other classes ***/ /*** But prefrably use $qdb below ***/ // null array for options - could add options if required $db_options = array();
public function includeTemplate($template_name, $mode) { // pull in application directory from original setup / adminsetup global $app_dir; // the local directory is not dependant upon incoming php file $template_dir_local = $app_dir . "/themes/"; // the url directory is dependant upon whether we are in admin or not if ($mode == 'admin') { $template_dir_url = "../themes/"; $template_theme_dir = $this->settings->getSetting("theme_admin") . "/"; } elseif ($mode == 'test') { $template_dir_url = "themes/"; $template_theme_dir = $this->settings->getSetting("theme_quiz") . "/"; // set mode to normal so we load the standard headers $mode = 'normal'; } else { $template_dir_url = "themes/"; $template_theme_dir = $this->settings->getSetting("theme_quiz") . "/"; } $template_filename = $this->filenames[$mode . "_" . $template_name]; /* Settings that can be used within the template files */ //%%Title%% $template_variables['Title'] = $this->settings->getSetting("html_title"); //%%Description%% $template_variables['Description'] = $this->settings->getSetting("html_description"); //%%QuizTitle%% $template_variables['QuizTitle'] = $this->settings->getSetting("quiz_title"); //%%QuestionNumber%% $template_variables['QuestionNumber'] = $this->settings->getSetting("question_number"); //%%HeaderJavascript (created by addHeaderJavascript function) if ($this->header_javascript != '') { $template_variables['HeaderJavascript'] = "<script type=\"text/javascript\">\n" . $this->header_javascript . "</script>\n"; } else { $template_variables['HeaderJavascript'] = ''; } //%%ThemeDirectory%% // Note use directory in the variable name rather than shortened to dir as we have done for the internal variables // This is the path to the theme directory that can be used in a url (relative to current file) $template_variables['ThemeDirectory'] = $template_dir_url . $template_theme_dir; // only action if template is set - if blank or not in db then we ignore // load the template file and parse initial variables if ($template_filename != "") { // include the app_dir as rel_dir is relative to that //include($template_dir_local.$template_theme_dir.$template_filename); $template_fh = fopen($template_dir_local . $template_theme_dir . $template_filename, 'r'); while ($this_string = fgets($template_fh)) { // parse variables foreach ($template_variables as $this_variable_key => $this_variable_value) { $this_string = preg_replace("/%%{$this_variable_key}%%/i", $this_variable_value, $this_string); } // replaced relevant variables now check for permitted php includes if (preg_match('/(.*)<\\?php\\s+include\\s*\\(?[\'\\"]([^\'\\"]*)[\'\\"]\\)?\\s*;\\s*\\?>(.*)/', $this_string, $matches)) { // print before string - do the include - then print after string // this is why only one per line (could add loop or recursive, but shouldn't need to have more than one include per line - especially as you can include an include etc.) // before include print $matches[1]; // include string // don't check it exists here - perhaps add in future // if not enabled then we ignore - strip out the include and replace with a comment warning if ($this->settings->getSetting('template_allow_include')) { include $matches[2]; } else { print "<!-- PHP Includes are disabled in the wquiz settings -->"; } // after include print $matches[3]; } else { print $this_string; } } } else { // not found - so issue warning $err = Errors::getInstance(); //$err->errorEvent(WARNING_EXTERNAL, "Warning, external template file not found - $template_filename"); // not an error as such - but likely to be $err->errorEvent(INFO_EXTERNAL, "Warning, external template not defined - {$template_name}, {$mode}"); } }
function getUsersAll() { global $debug; $output = array(); $select_string = "SELECT * FROM " . $this->table_prefix . "users ORDER BY userid"; if (isset($debug) && $debug) { print "SQL: {$select_string}\n"; } $temp_array = $this->db_object->getRowsAll($select_string); // check for errors if (isset($temp_array['ERRORS'])) { if ($debug) { print "Error in getUsersAll \n"; } $err = Errors::getInstance(); $err->errorEvent(ERROR_DATABASE, "Error reading database" . $temp_array['ERRORS']); // not needed as we exit anyway, but removes risk of failure exit(0); } foreach ($temp_array as $this_entry) { $output[$this_entry['username']] = new User(array('userid' => $this_entry['userid'], 'username' => $this_entry['username'], 'accesslevel' => $this_entry['accesslevel'], 'fullname' => $this_entry['fullname'], 'password' => $this_entry['password'], 'status' => $this_entry['status'], 'loginexpiry' => $this_entry['loginexpiry'], 'supervisor' => $this_entry['supervisor'], 'admin' => $this_entry['admin'])); } return $output; }
public static function getWarning($warning) { return Errors::getInstance()->read($warning); }
public function delQuestionQuizQuestionid($questionid) { global $debug; // create two strings - one with field names - second with values $sql = "DELETE FROM " . $this->table_prefix . $this->quiz_tables['rel'] . " WHERE questionid=\"{$questionid}\""; if (isset($debug) && $debug) { print "SQL: \n" . $sql . "\n\n"; } $temp_array = $this->db_object->updateRow($sql); // check for errors if (isset($temp_array['ERRORS'])) { if ($debug) { print "Error in delQuestionQuizQuestionid \n"; } $err = Errors::getInstance(); $err->errorEvent(ERROR_DATABASE, "Error writing to database" + $temp_array['ERRORS']); } return true; }
function _checkParm($value, $parmname, $parmtype) { if ($parmtype == 'url') { $status = $this->_checkUrl($value); // if error code if ($status[0] != 0) { if ($status[0] == 1) { return ''; } else { $message = $status[1]; if (isset($debug) && $debug) { print "Error in parameter {$parmname} - {$message}\n"; } $err = Errors::getInstance(); $err->errorEvent(ERROR_PARAMETER, "Error in parameter {$parmname} - {$message}\n"); return ''; } } else { // we have now verfied url as being safe return $status[1]; } } elseif ($parmtype == 'relurl') { $unsafe_page = $value; // check that this is only has allowed characters (either alphanumeric normal characters and .(* beginning only) - or it's a regexp) if (preg_match('/^[\\w-\\.]+$/', $unsafe_page)) { return $unsafe_page; } else { return ""; } } elseif ($parmtype == 'domain') { $status = $this->_checkDomain($value); // if error code if ($status[0] != 0) { if ($status[0] == 1) { return ''; } else { $message = $status[1]; if (isset($debug) && $debug) { print "Error in parameter {$parmname} - {$message}\n"; } $err = Errors::getInstance(); $err->errorEvent(ERROR_PARAMETER, "Error in parameter {$parmname} - {$message}\n"); return ''; } } else { return $status[1]; } } elseif ($parmtype == 'reltime') { $unsafe_time = $value; // check that this is only has allowed characters (either alphanumeric normal characters and .(* beginning only) - or it's a regexp) // just allow minutes or hours - don't do days or secs if (preg_match('/^\\d+\\s*(min(utes)?)|(hours?)$/', $unsafe_time)) { return $unsafe_time; } elseif ($unsafe_time == 'Always') { return 'Always'; } else { return ''; } } elseif ($parmtype == 'alphanum') { // just allow printable chars (\w) if (preg_match('/^[\\w-_]+$/', $value)) { return $value; } elseif ($value == '*') { return $value; } else { return ''; } } elseif ($parmtype == 'text') { $unsafe_text = $value; $unsafe_text = preg_replace('/</', '<', $unsafe_text); $unsafe_text = preg_replace('/>/', '>', $unsafe_text); return $unsafe_text; } elseif ($parmtype == 'datetime') { $unsafe_text = $value; $unsafe_text = preg_replace('/</', '<', $unsafe_text); $unsafe_text = preg_replace('/>/', '>', $unsafe_text); return $unsafe_text; } elseif ($parmtype == 'int') { $int_value = intval($value); if ($int_value != 0) { return $int_value; } else { return ''; } } elseif ($parmtype == 'bool') { if ($value == 'true' || $value == '1') { return true; } else { return false; } } elseif ($parmtype == 'website') { // check for a url first - if not check for domain $status = $this->_checkUrl($value); if ($status[0] == 0) { return $status[1]; } $status = $this->_checkDomain($value); if ($status[0] == 0) { return $status[1]; } else { $message = $status[1]; if (isset($debug) && $debug) { print "Error in parameter {$parmname} - Not a url or domain\n"; } $err = Errors::getInstance(); $err->errorEvent(ERROR_PARAMETER, "Error in parameter {$parmname} - Not a url or domain\n"); return ''; } } // possible invalid type return ""; }
public function showNavigation($current) { // include the questionnum of current page (regardless of which page we redirect to afterwards) print "<input type=\"hidden\" name=\"question\" value=\"{$current}\"/>\n"; // Add answer button // This can be hidden, but needs to exist to ensure that pressing ENTER on a text field // submits the correct value // it can be hidden by setting buttons_show_answer_button to false // or in own css file if ($this->show_answer_button == 'true') { // show as a normal div print "<div id=\"" . CSS_ID_BUTTON_ANSWER . "\">\n"; print "<input type=\"submit\" name=\"nav\" id=\"" . CSS_ID_NAVSUBMIT . "-answer\" value=\"answer\"/>\n"; print "</div>\n"; } else { // Note style should override id css code print "<div style=\"height:0px; width:0px; position:absolute; overflow:hidden\">\n"; print "<input type=\"submit\" name=\"nav\" id=\"" . CSS_ID_NAVSUBMIT . "-answer\" value=\"answer\"/>\n"; print "</div>\n"; } foreach ($this->enabled as $this_button) { // check matching label is defined - if not add as a warning and move to next if (!isset($this->labels[$this_button])) { $err = Errors::getInstance(); $err->errorEvent(WARNING_INTERNAL, "No label provided for button {$this_button} - ignoring"); continue; } print "<input type=\"submit\" name=\"nav\" id=\"" . CSS_ID_NAVSUBMIT . "-" . $this_button . "\" value=\"" . $this->labels[$this_button] . "\"/>\n"; } }
function markAnswer($answer) { global $debug; //if ($debug) { print "This answer $answer \n";} // radio / checkbox - answer must be same as if ($this->type == 'radio' || $this->type == 'checkbox') { if ($answer == $this->answer) { return true; } else { return false; } } elseif ($this->type == 'number') { // split answer into min max $min_max = explode(',', $this->answer); if ($answer >= $min_max[0] && $answer <= $min_max[1]) { return true; } else { return false; } } elseif ($this->type == 'text') { // note that ¬ is used instead of / / in the search - otherwise problems with paths in the question (eg. linux quiz) //$answer_test = stripslashes($this->answer); //$answer_test = addslashes($this->answer); $answer_test = $this->answer; if (isset($debug) && $debug == true) { print "Test: " . '¬^' . $answer_test . '$¬i' . "<br />\n"; print "Answer {$answer}<br />\n"; } if (preg_match('¬^' . $answer_test . '$¬i', $answer)) { return true; } else { return false; } } elseif ($this->type == 'TEXT') { if (preg_match('¬^' . $this->answer . '$¬', $answer)) { return true; } else { return false; } } else { // error in question configuration $err = Errors::getInstance(); $err->errorEvent(WARNING_QUESTION, "Warning, unknown question type for {$this->questionid}"); return false; } }