public function reloadSettings()
{
// get the current settings from the database
$this->settings = $this->qdb_object->getSettingsAll();
// perform error checking
if (isset($this->settings['ERRORS']) && $this->settings['ERRORS'] != '') {
// fatal error as we need these settings for everything else to work
$err = Errors::getInstance();
$err->errorEvent(ERROR_SETTINGS, "Error reloading settings " . $this->settings['ERRORS']);
}
}
public function getSessionInfo()
{
// first check status - if not set then return empty array
$session_info = array();
$status = $this->getValue('status');
if (!isset($status) || !is_int($status)) {
$err = Errors::getInstance();
$err->errorEvent(INFO_SESSION, "No session found");
return $session_info;
}
$session_info['status'] = $status;
$session_info['username'] = $this->getValue('username');
return $session_info;
}
public function writeFile($contents)
{
$fh = fopen($this->filename, 'w');
if ($fh) {
fwrite($fh, $this->file_header);
fwrite($fh, $contents);
} else {
if (isset($debug) && $debug) {
print "Error in writeFile " . $this->filename . "\n";
}
$err = Errors::getInstance();
$err->errorEvent(ERROR_FILEWRITE, "Error writing to file " . $this->filename);
exit(0);
}
}
public static function runException($needle, $argument = false)
{
$error = false;
$type = is_int($needle) ? "code" : "key";
foreach (Errors::getInstance()->errors as $value) {
if ($value[$type] == $needle) {
$error = $value;
break;
}
}
if ($error['message'] && $argument) {
$error['message'] = str_replace("%1", $argument, $error['message']);
}
if (!$error) {
Errors::getInstance()->runException("E_UNKNOWN_ERROR");
}
throw new ResponseException($error['message'], $error['code']);
}
// this will normally just load the name of the real config file
// note can't try/catch around an include so use @include and check it's loaded later
@(include $app_dir . "/" . $default_cfg_file);
// $cfgfile is in the default_cfg_file and points to the 'real' config file
// $cfgfile is loaded after all the entries in $default_cfg_file
// if no local cfg file so see if master cfg file has been customised
if (!isset($cfgfile) || $cfgfile == '') {
// check master file has settings - just check one of them
if (!isset($dbsettings)) {
$err = Errors::getInstance();
$err->errorEvent(ERROR_CFG, "Error loading master config file ({$default_cfg_file}), or file is corrupt / incomplete");
}
} else {
// information message - only log if in debug mode
if (isset($debug) && $debug) {
$err = Errors::getInstance();
$err->errorEvent(INFO_CFG, "Loaded main config - now loading local config {$cfgfile}");
}
@(include $cfgfile);
// make sure required dbsettings is loaded
if (!isset($dbsettings)) {
$err->errorEvent(ERROR_CFG, "Error loading local config file ({$cfgfile}), or file is corrupt / incomplete");
}
}
if ($debug) {
print "config files loaded\n";
}
/*** Connect to database - $db can be used to access by other classes ***/
/*** But prefrably use $qdb below ***/
// null array for options - could add options if required
$db_options = array();
public function includeTemplate($template_name, $mode)
{
// pull in application directory from original setup / adminsetup
global $app_dir;
// the local directory is not dependant upon incoming php file
$template_dir_local = $app_dir . "/themes/";
// the url directory is dependant upon whether we are in admin or not
if ($mode == 'admin') {
$template_dir_url = "../themes/";
$template_theme_dir = $this->settings->getSetting("theme_admin") . "/";
} elseif ($mode == 'test') {
$template_dir_url = "themes/";
$template_theme_dir = $this->settings->getSetting("theme_quiz") . "/";
// set mode to normal so we load the standard headers
$mode = 'normal';
} else {
$template_dir_url = "themes/";
$template_theme_dir = $this->settings->getSetting("theme_quiz") . "/";
}
$template_filename = $this->filenames[$mode . "_" . $template_name];
/* Settings that can be used within the template files */
//%%Title%%
$template_variables['Title'] = $this->settings->getSetting("html_title");
//%%Description%%
$template_variables['Description'] = $this->settings->getSetting("html_description");
//%%QuizTitle%%
$template_variables['QuizTitle'] = $this->settings->getSetting("quiz_title");
//%%QuestionNumber%%
$template_variables['QuestionNumber'] = $this->settings->getSetting("question_number");
//%%HeaderJavascript (created by addHeaderJavascript function)
if ($this->header_javascript != '') {
$template_variables['HeaderJavascript'] = "<script type=\"text/javascript\">\n" . $this->header_javascript . "</script>\n";
} else {
$template_variables['HeaderJavascript'] = '';
}
//%%ThemeDirectory%%
// Note use directory in the variable name rather than shortened to dir as we have done for the internal variables
// This is the path to the theme directory that can be used in a url (relative to current file)
$template_variables['ThemeDirectory'] = $template_dir_url . $template_theme_dir;
// only action if template is set - if blank or not in db then we ignore
// load the template file and parse initial variables
if ($template_filename != "") {
// include the app_dir as rel_dir is relative to that
//include($template_dir_local.$template_theme_dir.$template_filename);
$template_fh = fopen($template_dir_local . $template_theme_dir . $template_filename, 'r');
while ($this_string = fgets($template_fh)) {
// parse variables
foreach ($template_variables as $this_variable_key => $this_variable_value) {
$this_string = preg_replace("/%%{$this_variable_key}%%/i", $this_variable_value, $this_string);
}
// replaced relevant variables now check for permitted php includes
if (preg_match('/(.*)<\\?php\\s+include\\s*\\(?[\'\\"]([^\'\\"]*)[\'\\"]\\)?\\s*;\\s*\\?>(.*)/', $this_string, $matches)) {
// print before string - do the include - then print after string
// this is why only one per line (could add loop or recursive, but shouldn't need to have more than one include per line - especially as you can include an include etc.)
// before include
print $matches[1];
// include string
// don't check it exists here - perhaps add in future
// if not enabled then we ignore - strip out the include and replace with a comment warning
if ($this->settings->getSetting('template_allow_include')) {
include $matches[2];
} else {
print "<!-- PHP Includes are disabled in the wquiz settings -->";
}
// after include
print $matches[3];
} else {
print $this_string;
}
}
} else {
// not found - so issue warning
$err = Errors::getInstance();
//$err->errorEvent(WARNING_EXTERNAL, "Warning, external template file not found - $template_filename");
// not an error as such - but likely to be
$err->errorEvent(INFO_EXTERNAL, "Warning, external template not defined - {$template_name}, {$mode}");
}
}
function getUsersAll()
{
global $debug;
$output = array();
$select_string = "SELECT * FROM " . $this->table_prefix . "users ORDER BY userid";
if (isset($debug) && $debug) {
print "SQL: {$select_string}\n";
}
$temp_array = $this->db_object->getRowsAll($select_string);
// check for errors
if (isset($temp_array['ERRORS'])) {
if ($debug) {
print "Error in getUsersAll \n";
}
$err = Errors::getInstance();
$err->errorEvent(ERROR_DATABASE, "Error reading database" . $temp_array['ERRORS']);
// not needed as we exit anyway, but removes risk of failure
exit(0);
}
foreach ($temp_array as $this_entry) {
$output[$this_entry['username']] = new User(array('userid' => $this_entry['userid'], 'username' => $this_entry['username'], 'accesslevel' => $this_entry['accesslevel'], 'fullname' => $this_entry['fullname'], 'password' => $this_entry['password'], 'status' => $this_entry['status'], 'loginexpiry' => $this_entry['loginexpiry'], 'supervisor' => $this_entry['supervisor'], 'admin' => $this_entry['admin']));
}
return $output;
}
public static function getWarning($warning)
{
return Errors::getInstance()->read($warning);
}
public function delQuestionQuizQuestionid($questionid)
{
global $debug;
// create two strings - one with field names - second with values
$sql = "DELETE FROM " . $this->table_prefix . $this->quiz_tables['rel'] . " WHERE questionid=\"{$questionid}\"";
if (isset($debug) && $debug) {
print "SQL: \n" . $sql . "\n\n";
}
$temp_array = $this->db_object->updateRow($sql);
// check for errors
if (isset($temp_array['ERRORS'])) {
if ($debug) {
print "Error in delQuestionQuizQuestionid \n";
}
$err = Errors::getInstance();
$err->errorEvent(ERROR_DATABASE, "Error writing to database" + $temp_array['ERRORS']);
}
return true;
}
function _checkParm($value, $parmname, $parmtype)
{
if ($parmtype == 'url') {
$status = $this->_checkUrl($value);
// if error code
if ($status[0] != 0) {
if ($status[0] == 1) {
return '';
} else {
$message = $status[1];
if (isset($debug) && $debug) {
print "Error in parameter {$parmname} - {$message}\n";
}
$err = Errors::getInstance();
$err->errorEvent(ERROR_PARAMETER, "Error in parameter {$parmname} - {$message}\n");
return '';
}
} else {
// we have now verfied url as being safe
return $status[1];
}
} elseif ($parmtype == 'relurl') {
$unsafe_page = $value;
// check that this is only has allowed characters (either alphanumeric normal characters and .(* beginning only) - or it's a regexp)
if (preg_match('/^[\\w-\\.]+$/', $unsafe_page)) {
return $unsafe_page;
} else {
return "";
}
} elseif ($parmtype == 'domain') {
$status = $this->_checkDomain($value);
// if error code
if ($status[0] != 0) {
if ($status[0] == 1) {
return '';
} else {
$message = $status[1];
if (isset($debug) && $debug) {
print "Error in parameter {$parmname} - {$message}\n";
}
$err = Errors::getInstance();
$err->errorEvent(ERROR_PARAMETER, "Error in parameter {$parmname} - {$message}\n");
return '';
}
} else {
return $status[1];
}
} elseif ($parmtype == 'reltime') {
$unsafe_time = $value;
// check that this is only has allowed characters (either alphanumeric normal characters and .(* beginning only) - or it's a regexp)
// just allow minutes or hours - don't do days or secs
if (preg_match('/^\\d+\\s*(min(utes)?)|(hours?)$/', $unsafe_time)) {
return $unsafe_time;
} elseif ($unsafe_time == 'Always') {
return 'Always';
} else {
return '';
}
} elseif ($parmtype == 'alphanum') {
// just allow printable chars (\w)
if (preg_match('/^[\\w-_]+$/', $value)) {
return $value;
} elseif ($value == '*') {
return $value;
} else {
return '';
}
} elseif ($parmtype == 'text') {
$unsafe_text = $value;
$unsafe_text = preg_replace('/</', '<', $unsafe_text);
$unsafe_text = preg_replace('/>/', '>', $unsafe_text);
return $unsafe_text;
} elseif ($parmtype == 'datetime') {
$unsafe_text = $value;
$unsafe_text = preg_replace('/</', '<', $unsafe_text);
$unsafe_text = preg_replace('/>/', '>', $unsafe_text);
return $unsafe_text;
} elseif ($parmtype == 'int') {
$int_value = intval($value);
if ($int_value != 0) {
return $int_value;
} else {
return '';
}
} elseif ($parmtype == 'bool') {
if ($value == 'true' || $value == '1') {
return true;
} else {
return false;
}
} elseif ($parmtype == 'website') {
// check for a url first - if not check for domain
$status = $this->_checkUrl($value);
if ($status[0] == 0) {
return $status[1];
}
$status = $this->_checkDomain($value);
if ($status[0] == 0) {
return $status[1];
} else {
$message = $status[1];
if (isset($debug) && $debug) {
print "Error in parameter {$parmname} - Not a url or domain\n";
}
$err = Errors::getInstance();
$err->errorEvent(ERROR_PARAMETER, "Error in parameter {$parmname} - Not a url or domain\n");
return '';
}
}
// possible invalid type
return "";
}
public function showNavigation($current)
{
// include the questionnum of current page (regardless of which page we redirect to afterwards)
print "<input type=\"hidden\" name=\"question\" value=\"{$current}\"/>\n";
// Add answer button
// This can be hidden, but needs to exist to ensure that pressing ENTER on a text field
// submits the correct value
// it can be hidden by setting buttons_show_answer_button to false
// or in own css file
if ($this->show_answer_button == 'true') {
// show as a normal div
print "<div id=\"" . CSS_ID_BUTTON_ANSWER . "\">\n";
print "<input type=\"submit\" name=\"nav\" id=\"" . CSS_ID_NAVSUBMIT . "-answer\" value=\"answer\"/>\n";
print "</div>\n";
} else {
// Note style should override id css code
print "<div style=\"height:0px; width:0px; position:absolute; overflow:hidden\">\n";
print "<input type=\"submit\" name=\"nav\" id=\"" . CSS_ID_NAVSUBMIT . "-answer\" value=\"answer\"/>\n";
print "</div>\n";
}
foreach ($this->enabled as $this_button) {
// check matching label is defined - if not add as a warning and move to next
if (!isset($this->labels[$this_button])) {
$err = Errors::getInstance();
$err->errorEvent(WARNING_INTERNAL, "No label provided for button {$this_button} - ignoring");
continue;
}
print "<input type=\"submit\" name=\"nav\" id=\"" . CSS_ID_NAVSUBMIT . "-" . $this_button . "\" value=\"" . $this->labels[$this_button] . "\"/>\n";
}
}
function markAnswer($answer)
{
global $debug;
//if ($debug) { print "This answer $answer \n";}
// radio / checkbox - answer must be same as
if ($this->type == 'radio' || $this->type == 'checkbox') {
if ($answer == $this->answer) {
return true;
} else {
return false;
}
} elseif ($this->type == 'number') {
// split answer into min max
$min_max = explode(',', $this->answer);
if ($answer >= $min_max[0] && $answer <= $min_max[1]) {
return true;
} else {
return false;
}
} elseif ($this->type == 'text') {
// note that ¬ is used instead of / / in the search - otherwise problems with paths in the question (eg. linux quiz)
//$answer_test = stripslashes($this->answer);
//$answer_test = addslashes($this->answer);
$answer_test = $this->answer;
if (isset($debug) && $debug == true) {
print "Test: " . '¬^' . $answer_test . '$¬i' . "<br />\n";
print "Answer {$answer}<br />\n";
}
if (preg_match('¬^' . $answer_test . '$¬i', $answer)) {
return true;
} else {
return false;
}
} elseif ($this->type == 'TEXT') {
if (preg_match('¬^' . $this->answer . '$¬', $answer)) {
return true;
} else {
return false;
}
} else {
// error in question configuration
$err = Errors::getInstance();
$err->errorEvent(WARNING_QUESTION, "Warning, unknown question type for {$this->questionid}");
return false;
}
}