Esempio n. 1
0
 public function reloadSettings()
 {
     // get the current settings from the database
     $this->settings = $this->qdb_object->getSettingsAll();
     // perform error checking
     if (isset($this->settings['ERRORS']) && $this->settings['ERRORS'] != '') {
         // fatal error as we need these settings for everything else to work
         $err = Errors::getInstance();
         $err->errorEvent(ERROR_SETTINGS, "Error reloading settings " . $this->settings['ERRORS']);
     }
 }
 public function getSessionInfo()
 {
     // first check status - if not set then return empty array
     $session_info = array();
     $status = $this->getValue('status');
     if (!isset($status) || !is_int($status)) {
         $err = Errors::getInstance();
         $err->errorEvent(INFO_SESSION, "No session found");
         return $session_info;
     }
     $session_info['status'] = $status;
     $session_info['username'] = $this->getValue('username');
     return $session_info;
 }
Esempio n. 3
0
 public function writeFile($contents)
 {
     $fh = fopen($this->filename, 'w');
     if ($fh) {
         fwrite($fh, $this->file_header);
         fwrite($fh, $contents);
     } else {
         if (isset($debug) && $debug) {
             print "Error in writeFile " . $this->filename . "\n";
         }
         $err = Errors::getInstance();
         $err->errorEvent(ERROR_FILEWRITE, "Error writing to file " . $this->filename);
         exit(0);
     }
 }
Esempio n. 4
0
 public static function runException($needle, $argument = false)
 {
     $error = false;
     $type = is_int($needle) ? "code" : "key";
     foreach (Errors::getInstance()->errors as $value) {
         if ($value[$type] == $needle) {
             $error = $value;
             break;
         }
     }
     if ($error['message'] && $argument) {
         $error['message'] = str_replace("%1", $argument, $error['message']);
     }
     if (!$error) {
         Errors::getInstance()->runException("E_UNKNOWN_ERROR");
     }
     throw new ResponseException($error['message'], $error['code']);
 }
Esempio n. 5
0
// this will normally just load the name of the real config file
// note can't try/catch around an include so use @include and check it's loaded later
@(include $app_dir . "/" . $default_cfg_file);
// $cfgfile is in the default_cfg_file and points to the 'real' config file
// $cfgfile is loaded after all the entries in $default_cfg_file
// if no local cfg file so see if master cfg file has been customised
if (!isset($cfgfile) || $cfgfile == '') {
    // check master file has settings - just check one of them
    if (!isset($dbsettings)) {
        $err = Errors::getInstance();
        $err->errorEvent(ERROR_CFG, "Error loading master config file ({$default_cfg_file}), or file is corrupt / incomplete");
    }
} else {
    // information message - only log if in debug mode
    if (isset($debug) && $debug) {
        $err = Errors::getInstance();
        $err->errorEvent(INFO_CFG, "Loaded main config - now loading local config {$cfgfile}");
    }
    @(include $cfgfile);
    // make sure required dbsettings is loaded
    if (!isset($dbsettings)) {
        $err->errorEvent(ERROR_CFG, "Error loading local config file ({$cfgfile}), or file is corrupt / incomplete");
    }
}
if ($debug) {
    print "config files loaded\n";
}
/*** Connect to database - $db can be used to access by other classes ***/
/*** But prefrably use $qdb below ***/
// null array for options - could add options if required
$db_options = array();
Esempio n. 6
0
 public function includeTemplate($template_name, $mode)
 {
     // pull in application directory from original setup / adminsetup
     global $app_dir;
     // the local directory is not dependant upon incoming php file
     $template_dir_local = $app_dir . "/themes/";
     // the url directory is dependant upon whether we are in admin or not
     if ($mode == 'admin') {
         $template_dir_url = "../themes/";
         $template_theme_dir = $this->settings->getSetting("theme_admin") . "/";
     } elseif ($mode == 'test') {
         $template_dir_url = "themes/";
         $template_theme_dir = $this->settings->getSetting("theme_quiz") . "/";
         // set mode to normal so we load the standard headers
         $mode = 'normal';
     } else {
         $template_dir_url = "themes/";
         $template_theme_dir = $this->settings->getSetting("theme_quiz") . "/";
     }
     $template_filename = $this->filenames[$mode . "_" . $template_name];
     /* Settings that can be used within the template files */
     //%%Title%%
     $template_variables['Title'] = $this->settings->getSetting("html_title");
     //%%Description%%
     $template_variables['Description'] = $this->settings->getSetting("html_description");
     //%%QuizTitle%%
     $template_variables['QuizTitle'] = $this->settings->getSetting("quiz_title");
     //%%QuestionNumber%%
     $template_variables['QuestionNumber'] = $this->settings->getSetting("question_number");
     //%%HeaderJavascript (created by addHeaderJavascript function)
     if ($this->header_javascript != '') {
         $template_variables['HeaderJavascript'] = "<script type=\"text/javascript\">\n" . $this->header_javascript . "</script>\n";
     } else {
         $template_variables['HeaderJavascript'] = '';
     }
     //%%ThemeDirectory%%
     // Note use directory in the variable name rather than shortened to dir as we have done for the internal variables
     // This is the path to the theme directory that can be used in a url (relative to current file)
     $template_variables['ThemeDirectory'] = $template_dir_url . $template_theme_dir;
     // only action if template is set - if blank or not in db then we ignore
     // load the template file and parse initial variables
     if ($template_filename != "") {
         // include the app_dir as rel_dir is relative to that
         //include($template_dir_local.$template_theme_dir.$template_filename);
         $template_fh = fopen($template_dir_local . $template_theme_dir . $template_filename, 'r');
         while ($this_string = fgets($template_fh)) {
             // parse variables
             foreach ($template_variables as $this_variable_key => $this_variable_value) {
                 $this_string = preg_replace("/%%{$this_variable_key}%%/i", $this_variable_value, $this_string);
             }
             // replaced relevant variables now check for permitted php includes
             if (preg_match('/(.*)<\\?php\\s+include\\s*\\(?[\'\\"]([^\'\\"]*)[\'\\"]\\)?\\s*;\\s*\\?>(.*)/', $this_string, $matches)) {
                 // print before string - do the include - then print after string
                 // this is why only one per line (could add loop or recursive, but shouldn't need to have more than one include per line - especially as you can include an include etc.)
                 // before include
                 print $matches[1];
                 // include string
                 // don't check it exists here - perhaps add in future
                 // if not enabled then we ignore - strip out the include and replace with a comment warning
                 if ($this->settings->getSetting('template_allow_include')) {
                     include $matches[2];
                 } else {
                     print "<!-- PHP Includes are disabled in the wquiz settings -->";
                 }
                 // after include
                 print $matches[3];
             } else {
                 print $this_string;
             }
         }
     } else {
         // not found - so issue warning
         $err = Errors::getInstance();
         //$err->errorEvent(WARNING_EXTERNAL, "Warning, external template file not found - $template_filename");
         // not an error as such - but likely to be
         $err->errorEvent(INFO_EXTERNAL, "Warning, external template not defined - {$template_name}, {$mode}");
     }
 }
Esempio n. 7
0
 function getUsersAll()
 {
     global $debug;
     $output = array();
     $select_string = "SELECT * FROM " . $this->table_prefix . "users ORDER BY userid";
     if (isset($debug) && $debug) {
         print "SQL: {$select_string}\n";
     }
     $temp_array = $this->db_object->getRowsAll($select_string);
     // check for errors
     if (isset($temp_array['ERRORS'])) {
         if ($debug) {
             print "Error in getUsersAll \n";
         }
         $err = Errors::getInstance();
         $err->errorEvent(ERROR_DATABASE, "Error reading database" . $temp_array['ERRORS']);
         // not needed as we exit anyway, but removes risk of failure
         exit(0);
     }
     foreach ($temp_array as $this_entry) {
         $output[$this_entry['username']] = new User(array('userid' => $this_entry['userid'], 'username' => $this_entry['username'], 'accesslevel' => $this_entry['accesslevel'], 'fullname' => $this_entry['fullname'], 'password' => $this_entry['password'], 'status' => $this_entry['status'], 'loginexpiry' => $this_entry['loginexpiry'], 'supervisor' => $this_entry['supervisor'], 'admin' => $this_entry['admin']));
     }
     return $output;
 }
Esempio n. 8
0
 public static function getWarning($warning)
 {
     return Errors::getInstance()->read($warning);
 }
Esempio n. 9
0
 public function delQuestionQuizQuestionid($questionid)
 {
     global $debug;
     // create two strings - one with field names - second with values
     $sql = "DELETE FROM " . $this->table_prefix . $this->quiz_tables['rel'] . " WHERE questionid=\"{$questionid}\"";
     if (isset($debug) && $debug) {
         print "SQL: \n" . $sql . "\n\n";
     }
     $temp_array = $this->db_object->updateRow($sql);
     // check for errors
     if (isset($temp_array['ERRORS'])) {
         if ($debug) {
             print "Error in delQuestionQuizQuestionid \n";
         }
         $err = Errors::getInstance();
         $err->errorEvent(ERROR_DATABASE, "Error writing to database" + $temp_array['ERRORS']);
     }
     return true;
 }
Esempio n. 10
0
 function _checkParm($value, $parmname, $parmtype)
 {
     if ($parmtype == 'url') {
         $status = $this->_checkUrl($value);
         // if error code
         if ($status[0] != 0) {
             if ($status[0] == 1) {
                 return '';
             } else {
                 $message = $status[1];
                 if (isset($debug) && $debug) {
                     print "Error in parameter {$parmname} - {$message}\n";
                 }
                 $err = Errors::getInstance();
                 $err->errorEvent(ERROR_PARAMETER, "Error in parameter {$parmname} - {$message}\n");
                 return '';
             }
         } else {
             // we have now verfied url as being safe
             return $status[1];
         }
     } elseif ($parmtype == 'relurl') {
         $unsafe_page = $value;
         // check that this is only has allowed characters (either  alphanumeric normal characters and .(* beginning only) - or it's a regexp)
         if (preg_match('/^[\\w-\\.]+$/', $unsafe_page)) {
             return $unsafe_page;
         } else {
             return "";
         }
     } elseif ($parmtype == 'domain') {
         $status = $this->_checkDomain($value);
         // if error code
         if ($status[0] != 0) {
             if ($status[0] == 1) {
                 return '';
             } else {
                 $message = $status[1];
                 if (isset($debug) && $debug) {
                     print "Error in parameter {$parmname} - {$message}\n";
                 }
                 $err = Errors::getInstance();
                 $err->errorEvent(ERROR_PARAMETER, "Error in parameter {$parmname} - {$message}\n");
                 return '';
             }
         } else {
             return $status[1];
         }
     } elseif ($parmtype == 'reltime') {
         $unsafe_time = $value;
         // check that this is only has allowed characters (either  alphanumeric normal characters and .(* beginning only) - or it's a regexp)
         // just allow minutes or hours - don't do days or secs
         if (preg_match('/^\\d+\\s*(min(utes)?)|(hours?)$/', $unsafe_time)) {
             return $unsafe_time;
         } elseif ($unsafe_time == 'Always') {
             return 'Always';
         } else {
             return '';
         }
     } elseif ($parmtype == 'alphanum') {
         // just allow printable chars (\w)
         if (preg_match('/^[\\w-_]+$/', $value)) {
             return $value;
         } elseif ($value == '*') {
             return $value;
         } else {
             return '';
         }
     } elseif ($parmtype == 'text') {
         $unsafe_text = $value;
         $unsafe_text = preg_replace('/</', '&lt;', $unsafe_text);
         $unsafe_text = preg_replace('/>/', '&gt;', $unsafe_text);
         return $unsafe_text;
     } elseif ($parmtype == 'datetime') {
         $unsafe_text = $value;
         $unsafe_text = preg_replace('/</', '&lt;', $unsafe_text);
         $unsafe_text = preg_replace('/>/', '&gt;', $unsafe_text);
         return $unsafe_text;
     } elseif ($parmtype == 'int') {
         $int_value = intval($value);
         if ($int_value != 0) {
             return $int_value;
         } else {
             return '';
         }
     } elseif ($parmtype == 'bool') {
         if ($value == 'true' || $value == '1') {
             return true;
         } else {
             return false;
         }
     } elseif ($parmtype == 'website') {
         // check for a url first - if not check for domain
         $status = $this->_checkUrl($value);
         if ($status[0] == 0) {
             return $status[1];
         }
         $status = $this->_checkDomain($value);
         if ($status[0] == 0) {
             return $status[1];
         } else {
             $message = $status[1];
             if (isset($debug) && $debug) {
                 print "Error in parameter {$parmname} - Not a url or domain\n";
             }
             $err = Errors::getInstance();
             $err->errorEvent(ERROR_PARAMETER, "Error in parameter {$parmname} - Not a url or domain\n");
             return '';
         }
     }
     // possible invalid type
     return "";
 }
Esempio n. 11
0
 public function showNavigation($current)
 {
     // include the questionnum of current page (regardless of which page we redirect to afterwards)
     print "<input type=\"hidden\" name=\"question\" value=\"{$current}\"/>\n";
     // Add answer button
     // This can be hidden, but needs to exist to ensure that pressing ENTER on a text field
     // submits the correct value
     // it can be hidden by setting buttons_show_answer_button to false
     // or in own css file
     if ($this->show_answer_button == 'true') {
         // show as a normal div
         print "<div id=\"" . CSS_ID_BUTTON_ANSWER . "\">\n";
         print "<input type=\"submit\" name=\"nav\" id=\"" . CSS_ID_NAVSUBMIT . "-answer\"  value=\"answer\"/>\n";
         print "</div>\n";
     } else {
         // Note style should override id css code
         print "<div style=\"height:0px; width:0px; position:absolute; overflow:hidden\">\n";
         print "<input type=\"submit\" name=\"nav\" id=\"" . CSS_ID_NAVSUBMIT . "-answer\"  value=\"answer\"/>\n";
         print "</div>\n";
     }
     foreach ($this->enabled as $this_button) {
         // check matching label is defined - if not add as a warning and move to next
         if (!isset($this->labels[$this_button])) {
             $err = Errors::getInstance();
             $err->errorEvent(WARNING_INTERNAL, "No label provided for button {$this_button} - ignoring");
             continue;
         }
         print "<input type=\"submit\" name=\"nav\" id=\"" . CSS_ID_NAVSUBMIT . "-" . $this_button . "\"  value=\"" . $this->labels[$this_button] . "\"/>\n";
     }
 }
Esempio n. 12
0
 function markAnswer($answer)
 {
     global $debug;
     //if ($debug) { print "This answer $answer \n";}
     // radio / checkbox - answer must be same as
     if ($this->type == 'radio' || $this->type == 'checkbox') {
         if ($answer == $this->answer) {
             return true;
         } else {
             return false;
         }
     } elseif ($this->type == 'number') {
         // split answer into min max
         $min_max = explode(',', $this->answer);
         if ($answer >= $min_max[0] && $answer <= $min_max[1]) {
             return true;
         } else {
             return false;
         }
     } elseif ($this->type == 'text') {
         // note that ¬ is used instead of / / in the search - otherwise problems with paths in the question (eg. linux quiz)
         //$answer_test = stripslashes($this->answer);
         //$answer_test = addslashes($this->answer);
         $answer_test = $this->answer;
         if (isset($debug) && $debug == true) {
             print "Test: " . '¬^' . $answer_test . '$¬i' . "<br />\n";
             print "Answer {$answer}<br />\n";
         }
         if (preg_match('¬^' . $answer_test . '$¬i', $answer)) {
             return true;
         } else {
             return false;
         }
     } elseif ($this->type == 'TEXT') {
         if (preg_match('¬^' . $this->answer . '$¬', $answer)) {
             return true;
         } else {
             return false;
         }
     } else {
         // error in question configuration
         $err = Errors::getInstance();
         $err->errorEvent(WARNING_QUESTION, "Warning, unknown question type for {$this->questionid}");
         return false;
     }
 }