function add_update_course($course_data, $isadmin = FALSE) { require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php'; global $addslashes; global $db; global $system_courses; global $MaxCourseSize; global $msg; global $_config; global $_config_defaults; global $stripslashes; $Backup = new Backup($db); $missing_fields = array(); if ($course_data['title'] == '') { $missing_fields[] = _AT('title'); } if (!$course_data['instructor']) { $missing_fields[] = _AT('instructor'); } if ($missing_fields) { $missing_fields = implode(', ', $missing_fields); $msg->addError(array('EMPTY_FIELDS', $missing_fields)); } $course_data['access'] = $addslashes($course_data['access']); $course_data['title'] = $addslashes($course_data['title']); $course_data['description'] = $addslashes($course_data['description']); $course_data['hide'] = $addslashes($course_data['hide']); $course_data['pri_lang'] = $addslashes($course_data['pri_lang']); $course_data['created_date'] = $addslashes($course_data['created_date']); $course_data['copyright'] = $addslashes($course_data['copyright']); $course_data['icon'] = $addslashes($course_data['icon']); $course_data['banner'] = $addslashes($course_data['banner']); $course_data['course_dir_name'] = $addslashes($course_data['course_dir_name']); $course_data['course'] = intval($course_data['course']); $course_data['notify'] = intval($course_data['notify']); $course_data['hide'] = intval($course_data['hide']); $course_data['instructor'] = intval($course_data['instructor']); $course_data['category_parent'] = intval($course_data['category_parent']); $course_data['rss'] = intval($course_data['rss']); // Course directory name (aka course slug) if ($course_data['course_dir_name'] != '') { //validate the course_dir_name, allow only alphanumeric, underscore. if (preg_match('/^[\\w][\\w\\d\\_]+$/', $course_data['course_dir_name']) == 0) { $msg->addError('COURSE_DIR_NAME_INVALID'); } //check if the course_dir_name is already being used $sql = "SELECT COUNT(course_id) as cnt FROM %scourses WHERE course_id!=%d AND course_dir_name='%s'"; $num_of_dir = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['course_dir_name']), TRUE); if (intval($num_of_dir['cnt']) > 0) { $msg->addError('COURSE_DIR_NAME_IN_USE'); } } // Custom icon if ($_FILES['customicon']['name'] != '') { // Use custom icon instead if it exists $course_data['icon'] = $addslashes($_FILES['customicon']['name']); } if ($_FILES['customicon']['error'] == UPLOAD_ERR_FORM_SIZE) { // Check if filesize is too large for a POST $msg->addError(array('FILE_MAX_SIZE', $_config['prof_pic_max_file_size'] . ' ' . _AT('bytes'))); } if ($course_data['release_date']) { $day_release = intval($course_data['day_release']); $month_release = intval($course_data['month_release']); $year_release = intval($course_data['year_release']); $hour_release = intval($course_data['hour_release']); $min_release = intval($course_data['min_release']); if (!checkdate($month_release, $day_release, $year_release)) { //or date is in the past $msg->addError('RELEASE_DATE_INVALID'); } if (strlen($month_release) == 1) { $month_release = "0{$month_release}"; } if (strlen($day_release) == 1) { $day_release = "0{$day_release}"; } if (strlen($hour_release) == 1) { $hour_release = "0{$hour_release}"; } if (strlen($min_release) == 1) { $min_release = "0{$min_release}"; } $release_date = "{$year_release}-{$month_release}-{$day_release} {$hour_release}:{$min_release}:00"; } else { $release_date = "0000-00-00 00:00:00"; } if ($course_data['end_date']) { $day_end = intval($course_data['day_end']); $month_end = intval($course_data['month_end']); $year_end = intval($course_data['year_end']); $hour_end = intval($course_data['hour_end']); $min_end = intval($course_data['min_end']); if (!checkdate($month_end, $day_end, $year_end)) { //or date is in the past $msg->addError('END_DATE_INVALID'); } if (strlen($month_end) == 1) { $month_end = "0{$month_end}"; } if (strlen($day_end) == 1) { $day_end = "0{$day_end}"; } if (strlen($hour_end) == 1) { $hour_end = "0{$hour_end}"; } if (strlen($min_end) == 1) { $min_end = "0{$min_end}"; } $end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00"; } else { $end_date = "0000-00-00 00:00:00"; } $initial_content_info = explode('_', $course_data['initial_content'], 2); //admin $course_quotas = ''; if ($isadmin) { $instructor = $course_data['instructor']; $quota = intval($course_data['quota']); $quota_entered = intval($course_data['quota_entered']); $filesize = intval($course_data['filesize']); $filesize_entered = intval($course_data['filesize_entered']); //if they checked 'other', set quota=entered value, if it is empty or negative, set to default (-2) if ($quota == '2') { if ($quota_entered == '' || empty($quota_entered) || $quota_entered < 0) { $quota = AT_COURSESIZE_DEFAULT; } else { $quota = floatval($quota_entered); $quota = megabytes_to_bytes($quota); } } //if they checked 'other', set filesize=entered value, if it is empty or negative, set to default if ($filesize == '2') { if ($filesize_entered == '' || empty($filesize_entered) || $filesize_entered < 0) { $filesize = AT_FILESIZE_DEFAULT; $msg->addFeedback('COURSE_DEFAULT_FSIZE'); } else { $filesize = floatval($filesize_entered); $filesize = megabytes_to_bytes($filesize); } } $course_quotas = "max_quota='{$quota}', max_file_size='{$filesize}',"; } else { $instructor = $_SESSION['member_id']; if (!$course_data['course']) { $course_quotas = "max_quota=" . AT_COURSESIZE_DEFAULT . ", max_file_size=" . AT_FILESIZE_DEFAULT . ","; $row = $Backup->getRow($initial_content_info[0], $initial_content_info[1]); if (count($initial_content_info) == 2 && $system_courses[$initial_content_info[1]]['member_id'] == $_SESSION['member_id']) { if ($MaxCourseSize < $row['contents']['file_manager']) { $msg->addError('RESTORE_TOO_BIG'); } } else { $initial_content_info = intval($course_data['initial_content']); } } else { unset($initial_content_info); $course_quotas = "max_quota='{$system_courses[$course_data[course]][max_quota]}', max_file_size='{$system_courses[$course_data[course]][max_file_size]}',"; } } if ($msg->containsErrors()) { return FALSE; } //display defaults if (!$course_data['course']) { $menu_defaults = ",home_links='{$_config['home_defaults']}', main_links='{$_config['main_defaults']}', side_menu='{$_config['side_defaults']}'"; } else { $menu_defaults = ',home_links=\'' . $system_courses[$course_data['course']]['home_links'] . '\', main_links=\'' . $system_courses[$course_data['course']]['main_links'] . '\', side_menu=\'' . $system_courses[$course_data['course']]['side_menu'] . '\''; } $sql = "REPLACE INTO %scourses \n SET \n course_id=%d, \n member_id='%s', \n access='%s', \n title='%s', \n description='%s', \n course_dir_name='%s', \n cat_id=%d, \n content_packaging='%s', \n notify=%d, \n hide=%d, \n {$course_quotas}\n primary_language='%s',\n created_date='%s',\n rss=%d,\n copyright='%s',\n icon='%s',\n banner='%s',\n release_date='%s', \n end_date='%s' \n {$menu_defaults}"; $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['instructor'], $course_data['access'], $course_data['title'], $course_data['description'], $course_data['course_dir_name'], $course_data['category_parent'], $course_data['content_packaging'], $course_data['notify'], $course_data['hide'], $course_data['pri_lang'], $course_data['created_date'], $course_data['rss'], $course_data['copyright'], $course_data['icon'], $course_data['banner'], $release_date, $end_date)); if (!$result) { echo at_db_error(); echo 'DB Error'; exit; } $new_course_id = $_SESSION['course_id'] = at_insert_id(); if (isset($isadmin)) { global $sqlout; write_to_log(AT_ADMIN_LOG_REPLACE, 'courses', $result, $sqlout); } if (isset($isadmin)) { //get current instructor and unenroll from course if different from POST instructor $old_instructor = $system_courses[$course_data['course']]['member_id']; if ($old_instructor != $course_data['instructor']) { //remove old from course enrollment $sql = "DELETE FROM %scourse_enrollment WHERE course_id=%d AND member_id=%d"; $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $old_instructor)); global $sqlout; write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout); } } //enroll new instructor $sql = "REPLACE INTO %scourse_enrollment VALUES (%d, %d, 'y', 0, '" . _AT('instructor') . "', 0)"; $result = queryDB($sql, array(TABLE_PREFIX, $course_data['instructor'], $new_course_id)); if (isset($isadmin)) { global $sqlout; write_to_log(AT_ADMIN_LOG_REPLACE, 'course_enrollment', $result, $sqlout); } // create the course content directory $path = AT_CONTENT_DIR . $new_course_id . '/'; @mkdir($path, 0700); @copy(AT_CONTENT_DIR . 'index.html', AT_CONTENT_DIR . $new_course_id . '/index.html'); // create the course backup directory $path = AT_BACKUP_DIR . $new_course_id . '/'; @mkdir($path, 0700); @copy(AT_CONTENT_DIR . 'index.html', AT_BACKUP_DIR . $new_course_id . '/index.html'); /* insert some default content: */ if (!$course_data['course_id'] && $course_data['initial_content'] == '1') { $contentManager = new ContentManager($db, $new_course_id); $contentManager->initContent(); $cid = $contentManager->addContent($new_course_id, 0, 1, _AT('welcome_to_atutor'), addslashes(_AT('this_is_content')), '', '', 1, date('Y-m-d H:00:00')); $announcement = _AT('default_announcement'); $sql = "INSERT INTO %snews VALUES (NULL, %d, %d, NOW(), 1, '%s', '%s')"; $result = queryDB($sql, array(TABLE_PREFIX, $new_course_id, $instructor, _AT('welcome_to_atutor'), $announcement)); if ($isadmin) { global $sqlout; write_to_log(AT_ADMIN_LOG_INSERT, 'news', $result, $sqlout); } } else { if (!$course_data['course'] && count($initial_content_info) == 2) { $Backup->setCourseID($new_course_id); $Backup->restore($material = TRUE, 'append', $initial_content_info[0], $initial_content_info[1]); } } // custom icon, have to be after directory is created if ($_FILES['customicon']['tmp_name'] != '') { $course_data['comments'] = trim($course_data['comments']); $owner_id = $_SESSION['course_id']; $owner_type = "1"; if ($_FILES['customicon']['error'] == UPLOAD_ERR_INI_SIZE) { $msg->addError(array('FILE_TOO_BIG', get_human_size(megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1))))); } else { if (!isset($_FILES['customicon']['name']) || $_FILES['customicon']['error'] == UPLOAD_ERR_NO_FILE || $_FILES['customicon']['size'] == 0) { $msg->addError('FILE_NOT_SELECTED'); } else { if ($_FILES['customicon']['error'] || !is_uploaded_file($_FILES['customicon']['tmp_name'])) { $msg->addError('FILE_NOT_SAVED'); } } } if (!$msg->containsErrors()) { $course_data['description'] = $addslashes(trim($course_data['description'])); $_FILES['customicon']['name'] = addslashes($_FILES['customicon']['name']); if ($course_data['comments']) { $num_comments = 1; } else { $num_comments = 0; } $path = AT_CONTENT_DIR . $owner_id . "/custom_icons/"; if (!is_dir($path)) { @mkdir($path); } // if we can upload custom course icon, it means GD is enabled, no need to check extension again. $gd_info = gd_info(); $supported_images = array(); if ($gd_info['GIF Create Support']) { $supported_images[] = 'gif'; } if ($gd_info['JPG Support'] || $gd_info['JPEG Support']) { $supported_images[] = 'jpg'; } if ($gd_info['PNG Support']) { $supported_images[] = 'png'; } // check if this is a supported file type $filename = $stripslashes($_FILES['customicon']['name']); $path_parts = pathinfo($filename); $extension = strtolower($path_parts['extension']); $image_attributes = getimagesize($_FILES['customicon']['tmp_name']); if ($extension == 'jpeg') { $extension = 'jpg'; } // resize the original but don't backup a copy. $width = $image_attributes[0]; $height = $image_attributes[1]; $original_img = $_FILES['customicon']['tmp_name']; $thumbnail_img = $path . $_FILES['customicon']['name']; if ($width > $height && $width > 79) { $thumbnail_height = intval(79 * $height / $width); $thumbnail_width = 79; if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) { $msg->addError('FILE_NOT_SAVED'); } } else { if ($width <= $height && $height > 79) { $thumbnail_height = 100; $thumbnail_width = intval(100 * $width / $height); if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) { $msg->addError('FILE_NOT_SAVED'); } } else { // no resizing, just copy the image. // it's too small to resize. copy($original_img, $thumbnail_img); } } } else { $msg->addError('FILE_NOT_SAVED'); } } //---------------------------------------- /* delete the RSS feeds just in case: */ if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS1.0.xml')) { @unlink(AT_CONTENT_DIR . 'feeds/' . $course_data['course'] . '/RSS1.0.xml'); } if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml')) { @unlink(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml'); } if ($isadmin) { $_SESSION['course_id'] = -1; } $_SESSION['course_title'] = $stripslashes($course_data['title']); return $new_course_id; }
$_POST['address'] = $addslashes($_POST['address']); $_POST['postal'] = $addslashes($_POST['postal']); $_POST['city'] = $addslashes($_POST['city']); $_POST['province'] = $addslashes($_POST['province']); $_POST['country'] = $addslashes($_POST['country']); $_POST['phone'] = $addslashes($_POST['phone']); if (defined('AT_EMAIL_CONFIRMATION') && AT_EMAIL_CONFIRMATION) { $status = AT_STATUS_UNCONFIRMED; } else { $status = AT_STATUS_STUDENT; } $now = date('Y-m-d H:i:s'); // we use this later for the email confirmation. /* insert into the db */ $sql = "INSERT INTO %smembers \n\t\t (login,\n\t\t password,\n\t\t email,\n\t\t website,\n\t\t first_name,\n\t\t second_name,\n\t\t last_name,\n\t\t dob,\n\t\t gender,\n\t\t address,\n\t\t postal,\n\t\t city,\n\t\t province,\n\t\t country,\n\t\t phone,\n\t\t status,\n\t\t preferences,\n\t\t creation_date,\n\t\t language,\n\t\t inbox_notify,\n\t\t private_email,\n\t\t last_login)\n\t\t VALUES ('{$_POST['login']}',\n\t\t '{$_POST['password']}',\n\t\t '{$_POST['email']}',\n\t\t '{$_POST['website']}',\n\t\t '{$_POST['first_name']}',\n\t\t '{$_POST['second_name']}',\n\t\t '{$_POST['last_name']}', \n\t\t '{$dob}', \n\t\t '{$_POST['gender']}', \n\t\t '{$_POST['address']}',\n\t\t '{$_POST['postal']}',\n\t\t '{$_POST['city']}',\n\t\t '{$_POST['province']}',\n\t\t '{$_POST['country']}', \n\t\t '{$_POST['phone']}', \n\t\t {$status}, \n\t\t '{$_config['pref_defaults']}', \n\t\t '{$now}',\n\t\t '{$_SESSION['lang']}', \n\t\t {$_config['pref_inbox_notify']}, \n\t\t {$_POST['private_email']}, \n\t\t '0000-00-00 00:00:00')"; $result = queryDB($sql, array(TABLE_PREFIX)) or die(at_db_error()); $m_id = at_insert_id($db); if (!$result) { require AT_INCLUDE_PATH . 'header.inc.php'; $msg->addError('DB_NOT_UPDATED'); $msg->printAll(); require AT_INCLUDE_PATH . 'footer.inc.php'; exit; } if (isset($master_list_sql)) { queryDB($master_list_sql, array(TABLE_PREFIX, $student_id, $student_pin)); } //reset login attempts if ($result) { $sql = "DELETE FROM %smember_login_attempt WHERE login='******'"; queryDB($sql, array(TABLE_PREFIX, $_POST['login']));
function update_term($text, $context, $variable, $term) { global $addslashes, $db; $term = $addslashes(trim($term)); $text = $addslashes(trim($text)); $context = $addslashes(trim($context)); if ($_SESSION['language'] == 'en') { $sql = "UPDATE %slanguage_text SET text='%s', revised_date=NOW(), context='%s' WHERE variable='%s' AND term='%s' AND language_code='en'"; $result = queryDB($sql, array(TABLE_PREFIX, $text, $context, $variable, $term)); } else { $sql = "REPLACE INTO %slanguage_text VALUES ('%s', '%s', '%s', '%s', NOW(), '')"; $trans = get_html_translation_table(HTML_ENTITIES); $trans = array_flip($trans); $sql = strtr($sql, $trans); $result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['language'], $variable, $term, $text)); } if ($result == 0) { echo at_db_error(); echo '<div class="error">Error: changes not saved!</div>'; $success_error = '<div class="error">Error: changes not saved!</div>'; return $success_error; } else { echo '<div class="feedback2"">Success: changes saved.</div>'; $success_error = '<div class="feedback2"">Success: changes saved.</div>'; return $success_error; } }
/** * Transverse the tree and update/insert entries based on the updated structure. * @param array The tree from rebuild(), and the subtree from the recursion. * @param int the ordering of this subtree respect to its parent. * @param int parent content id * @return null (nothing to return, it updates the db only) */ private function reconstruct($tree, $order, $content_parent_id, $table_prefix) { //a content page. if (!is_array($tree)) { $sql = "UPDATE %scontent SET ordering=%d, content_parent_id=%d WHERE content_id=%d"; $result = queryDB($sql, array($table_prefix, $order, $content_parent_id, $tree)); return $result; } foreach ($tree as $k => $v) { if (preg_match('/order\\_([\\d]+)/', $k, $match) == 1) { //order layer $this->reconstruct($v, $match[1], $content_parent_id, $table_prefix); //inherit the previous layer id } else { //content folder layer $sql = "SELECT * FROM %scontent WHERE content_id=%d"; $old_content_row = queryDB($sql, array($table_prefix, $k), TRUE); $sql = 'INSERT INTO %scontent (course_id, content_parent_id, ordering, last_modified, revision, formatting, release_date, keywords, content_path, title, use_customized_head, allow_test_export, content_type) VALUES (' . $old_content_row['course_id'] . ', ' . $content_parent_id . ', ' . $order . ', ' . '\'' . $old_content_row['last_modified'] . '\', ' . $old_content_row['revision'] . ', ' . $old_content_row['formatting'] . ', ' . '\'' . $old_content_row['release_date'] . '\', ' . '\'' . $old_content_row['keywords'] . '\', ' . '\'' . $old_content_row['content_path'] . '\', ' . '\'' . $old_content_row['title'] . '\', ' . $old_content_row['use_customized_head'] . ', ' . $old_content_row['allow_test_export'] . ', ' . '1)'; $result = queryDB($sql, array($table_prefix)); if ($result > 0) { $folder_id = at_insert_id(); $this->reconstruct($v, '', $folder_id, $table_prefix); } else { //throw error echo at_db_error(); } } } }
/* This program is free software. You can redistribute it and/or*/ /* modify it under the terms of the GNU General Public License */ /* as published by the Free Software Foundation. */ /****************************************************************/ // $Id$ define('AT_INCLUDE_PATH', '../../../include/'); $_user_location = 'public'; include AT_INCLUDE_PATH . 'vitals.inc.php'; include AT_SOCIAL_INCLUDE . 'classes/Application.class.php'; if (empty($_GET['st']) || empty($_GET['name']) || !isset($_GET['value'])) { header("HTTP/1.0 400 Bad Request", true); echo "<html><body><h1>400 - Bad Request</h1></body></html>"; } else { try { $st = urldecode(base64_decode($_GET['st'])); $key = urldecode($_GET['name']); $value = urldecode($_GET['value']); $token = BasicSecurityToken::createFromToken($st, 15 * 60); //TODO: Change 3600 to a constant $app_id = $token->getAppId(); // $viewer = $token->getViewerId(); $app = new Application($app_id); $result = $app->setApplicationSettings($_SESSION['member_id'], $key, $value); if (!$result) { echo "<html><body><h1>500 - SQL Error: </h1>" . at_db_error() . "</body></html>"; } } catch (Exception $e) { header("HTTP/1.0 400 Bad Request", true); echo "<html><body><h1>400 - Bad Request</h1>" . $e->getMessage() . "</body></html>"; } }