$sql = 'UPDATE ' . K_TABLE_GROUPS . ' SET group_name=\'' . F_escape_sql($group_name) . '\' WHERE group_id=' . $group_id . ''; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { F_print_error('MESSAGE', $group_name . ': ' . $l['m_group_updated']); } } break; case 'add': // Add user if ($formstatus = F_check_form_fields()) { // check submitted form fields // check if name is unique if (!F_check_unique(K_TABLE_GROUPS, 'group_name=\'' . F_escape_sql($group_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_GROUPS . ' ( group_name ) VALUES ( \'' . F_escape_sql($group_name) . '\')'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { $group_id = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id'); } // add current user to the new group
tmp_name=\'' . F_escape_sql($tmp_name) . '\', tmp_template=\'' . F_escape_sql($tmp_template) . '\' WHERE tmp_id=' . $tmp_id . ''; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { F_print_error('MESSAGE', $tmp_name . ': ' . $l['m_updated']); } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check submitted form fields // check if name is unique if (!F_check_unique(K_TABLE_TEMPLATES, 'tmp_name=\'' . F_escape_sql($tmp_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_TEMPLATES . ' ( tmp_name, tmp_template ) VALUES ( \'' . F_escape_sql($tmp_name) . '\', \'' . F_escape_sql($tmp_template) . '\' )'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else {
$_SESSION['session_user_name'] = $m['user_name']; $_SESSION['session_user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']); $_SESSION['session_user_level'] = $m['user_level']; $_SESSION['session_user_firstname'] = urlencode($m['user_firstname']); $_SESSION['session_user_lastname'] = urlencode($m['user_lastname']); // read client cookie if (isset($_COOKIE['LastVisit'])) { $_SESSION['session_last_visit'] = intval($_COOKIE['LastVisit']); } else { $_SESSION['session_last_visit'] = 0; } $logged = true; } else { $login_error = true; } } elseif (!F_check_unique(K_TABLE_USERS, 'user_name=\'' . F_escape_sql($_POST['xuser_name']) . '\'')) { // the user name exist but the password is wrong //F_print_error('WARNING', $l['m_login_wrong']); $login_error = true; } else { // this user doesn't exist on RackMap database $login_error = true; } } else { F_display_db_error(); } } } if (!isset($pagelevel)) { // set default page level $pagelevel = 0;
if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); break; } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check if alternate key is unique if (K_DATABASE_TYPE == 'ORACLE') { $chksql = 'dbms_lob.instr(question_description,\'' . F_escape_sql($question_description) . '\',1,1)>0'; } else { $chksql = 'question_description=\'' . F_escape_sql($question_description) . '\''; } if (!F_check_unique(K_TABLE_QUESTIONS, $chksql . ' AND question_subject_id=' . $question_subject_id . '')) { F_print_error('WARNING', $l['m_duplicate_question']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'START TRANSACTION'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); break; } // adjust questions ordering if ($question_position > 0) { $sql = 'UPDATE ' . K_TABLE_QUESTIONS . ' SET question_position=question_position+1 WHERE question_subject_id=' . $question_subject_id . '
cbt_name=\'' . F_escape_sql($cbt_name) . '\', cbt_description=' . F_empty_to_null($cbt_description) . ' WHERE cbt_id=' . $cbt_id . ''; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { F_print_error('MESSAGE', $cbt_name . ': ' . $l['m_updated']); } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check submitted form fields // check if name is unique if (!F_check_unique(K_TABLE_CABLE_TYPES, 'cbt_name=\'' . F_escape_sql($cbt_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_CABLE_TYPES . ' ( cbt_name, cbt_description ) VALUES ( \'' . F_escape_sql($cbt_name) . '\', ' . F_empty_to_null($cbt_description) . ' )'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else {
if ($formstatus = F_check_form_fields()) { // check submitted form fields // check if name is unique if (!F_check_unique(K_TABLE_USERS, 'user_name=\'' . $user_name . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); } // check if registration number is unique if (isset($user_regnumber) and strlen($user_regnumber) > 0 and !F_check_unique(K_TABLE_USERS, 'user_regnumber=\'' . F_escape_sql($db, $user_regnumber) . '\'')) { F_print_error('WARNING', $l['m_duplicate_regnumber']); $formstatus = FALSE; F_stripslashes_formfields(); } // check if ssn is unique if (isset($user_ssn) and strlen($user_ssn) > 0 and !F_check_unique(K_TABLE_USERS, 'user_ssn=\'' . F_escape_sql($db, $user_ssn) . '\'')) { F_print_error('WARNING', $l['m_duplicate_ssn']); $formstatus = FALSE; F_stripslashes_formfields(); } // check password if (!empty($newpassword) or !empty($newpassword_repeat)) { // update password if ($newpassword == $newpassword_repeat) { $user_password = getPasswordHash($newpassword); // update OTP key $user_otpkey = F_getRandomOTPkey(); } else { //print message and exit F_print_error('WARNING', $l['m_different_passwords']); $formstatus = FALSE;
F_display_db_error(false); } } } } break; case 'add': // Add if ($userlevel < K_AUTH_ADMINISTRATOR and ($sts_perm & 2) == 0) { F_print_error('ERROR', $l['m_not_authorized_to_add_child']); F_stripslashes_formfields(); break; } if ($formstatus = F_check_form_fields()) { // check if name is unique if (!F_check_unique(K_TABLE_RACKS, 'rck_name=\'' . F_escape_sql($rck_name) . '\' AND rck_sts_id=' . $sts_id . '')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_RACKS . ' ( rck_sts_id, rck_name, rck_description, rck_label, rck_tag, rck_height, rck_position_x, rck_position_y ) VALUES (
foreach ($regfields as $name => $enabled) { // disable unauthorized fields if (!$enabled) { ${$name} = ''; } } if ($formstatus = F_check_form_fields()) { // check submitted form fields // check if name is unique if (!F_check_unique(K_TABLE_USERS, 'user_name=\'' . $user_name . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); } // check if registration number is unique if (isset($user_regnumber) and strlen($user_regnumber) > 0 and !F_check_unique(K_TABLE_USERS, 'user_regnumber=\'' . F_escape_sql($user_regnumber) . '\'')) { F_print_error('WARNING', $l['m_duplicate_regnumber']); $formstatus = FALSE; F_stripslashes_formfields(); } // check password if (!empty($newpassword) or !empty($newpassword_repeat)) { // update password if ($newpassword == $newpassword_repeat) { $user_password = getPasswordHash($newpassword); // update OTP key $user_otpkey = F_getRandomOTPkey(); } else { // print message and exit F_print_error('WARNING', $l['m_different_passwords']); $formstatus = FALSE;
/** * Copy selected question to another topic * @author Nicola Asuni * @since 2008-11-26 * @param $question_id (int) question ID * @param $new_subject_id (int) new subject ID */ function F_question_copy($question_id, $new_subject_id) { global $l, $db; require_once '../config/tce_config.php'; $question_id = intval($question_id); $new_subject_id = intval($new_subject_id); // check authorization $sql = 'SELECT subject_module_id FROM ' . K_TABLE_SUBJECTS . ' WHERE subject_id=' . $new_subject_id . ' LIMIT 1'; if ($r = F_db_query($sql, $db)) { if ($m = F_db_fetch_array($r)) { $subject_module_id = $m['subject_module_id']; // check user's authorization for parent module if (!F_isAuthorizedUser(K_TABLE_MODULES, 'module_id', $subject_module_id, 'module_user_id')) { return; } } } else { F_display_db_error(); return; } $q = F_question_get_data($question_id); if ($q !== false) { if (K_DATABASE_TYPE == 'ORACLE') { $chksql = 'dbms_lob.instr(question_description,\'' . F_escape_sql($db, $q['question_description']) . '\',1,1)>0'; } elseif (K_DATABASE_TYPE == 'MYSQL' and defined('K_MYSQL_QA_BIN_UNIQUITY') and K_MYSQL_QA_BIN_UNIQUITY) { $chksql = 'question_description=\'' . F_escape_sql($db, $q['question_description']) . '\' COLLATE utf8_bin'; } else { $chksql = 'question_description=\'' . F_escape_sql($db, $q['question_description']) . '\''; } if (F_check_unique(K_TABLE_QUESTIONS, $chksql . ' AND question_subject_id=' . $new_subject_id . '')) { $sql = 'START TRANSACTION'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); break; } // adjust questions ordering if ($q['question_position'] > 0) { $sql = 'UPDATE ' . K_TABLE_QUESTIONS . ' SET question_position=question_position+1 WHERE question_subject_id=' . $new_subject_id . ' AND question_position>=' . $q['question_position'] . ''; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); F_db_query('ROLLBACK', $db); // rollback transaction } } $sql = 'INSERT INTO ' . K_TABLE_QUESTIONS . ' ( question_subject_id, question_description, question_explanation, question_type, question_difficulty, question_enabled, question_position, question_timer, question_fullscreen, question_inline_answers, question_auto_next ) VALUES ( ' . $new_subject_id . ', \'' . F_escape_sql($db, $q['question_description']) . '\', \'' . F_escape_sql($db, $q['question_explanation']) . '\', \'' . $q['question_type'] . '\', \'' . $q['question_difficulty'] . '\', \'' . $q['question_enabled'] . '\', ' . F_zero_to_null($q['question_position']) . ', \'' . $q['question_timer'] . '\', \'' . $q['question_fullscreen'] . '\', \'' . $q['question_inline_answers'] . '\', \'' . $q['question_auto_next'] . '\' )'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { $new_question_id = F_db_insert_id($db, K_TABLE_QUESTIONS, 'question_id'); } // copy associated answers $sql = 'SELECT * FROM ' . K_TABLE_ANSWERS . ' WHERE answer_question_id=' . $question_id . ''; if ($r = F_db_query($sql, $db)) { while ($m = F_db_fetch_array($r)) { $sqli = 'INSERT INTO ' . K_TABLE_ANSWERS . ' ( answer_question_id, answer_description, answer_explanation, answer_isright, answer_enabled, answer_position, answer_keyboard_key ) VALUES ( ' . $new_question_id . ', \'' . F_escape_sql($db, $m['answer_description']) . '\', \'' . F_escape_sql($db, $m['answer_explanation']) . '\', \'' . $m['answer_isright'] . '\', \'' . $m['answer_enabled'] . '\', ' . F_zero_to_null($m['answer_position']) . ', ' . F_empty_to_null($m['answer_keyboard_key']) . ' )'; if (!($ri = F_db_query($sqli, $db))) { F_display_db_error(false); F_db_query('ROLLBACK', $db); // rollback transaction } } } else { F_display_db_error(); } $sql = 'COMMIT'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); break; } } } }
ssl_name=\'' . F_escape_sql($db, $ssl_name) . '\', ssl_enabled=\'' . intval($ssl_enabled) . '\', ssl_user_id=\'' . $ssl_user_id . '\' WHERE ssl_id=' . $ssl_id . ''; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { F_print_error('MESSAGE', $l['m_updated']); } } break; case 'add': // Add if ($formstatus = F_check_form_fields() and strlen($ssl_hash) == 32) { // check if name is unique if (!F_check_unique(K_TABLE_SSLCERTS, 'ssl_name=\'' . F_escape_sql($db, $ssl_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) { $ssl_user_id = intval($ssl_user_id); } else { $ssl_user_id = intval($_SESSION['session_user_id']); } $sql = 'INSERT INTO ' . K_TABLE_SSLCERTS . ' ( ssl_name, ssl_hash, ssl_end_date, ssl_enabled,
atb_type=\'' . F_escape_sql($atb_type) . '\', atb_default=\'' . F_escape_sql($atb_default) . '\' WHERE atb_id=' . $atb_id . ''; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { F_print_error('MESSAGE', $atb_name . ': ' . $l['m_updated']); } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check submitted form fields // check if name is unique if (!F_check_unique(K_TABLE_ATTRIBUTE_TYPES, 'atb_name=\'' . F_escape_sql($atb_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_ATTRIBUTE_TYPES . ' ( atb_name, atb_description, atb_type, atb_default ) VALUES ( \'' . F_escape_sql($atb_name) . '\', ' . F_empty_to_null($atb_description) . ', \'' . F_escape_sql($atb_type) . '\', \'' . F_escape_sql($atb_default) . '\'
} } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check if alternate key is unique if (K_DATABASE_TYPE == 'ORACLE') { $chksql = 'dbms_lob.instr(answer_description,\'' . F_escape_sql($answer_description) . '\',1,1)>0'; } else { $chksql = 'answer_description=\'' . F_escape_sql($answer_description) . '\''; } if ($answer_position > 0) { $chksql .= ' AND answer_position=' . $answer_position; } if (!F_check_unique(K_TABLE_ANSWERS, $chksql . ' AND answer_question_id=' . $answer_question_id)) { F_print_error('WARNING', $l['m_duplicate_answer']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'START TRANSACTION'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); break; } // adjust questions ordering if ($answer_position > 0) { $sql = 'UPDATE ' . K_TABLE_ANSWERS . ' SET answer_position=answer_position+1 WHERE answer_question_id=' . $answer_question_id . '
F_display_db_error(false); } } } } break; case 'add': // Add if ($userlevel < K_AUTH_ADMINISTRATOR and ($dcn_perm & 2) == 0) { F_print_error('ERROR', $l['m_not_authorized_to_add_child']); F_stripslashes_formfields(); break; } if ($formstatus = F_check_form_fields()) { // check if name is unique if (!F_check_unique(K_TABLE_SUITES, 'sts_name=\'' . F_escape_sql($sts_name) . '\' AND sts_dcn_id=' . $dcn_id . '')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_SUITES . ' ( sts_dcn_id, sts_name, sts_description, sts_floor, sts_width, sts_height ) VALUES ( ' . $dcn_id . ', \'' . F_escape_sql($sts_name) . '\',
' . $group_id . ', ' . $pval . ' )'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } } } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check submitted form fields // check if name is unique if (!F_check_unique(K_TABLE_DATACENTERS, 'dcn_name=\'' . F_escape_sql($dcn_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_DATACENTERS . ' ( dcn_name, dcn_description, dcn_website_url, dcn_map_url ) VALUES ( \'' . F_escape_sql($dcn_name) . '\', ' . F_empty_to_null($dcn_description) . ', ' . F_empty_to_null($dcn_website_url) . ', ' . F_empty_to_null($dcn_map_url) . '
subject_description=' . F_empty_to_null($subject_description) . ', subject_enabled=\'' . intval($subject_enabled) . '\', subject_module_id=' . $subject_module_id . ' WHERE subject_id=' . $subject_id . ''; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { F_print_error('MESSAGE', $l['m_updated']); } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check if name is unique if (!F_check_unique(K_TABLE_SUBJECTS, 'subject_name=\'' . F_escape_sql($db, $subject_name) . '\' AND subject_module_id=' . $subject_module_id . '')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_SUBJECTS . ' ( subject_name, subject_description, subject_enabled, subject_user_id, subject_module_id ) VALUES ( \'' . F_escape_sql($db, $subject_name) . '\', ' . F_empty_to_null($subject_description) . ', \'' . intval($subject_enabled) . '\',
) VALUES ( \'' . $test_id . '\', \'' . intval($ssl_id) . '\' )'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } } } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check if name is unique if (!F_check_unique(K_TABLE_TESTS, 'test_name=\'' . F_escape_sql($db, $test_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } if (isset($test_id) and $test_id > 0) { // save previous test_id. $old_test_id = $test_id; } if (!empty($new_test_password)) { $test_password = getPasswordHash($new_test_password); } $sql = 'INSERT INTO ' . K_TABLE_TESTS . ' ( test_name, test_description,
\'' . $obt_id . '\', \'' . intval($atb_id) . '\' )'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } } } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check submitted form fields // check if name is unique if (!F_check_unique(K_TABLE_OBJECT_TYPES, 'obt_name=\'' . F_escape_sql($obt_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_OBJECT_TYPES . ' ( obt_name, obt_description, obt_color, obt_virtual ) VALUES ( \'' . F_escape_sql($obt_name) . '\', ' . F_empty_to_null($obt_description) . ', ' . F_empty_to_null($obt_color) . ', \'' . $obt_virtual . '\'
module_name=\'' . F_escape_sql($module_name) . '\', module_enabled=\'' . $module_enabled . '\', module_user_id=\'' . $module_user_id . '\' WHERE module_id=' . $module_id . ''; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } else { F_print_error('MESSAGE', $l['m_updated']); } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check if name is unique if (!F_check_unique(K_TABLE_MODULES, 'module_name=\'' . F_escape_sql($module_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) { $module_user_id = intval($module_user_id); } else { $module_user_id = intval($_SESSION['session_user_id']); } $sql = 'INSERT INTO ' . K_TABLE_MODULES . ' ( module_name, module_enabled, module_user_id ) VALUES (
} } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check submitted form fields // check for loop connection if ($cab_a_obj_id == $cab_b_obj_id) { F_print_error('WARNING', $l['m_connection_loop']); $formstatus = false; F_stripslashes_formfields(); break; } // check if the connection is unique if (!F_check_unique(K_TABLE_CABLES, 'cab_a_obj_id=' . $cab_a_obj_id . ' AND cab_b_obj_id=' . $cab_b_obj_id . ' AND cab_cbt_id=' . $cab_cbt_id)) { F_print_error('WARNING', $l['m_duplicate_connection']); $formstatus = false; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_CABLES . ' ( cab_a_obj_id, cab_b_obj_id, cab_cbt_id, cab_color ) VALUES ( ' . $cab_a_obj_id . ', ' . $cab_b_obj_id . ', ' . $cab_cbt_id . ', \'' . F_escape_sql($cab_color) . '\'
) VALUES ( ' . $mnf_id . ', \'' . F_escape_sql($v) . '\' )'; if (!($r = F_db_query($sql, $db))) { F_display_db_error(false); } } } break; case 'add': // Add if ($formstatus = F_check_form_fields()) { // check submitted form fields // check if name is unique if (!F_check_unique(K_TABLE_MANUFACTURES, 'mnf_name=\'' . F_escape_sql($mnf_name) . '\'')) { F_print_error('WARNING', $l['m_duplicate_name']); $formstatus = FALSE; F_stripslashes_formfields(); break; } $sql = 'INSERT INTO ' . K_TABLE_MANUFACTURES . ' ( mnf_name, mnf_url, mnf_description ) VALUES ( \'' . F_escape_sql($mnf_name) . '\', ' . F_empty_to_null($mnf_url) . ', ' . F_empty_to_null($mnf_description) . ' )'; if (!($r = F_db_query($sql, $db))) {