예제 #1
0
/**
 * Prepare field value for SQL query.<br>
 * Returns the num if different from zero, NULL otherwise.
 * @param $num (string) string to check.
 * @return string $num if != 0, NULL otherwise
 */
function F_zero_to_null($num)
{
    require_once '../../shared/code/tce_db_dal.php';
    if ($num == 0) {
        return 'NULL';
    }
    return F_escape_sql($num);
}
예제 #2
0
            if (!F_check_unique(K_TABLE_ATTRIBUTE_TYPES, 'atb_name=\'' . F_escape_sql($atb_name) . '\'')) {
                F_print_error('WARNING', $l['m_duplicate_name']);
                $formstatus = FALSE;
                F_stripslashes_formfields();
                break;
            }
            $sql = 'INSERT INTO ' . K_TABLE_ATTRIBUTE_TYPES . ' (
				atb_name,
				atb_description,
				atb_type,
				atb_default
				) VALUES (
				\'' . F_escape_sql($atb_name) . '\',
				' . F_empty_to_null($atb_description) . ',
				\'' . F_escape_sql($atb_type) . '\',
				\'' . F_escape_sql($atb_default) . '\'
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                $atb_id = F_db_insert_id($db, K_TABLE_ATTRIBUTE_TYPES, 'atb_id');
            }
        }
        break;
    case 'clear':
        // Clear form fields
        $atb_name = '';
        $atb_description = '';
        $atb_type = '';
        $atb_default = '';
        break;
예제 #3
0
            if (!F_check_unique(K_TABLE_CABLES, 'cab_a_obj_id=' . $cab_a_obj_id . ' AND cab_b_obj_id=' . $cab_b_obj_id . ' AND cab_cbt_id=' . $cab_cbt_id)) {
                F_print_error('WARNING', $l['m_duplicate_connection']);
                $formstatus = false;
                F_stripslashes_formfields();
                break;
            }
            $sql = 'INSERT INTO ' . K_TABLE_CABLES . ' (
				cab_a_obj_id,
				cab_b_obj_id,
				cab_cbt_id,
				cab_color
				) VALUES (
				' . $cab_a_obj_id . ',
				' . $cab_b_obj_id . ',
				' . $cab_cbt_id . ',
				\'' . F_escape_sql($cab_color) . '\'
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            }
            $cab_ids = $cab_a_obj_id . '|' . $cab_b_obj_id . '|' . $cab_cbt_id;
            $sel_a_obj_id = $cab_a_obj_id;
            $sel_b_obj_id = $cab_b_obj_id;
            $sel_cbt_id = $cab_cbt_id;
        }
        break;
    case 'clear':
        // Clear form fields
        $cbt_name = '';
        $cab_color = 'd3d3d3';
        break;
예제 #4
0
echo '<input type="text" name="searchterms" id="searchterms" value="' . htmlspecialchars($searchterms, ENT_COMPAT, $l['a_meta_charset']) . '" size="20" maxlength="255" title="' . $l['w_search_keywords'] . '" />';
F_submit_button('search', $l['w_search'], $l['w_search']);
echo '</div>' . K_NEWLINE;
// build a search query
if (strlen($searchterms) > 0) {
    $searchterms = trim($searchterms);
    if (preg_match("/^([0-9A-F]{2})[\\:\\-]([0-9A-F]{2})[\\:\\-]([0-9A-F]{2})/i", $searchterms, $matches) > 0) {
        // MAC address
        $mac = strtoupper($matches[1] . $matches[2] . $matches[3]);
        $sql = 'SELECT mnf_id, mnf_name FROM ' . K_TABLE_MANUFACTURES . ', ' . K_TABLE_MANUFACTURES_MAC . ' WHERE mnf_id=mac_mnf_id AND mac_mac=\'' . $mac . '\' ORDER BY mnf_name ASC';
    } else {
        $wherequery = '';
        $terms = preg_split("/[\\s]+/i", $searchterms);
        // Get all the words into an array
        foreach ($terms as $word) {
            $word = F_escape_sql($word);
            $wherequery .= ' AND (mnf_name LIKE \'%' . $word . '%\')';
        }
        $wherequery = substr($wherequery, 5);
        $sql = 'SELECT * FROM ' . K_TABLE_MANUFACTURES . ' WHERE ' . $wherequery . ' ORDER BY mnf_name ASC';
    }
} else {
    $sql = 'SELECT mnf_id, mnf_name FROM ' . K_TABLE_MANUFACTURES . ' ORDER BY mnf_name ASC';
}
if ($r = F_db_query($sql, $db)) {
    echo '<ul>' . K_NEWLINE;
    while ($m = F_db_fetch_array($r)) {
        // on click the manufacturer ID will be returned on the calling form field
        $jsaction = 'javascript:window.opener.document.getElementById(\'' . $cid . '\').value=' . $m['mnf_id'] . ';';
        $jsaction .= 'window.opener.document.getElementById(\'' . $cid . '\').onchange();';
        $jsaction .= 'window.close();';
예제 #5
0
}
switch ($menu_mode) {
    case 'update':
        // Update
        if ($formstatus = F_check_form_fields()) {
            if (isset($testlog_score) and isset($max_score)) {
                // score cannot be greater than max_score
                $testlog_score = floatval($testlog_score);
                $max_score = floatval($max_score);
                if ($testlog_score > $max_score) {
                    F_print_error('WARNING', $l['m_score_higher_than_max']);
                    break;
                }
                $sql = 'UPDATE ' . K_TABLE_TESTS_LOGS . ' SET
					testlog_score=' . $testlog_score . ',
					testlog_comment=\'' . F_escape_sql($db, $testlog_comment) . '\'
					WHERE testlog_id=' . $testlog_id . '';
                if (!($r = F_db_query($sql, $db))) {
                    F_display_db_error(false);
                } else {
                    F_print_error('MESSAGE', $l['m_updated']);
                    $testlog_score = '';
                    $testlog_id = '';
                    $testlog_comment = '';
                }
            }
        }
        break;
    default:
        break;
}
예제 #6
0
/**
 * Display online users.
 * @author Nicola Asuni
 * @since 2001-10-18
 * @param $wherequery (string) users selection query
 * @param $order_field (string) order by column name
 * @param $orderdir (int) oreder direction
 * @param $firstrow (int) number of first row to display
 * @param $rowsperpage (int) number of rows per page
 * @return false in case of empty database, true otherwise
 */
function F_list_online_users($wherequery, $order_field, $orderdir, $firstrow, $rowsperpage)
{
    global $l, $db;
    require_once '../config/tce_config.php';
    require_once '../../shared/code/tce_functions_page.php';
    require_once 'tce_functions_user_select.php';
    //initialize variables
    $orderdir = intval($orderdir);
    $firstrow = intval($firstrow);
    $rowsperpage = intval($rowsperpage);
    // order fields for SQL query
    if (empty($order_field) or !in_array($order_field, array('cpsession_id', 'cpsession_data'))) {
        $order_field = 'cpsession_expiry';
    }
    if ($orderdir == 0) {
        $nextorderdir = 1;
        $full_order_field = $order_field;
    } else {
        $nextorderdir = 0;
        $full_order_field = $order_field . ' DESC';
    }
    if (!F_count_rows(K_TABLE_SESSIONS)) {
        //if the table is void (no items) display message
        echo '<h2>' . $l['m_databasempty'] . '</h2>';
        return FALSE;
    }
    if (empty($wherequery)) {
        $sql = 'SELECT * FROM ' . K_TABLE_SESSIONS . ' ORDER BY ' . $full_order_field . '';
    } else {
        $wherequery = F_escape_sql($db, $wherequery);
        $sql = 'SELECT * FROM ' . K_TABLE_SESSIONS . ' ' . $wherequery . ' ORDER BY ' . $full_order_field . '';
    }
    if (K_DATABASE_TYPE == 'ORACLE') {
        $sql = 'SELECT * FROM (' . $sql . ') WHERE rownum BETWEEN ' . $firstrow . ' AND ' . ($firstrow + $rowsperpage) . '';
    } else {
        $sql .= ' LIMIT ' . $rowsperpage . ' OFFSET ' . $firstrow . '';
    }
    echo '<div class="container">' . K_NEWLINE;
    echo '<table class="userselect">' . K_NEWLINE;
    echo '<tr>' . K_NEWLINE;
    echo '<th>' . $l['w_user'] . '</th>' . K_NEWLINE;
    echo '<th>' . $l['w_level'] . '</th>' . K_NEWLINE;
    echo '<th>' . $l['w_ip'] . '</th>' . K_NEWLINE;
    echo '</tr>' . K_NEWLINE;
    if ($r = F_db_query($sql, $db)) {
        while ($m = F_db_fetch_array($r)) {
            $this_session = F_session_string_to_array($m['cpsession_data']);
            echo '<tr>';
            echo '<td align="left">';
            $user_str = '';
            if ($this_session['session_user_lastname']) {
                $user_str .= urldecode($this_session['session_user_lastname']) . ', ';
            }
            if ($this_session['session_user_firstname']) {
                $user_str .= urldecode($this_session['session_user_firstname']) . '';
            }
            $user_str .= ' (' . urldecode($this_session['session_user_name']) . ')';
            if (F_isAuthorizedEditorForUser($this_session['session_user_id'])) {
                echo '<a href="tce_edit_user.php?user_id=' . $this_session['session_user_id'] . '">' . $user_str . '</a>';
            } else {
                echo $user_str;
            }
            echo '</td>';
            echo '<td>' . $this_session['session_user_level'] . '</td>';
            echo '<td>' . $this_session['session_user_ip'] . '</td>';
            echo '</tr>' . K_NEWLINE;
        }
    } else {
        F_display_db_error();
    }
    echo '</table>' . K_NEWLINE;
    // --- ------------------------------------------------------
    // --- page jump
    if ($rowsperpage > 0) {
        $sql = 'SELECT count(*) AS total FROM ' . K_TABLE_SESSIONS . ' ' . $wherequery . '';
        if (!empty($order_field)) {
            $param_array = '&amp;order_field=' . urlencode($order_field) . '';
        }
        if (!empty($orderdir)) {
            $param_array .= '&amp;orderdir=' . $orderdir . '';
        }
        $param_array .= '&amp;submitted=1';
        F_show_page_navigator($_SERVER['SCRIPT_NAME'], $sql, $firstrow, $rowsperpage, $param_array);
    }
    echo '<div class="pagehelp">' . $l['hp_online_users'] . '</div>' . K_NEWLINE;
    echo '</div>' . K_NEWLINE;
    return TRUE;
}
예제 #7
0
        if ($formstatus = F_check_form_fields()) {
            // check if name is unique
            if (!F_check_unique(K_TABLE_SUBJECTS, 'subject_name=\'' . F_escape_sql($db, $subject_name) . '\' AND subject_module_id=' . $subject_module_id . '')) {
                F_print_error('WARNING', $l['m_duplicate_name']);
                $formstatus = FALSE;
                F_stripslashes_formfields();
                break;
            }
            $sql = 'INSERT INTO ' . K_TABLE_SUBJECTS . ' (
				subject_name,
				subject_description,
				subject_enabled,
				subject_user_id,
				subject_module_id
				) VALUES (
				\'' . F_escape_sql($db, $subject_name) . '\',
				' . F_empty_to_null($subject_description) . ',
				\'' . intval($subject_enabled) . '\',
				\'' . intval($_SESSION['session_user_id']) . '\',
				' . $subject_module_id . '
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                $subject_id = F_db_insert_id($db, K_TABLE_SUBJECTS, 'subject_id');
            }
        }
        break;
    case 'clear':
        // Clear form fields
        $subject_name = '';
예제 #8
0
                    $_SESSION['session_user_name'] = $m['user_name'];
                    $_SESSION['session_user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
                    $_SESSION['session_user_level'] = $m['user_level'];
                    $_SESSION['session_user_firstname'] = urlencode($m['user_firstname']);
                    $_SESSION['session_user_lastname'] = urlencode($m['user_lastname']);
                    // read client cookie
                    if (isset($_COOKIE['LastVisit'])) {
                        $_SESSION['session_last_visit'] = intval($_COOKIE['LastVisit']);
                    } else {
                        $_SESSION['session_last_visit'] = 0;
                    }
                    $logged = true;
                } else {
                    $login_error = true;
                }
            } elseif (!F_check_unique(K_TABLE_USERS, 'user_name=\'' . F_escape_sql($_POST['xuser_name']) . '\'')) {
                // the user name exist but the password is wrong
                //F_print_error('WARNING', $l['m_login_wrong']);
                $login_error = true;
            } else {
                // this user doesn't exist on RackMap database
                $login_error = true;
            }
        } else {
            F_display_db_error();
        }
    }
}
if (!isset($pagelevel)) {
    // set default page level
    $pagelevel = 0;
예제 #9
0
    }
} else {
    echo '</select></span></div>' . K_NEWLINE;
    F_display_db_error();
}
echo '</select>' . K_NEWLINE;
echo '<input type="text" name="searchterms" id="searchterms" value="' . htmlspecialchars($searchterms, ENT_COMPAT, $l['a_meta_charset']) . '" size="20" maxlength="255" title="' . $l['w_search'] . '" />';
F_submit_button('search', $l['w_search'], $l['w_search']);
echo '</span></div>' . K_NEWLINE;
// build a search query
$wherequery = '';
if (strlen($searchterms) > 0) {
    $terms = preg_split("/[\\s]+/i", $searchterms);
    // Get all the words into an array
    foreach ($terms as $word) {
        $word = F_escape_sql($db, $word);
        $wherequery .= ' AND ((user_name LIKE \'%' . $word . '%\')';
        $wherequery .= ' OR (user_email LIKE \'%' . $word . '%\')';
        $wherequery .= ' OR (user_firstname LIKE \'%' . $word . '%\')';
        $wherequery .= ' OR (user_lastname LIKE \'%' . $word . '%\')';
        $wherequery .= ' OR (user_regnumber LIKE \'%' . $word . '%\')';
        $wherequery .= ' OR (user_ssn LIKE \'%' . $word . '%\'))';
    }
    $wherequery = '(' . substr($wherequery, 5) . ')';
}
// select only specified User IDs
if (isset($uids) and !empty($uids)) {
    $uid_list = '';
    $uids = explode('x', $uids);
    foreach ($uids as $id) {
        $uid_list .= ',' . intval($id);
    /**
     * Sets the end element handler function for the XML parser parser.end_element_handler.
     * @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler.
     * @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters.
     * @private
     */
    private function endElementHandler($parser, $name)
    {
        global $l, $db;
        require_once '../config/tce_config.php';
        require_once 'tce_functions_user_select.php';
        switch (strtolower($name)) {
            case 'name':
            case 'password':
            case 'email':
            case 'regdate':
            case 'ip':
            case 'firstname':
            case 'lastname':
            case 'birthdate':
            case 'birthplace':
            case 'regnumber':
            case 'ssn':
            case 'level':
            case 'verifycode':
                $this->current_data = F_escape_sql(F_xml_to_text($this->current_data));
                $this->user_data[$this->current_element] = $this->current_data;
                $this->current_element = '';
                $this->current_data = '';
                break;
            case 'group':
                $group_name = F_escape_sql(F_xml_to_text($this->current_data));
                // check if group already exist
                $sql = 'SELECT group_id
					FROM ' . K_TABLE_GROUPS . '
					WHERE group_name=\'' . $group_name . '\'
					LIMIT 1';
                if ($r = F_db_query($sql, $db)) {
                    if ($m = F_db_fetch_array($r)) {
                        // the group has been already added
                        $this->group_data[] = $m['group_id'];
                    } else {
                        // add new group
                        $sqli = 'INSERT INTO ' . K_TABLE_GROUPS . ' (
							group_name
							) VALUES (
							\'' . $group_name . '\'
							)';
                        if (!($ri = F_db_query($sqli, $db))) {
                            F_display_db_error(false);
                        } else {
                            $this->group_data[] = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id');
                        }
                    }
                } else {
                    F_display_db_error();
                }
                break;
            case 'user':
                // insert users
                if (!empty($this->user_data['user_name'])) {
                    if (empty($this->user_data['user_regdate'])) {
                        $this->user_data['user_regdate'] = date(K_TIMESTAMP_FORMAT);
                    }
                    if (empty($this->user_data['user_ip'])) {
                        $this->user_data['user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
                    }
                    if (!isset($this->user_data['user_level']) or strlen($this->user_data['user_level']) == 0) {
                        $this->user_data['user_level'] = 1;
                    }
                    if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
                        // you cannot edit a user with a level equal or higher than yours
                        $this->user_data['user_level'] = min(max(0, $_SESSION['session_user_level'] - 1), $this->user_data['user_level']);
                        // non-administrator can access only to his/her groups
                        if (empty($this->group_data)) {
                            break;
                        }
                        $common_groups = array_intersect(F_get_user_groups($_SESSION['session_user_id']), $this->group_data);
                        if (empty($common_groups)) {
                            break;
                        }
                    }
                    // check if user already exist
                    $sql = 'SELECT user_id,user_level
						FROM ' . K_TABLE_USERS . '
						WHERE user_name=\'' . $this->user_data['user_name'] . '\'
							OR user_regnumber=\'' . $this->user_data['user_regnumber'] . '\'
							OR user_ssn=\'' . $this->user_data['user_ssn'] . '\'
						LIMIT 1';
                    if ($r = F_db_query($sql, $db)) {
                        if ($m = F_db_fetch_array($r)) {
                            // the user has been already added
                            $user_id = $m['user_id'];
                            if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR or $_SESSION['session_user_level'] > $m['user_level']) {
                                //update user data
                                $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET
									user_regdate=\'' . $this->user_data['user_regdate'] . '\',
									user_ip=\'' . $this->user_data['user_ip'] . '\',
									user_name=\'' . $this->user_data['user_name'] . '\',
									user_email=' . F_empty_to_null($this->user_data['user_email']) . ',';
                                // update password only if it is specified
                                if (!empty($this->user_data['user_password'])) {
                                    $sqlu .= ' user_password=\'' . md5($this->user_data['user_password']) . '\',';
                                }
                                $sqlu .= '
									user_regnumber=' . F_empty_to_null($this->user_data['user_regnumber']) . ',
									user_firstname=' . F_empty_to_null($this->user_data['user_firstname']) . ',
									user_lastname=' . F_empty_to_null($this->user_data['user_lastname']) . ',
									user_birthdate=' . F_empty_to_null($this->user_data['user_birthdate']) . ',
									user_birthplace=' . F_empty_to_null($this->user_data['user_birthplace']) . ',
									user_ssn=' . F_empty_to_null($this->user_data['user_ssn']) . ',
									user_level=\'' . $this->user_data['user_level'] . '\',
									user_verifycode=' . F_empty_to_null($this->user_data['user_verifycode']) . '
									WHERE user_id=' . $user_id . '';
                                if (!($ru = F_db_query($sqlu, $db))) {
                                    F_display_db_error(false);
                                    return FALSE;
                                }
                            } else {
                                // no user is updated, so empty groups
                                $this->group_data = array();
                            }
                        } else {
                            // add new user
                            $sqlu = 'INSERT INTO ' . K_TABLE_USERS . ' (
								user_regdate,
								user_ip,
								user_name,
								user_email,
								user_password,
								user_regnumber,
								user_firstname,
								user_lastname,
								user_birthdate,
								user_birthplace,
								user_ssn,
								user_level,
								user_verifycode
								) VALUES (
								' . F_empty_to_null($this->user_data['user_regdate']) . ',
								\'' . $this->user_data['user_ip'] . '\',
								\'' . $this->user_data['user_name'] . '\',
								' . F_empty_to_null($this->user_data['user_email']) . ',
								\'' . md5($this->user_data['user_password']) . '\',
								' . F_empty_to_null($this->user_data['user_regnumber']) . ',
								' . F_empty_to_null($this->user_data['user_firstname']) . ',
								' . F_empty_to_null($this->user_data['user_lastname']) . ',
								' . F_empty_to_null($this->user_data['user_birthdate']) . ',
								' . F_empty_to_null($this->user_data['user_birthplace']) . ',
								' . F_empty_to_null($this->user_data['user_ssn']) . ',
								\'' . $this->user_data['user_level'] . '\',
								' . F_empty_to_null($this->user_data['user_verifycode']) . '
								)';
                            if (!($ru = F_db_query($sqlu, $db))) {
                                F_display_db_error(false);
                                return FALSE;
                            } else {
                                $user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id');
                            }
                        }
                    } else {
                        F_display_db_error(false);
                        return FALSE;
                    }
                    // user's groups
                    if (!empty($this->group_data)) {
                        while (list($key, $group_id) = each($this->group_data)) {
                            // check if user-group already exist
                            $sqls = 'SELECT *
								FROM ' . K_TABLE_USERGROUP . '
								WHERE usrgrp_group_id=\'' . $group_id . '\'
									AND usrgrp_user_id=\'' . $user_id . '\'
								LIMIT 1';
                            if ($rs = F_db_query($sqls, $db)) {
                                if (!($ms = F_db_fetch_array($rs))) {
                                    // associate group to user
                                    $sqlg = 'INSERT INTO ' . K_TABLE_USERGROUP . ' (
										usrgrp_user_id,
										usrgrp_group_id
										) VALUES (
										' . $user_id . ',
										' . $group_id . '
										)';
                                    if (!($rg = F_db_query($sqlg, $db))) {
                                        F_display_db_error(false);
                                        return FALSE;
                                    }
                                }
                            } else {
                                F_display_db_error(false);
                                return FALSE;
                            }
                        }
                    }
                }
                break;
            default:
                break;
        }
    }
예제 #11
0
				test_answers_order_mode,
				test_comment_enabled,
				test_menu_enabled,
				test_noanswer_enabled,
				test_mcma_radio,
				test_repeatable,
				test_mcma_partial_score,
				test_logout_on_timeout,
				test_password
				) VALUES (
				\'' . F_escape_sql($db, $test_name) . '\',
				\'' . F_escape_sql($db, $test_description) . '\',
				' . F_empty_to_null($test_begin_time) . ',
				' . F_empty_to_null($test_end_time) . ',
				\'' . $test_duration_time . '\',
				\'' . F_escape_sql($db, $test_ip_range) . '\',
				\'' . intval($test_results_to_users) . '\',
				\'' . intval($test_report_to_users) . '\',
				\'' . $test_score_right . '\',
				\'' . $test_score_wrong . '\',
				\'' . $test_score_unanswered . '\',
				\'' . $test_max_score . '\',
				\'' . intval($_SESSION['session_user_id']) . '\',
				\'' . $test_score_threshold . '\',
				\'' . intval($test_random_questions_select) . '\',
				\'' . intval($test_random_questions_order) . '\',
				\'' . $test_questions_order_mode . '\',
				\'' . intval($test_random_answers_select) . '\',
				\'' . intval($test_random_answers_order) . '\',
				\'' . $test_answers_order_mode . '\',
				\'' . intval($test_comment_enabled) . '\',
예제 #12
0
/**
 * Return the object type ID with the selected name.
 * @param $name (string) Name of the object type.
 * @return int.
 */
function F_getObjectTypeID($name)
{
    global $l, $db;
    require_once '../config/tce_config.php';
    $obt_id = 0;
    $sql = 'SELECT obt_id FROM ' . K_TABLE_OBJECT_TYPES . ' WHERE obt_name=\'' . F_escape_sql($name) . '\' LIMIT 1';
    if ($r = F_db_query($sql, $db)) {
        if ($m = F_db_fetch_array($r)) {
            $obt_id = $m['obt_id'];
        }
    } else {
        F_display_db_error();
    }
    return $obt_id;
}
예제 #13
0
/**
 * Copy selected question to another topic
 * @author Nicola Asuni
 * @since 2008-11-26
 * @param $question_id (int) question ID
 * @param $new_subject_id (int) new subject ID
 */
function F_question_copy($question_id, $new_subject_id)
{
    global $l, $db;
    require_once '../config/tce_config.php';
    $question_id = intval($question_id);
    $new_subject_id = intval($new_subject_id);
    // check authorization
    $sql = 'SELECT subject_module_id FROM ' . K_TABLE_SUBJECTS . ' WHERE subject_id=' . $new_subject_id . ' LIMIT 1';
    if ($r = F_db_query($sql, $db)) {
        if ($m = F_db_fetch_array($r)) {
            $subject_module_id = $m['subject_module_id'];
            // check user's authorization for parent module
            if (!F_isAuthorizedUser(K_TABLE_MODULES, 'module_id', $subject_module_id, 'module_user_id')) {
                return;
            }
        }
    } else {
        F_display_db_error();
        return;
    }
    $q = F_question_get_data($question_id);
    if ($q !== false) {
        if (K_DATABASE_TYPE == 'ORACLE') {
            $chksql = 'dbms_lob.instr(question_description,\'' . F_escape_sql($db, $q['question_description']) . '\',1,1)>0';
        } elseif (K_DATABASE_TYPE == 'MYSQL' and defined('K_MYSQL_QA_BIN_UNIQUITY') and K_MYSQL_QA_BIN_UNIQUITY) {
            $chksql = 'question_description=\'' . F_escape_sql($db, $q['question_description']) . '\' COLLATE utf8_bin';
        } else {
            $chksql = 'question_description=\'' . F_escape_sql($db, $q['question_description']) . '\'';
        }
        if (F_check_unique(K_TABLE_QUESTIONS, $chksql . ' AND question_subject_id=' . $new_subject_id . '')) {
            $sql = 'START TRANSACTION';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
                break;
            }
            // adjust questions ordering
            if ($q['question_position'] > 0) {
                $sql = 'UPDATE ' . K_TABLE_QUESTIONS . ' SET
					question_position=question_position+1
					WHERE question_subject_id=' . $new_subject_id . '
						AND question_position>=' . $q['question_position'] . '';
                if (!($r = F_db_query($sql, $db))) {
                    F_display_db_error(false);
                    F_db_query('ROLLBACK', $db);
                    // rollback transaction
                }
            }
            $sql = 'INSERT INTO ' . K_TABLE_QUESTIONS . ' (
				question_subject_id,
				question_description,
				question_explanation,
				question_type,
				question_difficulty,
				question_enabled,
				question_position,
				question_timer,
				question_fullscreen,
				question_inline_answers,
				question_auto_next
				) VALUES (
				' . $new_subject_id . ',
				\'' . F_escape_sql($db, $q['question_description']) . '\',
				\'' . F_escape_sql($db, $q['question_explanation']) . '\',
				\'' . $q['question_type'] . '\',
				\'' . $q['question_difficulty'] . '\',
				\'' . $q['question_enabled'] . '\',
				' . F_zero_to_null($q['question_position']) . ',
				\'' . $q['question_timer'] . '\',
				\'' . $q['question_fullscreen'] . '\',
				\'' . $q['question_inline_answers'] . '\',
				\'' . $q['question_auto_next'] . '\'
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                $new_question_id = F_db_insert_id($db, K_TABLE_QUESTIONS, 'question_id');
            }
            // copy associated answers
            $sql = 'SELECT *
				FROM ' . K_TABLE_ANSWERS . '
				WHERE answer_question_id=' . $question_id . '';
            if ($r = F_db_query($sql, $db)) {
                while ($m = F_db_fetch_array($r)) {
                    $sqli = 'INSERT INTO ' . K_TABLE_ANSWERS . ' (
						answer_question_id,
						answer_description,
						answer_explanation,
						answer_isright,
						answer_enabled,
						answer_position,
						answer_keyboard_key
						) VALUES (
						' . $new_question_id . ',
						\'' . F_escape_sql($db, $m['answer_description']) . '\',
						\'' . F_escape_sql($db, $m['answer_explanation']) . '\',
						\'' . $m['answer_isright'] . '\',
						\'' . $m['answer_enabled'] . '\',
						' . F_zero_to_null($m['answer_position']) . ',
						' . F_empty_to_null($m['answer_keyboard_key']) . '
						)';
                    if (!($ri = F_db_query($sqli, $db))) {
                        F_display_db_error(false);
                        F_db_query('ROLLBACK', $db);
                        // rollback transaction
                    }
                }
            } else {
                F_display_db_error();
            }
            $sql = 'COMMIT';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
                break;
            }
        }
    }
}
예제 #14
0
/**
 * Deletes the specific session.
 * @param $key (string) session ID of session to destroy.
 * @return resource database query result.
 */
function F_session_destroy($key)
{
    global $db;
    $key = F_escape_sql($key);
    $sql = 'DELETE FROM ' . K_TABLE_SESSIONS . ' WHERE cpsession_id=\'' . $key . '\'';
    return F_db_query($sql, $db);
}
예제 #15
0
                // get object ID
                $object_id = intval(substr($k, 3));
                // delete previous value
                $sql = 'DELETE FROM ' . K_TABLE_ATTRIBUTE_VALUES . ' WHERE atv_obj_id=' . $object_id . ' AND atv_atb_id=' . $atb_id . '';
                if (!($r = F_db_query($sql, $db))) {
                    F_display_db_error(false);
                }
                if (strlen($atb_value) > 0) {
                    $sql = 'INSERT INTO ' . K_TABLE_ATTRIBUTE_VALUES . ' (
						atv_obj_id,
						atv_atb_id,
						atv_value
						) VALUES (
						' . $object_id . ',
						' . $atb_id . ',
						\'' . F_escape_sql($atb_value) . '\'
						)';
                    if (!($r = F_db_query($sql, $db))) {
                        F_display_db_error(false);
                    }
                }
            }
        }
        F_print_error('MESSAGE', $l['m_updated']);
        break;
    default:
        break;
}
//end of switch
// -----------------------------------------------------------------------------
echo '<div class="container">' . K_NEWLINE;
예제 #16
0
/**
 * Return the user ID from registration number.
 * @param $regnumber (int) user registration number.
 * @return (int) User ID or 0 in case of error.
 * @since 11.3.005 (2012-07-31)
 */
function F_getUIDfromRegnum($regnum)
{
    global $l, $db;
    require_once '../config/tce_config.php';
    $sql = 'SELECT user_id FROM ' . K_TABLE_USERS . ' WHERE user_regnumber=\'' . F_escape_sql($db, $regnum) . '\' LIMIT 1';
    if ($r = F_db_query($sql, $db)) {
        if ($m = F_db_fetch_array($r)) {
            return $m['user_id'];
        }
    }
    return 0;
}
예제 #17
0
 /**
  * Sets the end element handler function for the XML parser parser.end_element_handler.
  * @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler.
  * @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters.
  * @private
  */
 private function endElementHandler($parser, $name)
 {
     global $l, $db;
     require_once '../config/tce_config.php';
     $name = strtolower($name);
     switch ($name) {
         case 'module':
             $this->addModule();
             $this->level = '';
             break;
         case 'subject':
             $this->addSubject();
             $this->level = 'module';
             break;
         case 'question':
             $this->addQuestion();
             $this->level = 'subject';
             break;
         case 'answer':
             $this->addAnswer();
             $this->level = 'question';
             break;
         default:
             $elname = $this->level . '_' . $name;
             if ($this->current_element == $elname) {
                 // convert XML special chars
                 $this->level_data[$this->level][$this->current_element] = F_xml_to_text(utrim($this->current_data));
                 if ($this->current_element == 'question_description' or $this->current_element == 'answer_description') {
                     // normalize UTF-8 string based on settings
                     $this->level_data[$this->level][$this->current_element] = F_utf8_normalizer($this->level_data[$this->level][$this->current_element], K_UTF8_NORMALIZATION_MODE);
                 }
                 // escape for SQL
                 $this->level_data[$this->level][$this->current_element] = F_escape_sql($db, $this->level_data[$this->level][$this->current_element], false);
             }
             break;
     }
 }
예제 #18
0
/**
 * Export user results in XML format.
 * @param $user_id (int) user ID - if greater than zero, filter stats for the specified user.
 * @param $startdate (string) start date ID - if greater than zero, filter stats for the specified starting date
 * @param $enddate (string) end date ID - if greater than zero, filter stats for the specified ending date
 * @param $order_field (string) Ordering fields for SQL query.
 * @author Nicola Asuni
 * @return XML data
 */
function F_xml_export_user_results($user_id, $startdate, $enddate, $order_field)
{
    global $l, $db;
    require_once '../config/tce_config.php';
    // define symbols for answers list
    $qtype = array('S', 'M', 'T', 'O');
    // question types
    $type = array('single', 'multiple', 'text', 'ordering');
    $boolean = array('false', 'true');
    $xml = '';
    // XML data to be returned
    $xml .= '<' . '?xml version="1.0" encoding="UTF-8" ?' . '>' . K_NEWLINE;
    $xml .= '<tcexamuserresults version="' . K_TCEXAM_VERSION . '">' . K_NEWLINE;
    $xml .= K_TAB . '<header';
    $xml .= ' lang="' . K_USER_LANG . '"';
    $xml .= ' date="' . date(K_TIMESTAMP_FORMAT) . '">' . K_NEWLINE;
    $xml .= K_TAB . K_TAB . '<user_id>' . $user_id . '</user_id>' . K_NEWLINE;
    $sql = 'SELECT user_name, user_lastname, user_firstname FROM ' . K_TABLE_USERS . ' WHERE user_id=' . $user_id . '';
    if ($r = F_db_query($sql, $db)) {
        if ($m = F_db_fetch_array($r)) {
            $xml .= K_TAB . K_TAB . '<user_name>' . $m['user_name'] . '</user_name>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . '<user_lastname>' . $m['user_lastname'] . '</user_lastname>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . '<user_firstname>' . $m['user_firstname'] . '</user_firstname>' . K_NEWLINE;
        }
    } else {
        F_display_db_error();
    }
    $xml .= K_TAB . K_TAB . '<date_from>' . $startdate . '</date_from>' . K_NEWLINE;
    $xml .= K_TAB . K_TAB . '<date_to>' . $enddate . '</date_to>' . K_NEWLINE;
    $xml .= K_TAB . '</header>' . K_NEWLINE;
    $xml .= K_TAB . '<body>' . K_NEWLINE;
    $statsdata = array();
    $statsdata['score'] = array();
    $statsdata['right'] = array();
    $statsdata['wrong'] = array();
    $statsdata['unanswered'] = array();
    $statsdata['undisplayed'] = array();
    $statsdata['unrated'] = array();
    $sql = 'SELECT
			testuser_id,
			test_id,
			test_name,
			testuser_creation_time,
			testuser_status,
			SUM(testlog_score) AS total_score,
			MAX(testlog_change_time) AS testuser_end_time
		FROM ' . K_TABLE_TESTS_LOGS . ', ' . K_TABLE_TEST_USER . ', ' . K_TABLE_TESTS . '
		WHERE testuser_status>0
			AND testuser_creation_time>=\'' . F_escape_sql($db, $startdate) . '\'
			AND testuser_creation_time<=\'' . F_escape_sql($db, $enddate) . '\'
			AND testuser_user_id=' . $user_id . '
			AND testlog_testuser_id=testuser_id
			AND testuser_test_id=test_id';
    if ($_SESSION['session_user_level'] < K_AUTH_ADMINISTRATOR) {
        $sql .= ' AND test_user_id IN (' . F_getAuthorizedUsers($_SESSION['session_user_id']) . ')';
    }
    $sql .= ' GROUP BY testuser_id, test_id, test_name, testuser_creation_time, testuser_status ORDER BY ' . F_escape_sql($db, $order_field) . '';
    if ($r = F_db_query($sql, $db)) {
        $passed = 0;
        while ($m = F_db_fetch_array($r)) {
            $testuser_id = $m['testuser_id'];
            $usrtestdata = F_getUserTestStat($m['test_id'], $user_id);
            $halfscore = $usrtestdata['max_score'] / 2;
            $xml .= K_TAB . K_TAB . '<test id=\'' . $m['test_id'] . '\'>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<start_time>' . $m['testuser_creation_time'] . '</start_time>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<end_time>' . $m['testuser_end_time'] . '</end_time>' . K_NEWLINE;
            $time_diff = strtotime($m['testuser_end_time']) - strtotime($m['testuser_creation_time']);
            //sec
            $time_diff = gmdate('H:i:s', $time_diff);
            $xml .= K_TAB . K_TAB . K_TAB . '<time>' . $time_diff . '</time>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<name>' . F_text_to_xml($m['test_name']) . '</name>' . K_NEWLINE;
            if ($usrtestdata['score_threshold'] > 0) {
                if ($usrtestdata['score'] >= $usrtestdata['score_threshold']) {
                    $xml .= K_TAB . K_TAB . K_TAB . '<passed>true</passed>' . K_NEWLINE;
                    $passed++;
                } else {
                    $xml .= K_TAB . K_TAB . K_TAB . '<passed>false</passed>' . K_NEWLINE;
                }
            } elseif ($usrtestdata['score'] > $halfscore) {
                $passed++;
            }
            $xml .= K_TAB . K_TAB . K_TAB . '<score>' . round($m['total_score'], 3) . '</score>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<score_percent>' . round(100 * $usrtestdata['score'] / $usrtestdata['max_score']) . '</score_percent>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<right>' . $usrtestdata['right'] . '</right>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<right_percent>' . round(100 * $usrtestdata['right'] / $usrtestdata['all']) . '</right_percent>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<wrong>' . $usrtestdata['wrong'] . '</wrong>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<wrong_percent>' . round(100 * $usrtestdata['wrong'] / $usrtestdata['all']) . '</wrong_percent>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<unanswered>' . $usrtestdata['unanswered'] . '</unanswered>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<unanswered_percent>' . round(100 * $usrtestdata['unanswered'] / $usrtestdata['all']) . '</unanswered_percent>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<undisplayed>' . $usrtestdata['undisplayed'] . '</undisplayed>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<undisplayed_percent>' . round(100 * $usrtestdata['undisplayed'] / $usrtestdata['all']) . '</undisplayed_percent>' . K_NEWLINE;
            if ($m['testuser_status'] == 4) {
                $status = $l['w_locked'];
            } else {
                $status = $l['w_unlocked'];
            }
            $xml .= K_TAB . K_TAB . K_TAB . '<status>' . $status . '</status>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . '<comment>' . F_text_to_xml($usrtestdata['comment']) . '</comment>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . '</test>' . K_NEWLINE;
            // collects data for descriptive statistics
            $statsdata['score'][] = $m['total_score'] / $usrtestdata['max_score'];
            $statsdata['right'][] = $usrtestdata['right'] / $usrtestdata['all'];
            $statsdata['wrong'][] = $usrtestdata['wrong'] / $usrtestdata['all'];
            $statsdata['unanswered'][] = $usrtestdata['unanswered'] / $usrtestdata['all'];
            $statsdata['undisplayed'][] = $usrtestdata['undisplayed'] / $usrtestdata['all'];
            $statsdata['unrated'][] = $usrtestdata['unrated'] / $usrtestdata['all'];
        }
    } else {
        F_display_db_error();
    }
    // calculate statistics
    $stats = F_getArrayStatistics($statsdata);
    $excludestat = array('sum', 'variance');
    $calcpercent = array('mean', 'median', 'mode', 'minimum', 'maximum', 'range', 'standard_deviation');
    $xml .= K_TAB . K_TAB . '<teststatistics>' . K_NEWLINE;
    $xml .= K_TAB . K_TAB . K_TAB . '<passed>' . $passed . '</passed>' . K_NEWLINE;
    $passed_perc = 0;
    if ($itemcount > 0) {
        $passed_perc = $passed / $stats['number']['score'];
    }
    $xml .= K_TAB . K_TAB . K_TAB . '<passed_percent>' . round(100 * $passed_perc) . '</passed_percent>' . K_NEWLINE;
    foreach ($stats as $row => $columns) {
        if (!in_array($row, $excludestat)) {
            $xml .= K_TAB . K_TAB . K_TAB . '<' . $row . '>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<score>' . round($columns['score'], 3) . '</score>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<right>' . round($columns['right'], 3) . '</right>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<wrong>' . round($columns['wrong'], 3) . '</wrong>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<unanswered>' . round($columns['unanswered'], 3) . '</unanswered>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<undisplayed>' . round($columns['undisplayed'], 3) . '</undisplayed>' . K_NEWLINE;
            $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<unrated>' . round($columns['unrated'], 3) . '</unrated>' . K_NEWLINE;
            if (in_array($row, $calcpercent)) {
                $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<score_percent>' . round(100 * ($columns['score'] / $usrtestdata['max_score'])) . '</score_percent>' . K_NEWLINE;
                $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<right_percent>' . round(100 * ($columns['right'] / $usrtestdata['all'])) . '</right_percent>' . K_NEWLINE;
                $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<wrong_percent>' . round(100 * ($columns['wrong'] / $usrtestdata['all'])) . '</wrong_percent>' . K_NEWLINE;
                $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<unanswered_percent>' . round(100 * ($columns['unanswered'] / $usrtestdata['all'])) . '</unanswered_percent>' . K_NEWLINE;
                $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<undisplayed_percent>' . round(100 * ($columns['undisplayed'] / $usrtestdata['all'])) . '</undisplayed_percent>' . K_NEWLINE;
                $xml .= K_TAB . K_TAB . K_TAB . K_TAB . '<unrated_percent>' . round(100 * ($columns['unrated'] / $usrtestdata['all'])) . '</unrated_percent>' . K_NEWLINE;
            }
            $xml .= K_TAB . K_TAB . K_TAB . '</' . $row . '>' . K_NEWLINE;
        }
    }
    $xml .= K_TAB . K_TAB . '</teststatistics>' . K_NEWLINE;
    $xml .= K_TAB . '</body>' . K_NEWLINE;
    $xml .= '</tcexamuserresults>' . K_NEWLINE;
    return $xml;
}
예제 #19
0
        break;
    case 'add':
        // Add user
        if ($formstatus = F_check_form_fields()) {
            // check submitted form fields
            // check if name is unique
            if (!F_check_unique(K_TABLE_GROUPS, 'group_name=\'' . F_escape_sql($group_name) . '\'')) {
                F_print_error('WARNING', $l['m_duplicate_name']);
                $formstatus = FALSE;
                F_stripslashes_formfields();
                break;
            }
            $sql = 'INSERT INTO ' . K_TABLE_GROUPS . ' (
				group_name
				) VALUES (
				\'' . F_escape_sql($group_name) . '\')';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                $group_id = F_db_insert_id($db, K_TABLE_GROUPS, 'group_id');
            }
            // add current user to the new group
            $sql = 'INSERT INTO ' . K_TABLE_USERGROUP . ' (
				usrgrp_user_id,
				usrgrp_group_id
				) VALUES (
				\'' . $_SESSION['session_user_id'] . '\',
				\'' . $group_id . '\'
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
예제 #20
0
                F_print_error('WARNING', $l['m_duplicate_name']);
                $formstatus = FALSE;
                F_stripslashes_formfields();
                break;
            }
            if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
                $module_user_id = intval($module_user_id);
            } else {
                $module_user_id = intval($_SESSION['session_user_id']);
            }
            $sql = 'INSERT INTO ' . K_TABLE_MODULES . ' (
				module_name,
				module_enabled,
				module_user_id
				) VALUES (
				\'' . F_escape_sql($module_name) . '\',
				\'' . $module_enabled . '\',
				\'' . $module_user_id . '\'
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                $module_id = F_db_insert_id($db, K_TABLE_MODULES, 'module_id');
            }
        }
        break;
    case 'clear':
        // Clear form fields
        $module_name = '';
        $module_enabled = true;
        $module_user_id = intval($_SESSION['session_user_id']);
예제 #21
0
        if ($formstatus = F_check_form_fields()) {
            // check submitted form fields
            // check if name is unique
            if (!F_check_unique(K_TABLE_OBJECT_TYPES, 'obt_name=\'' . F_escape_sql($obt_name) . '\'')) {
                F_print_error('WARNING', $l['m_duplicate_name']);
                $formstatus = FALSE;
                F_stripslashes_formfields();
                break;
            }
            $sql = 'INSERT INTO ' . K_TABLE_OBJECT_TYPES . ' (
				obt_name,
				obt_description,
				obt_color,
				obt_virtual
				) VALUES (
				\'' . F_escape_sql($obt_name) . '\',
				' . F_empty_to_null($obt_description) . ',
				' . F_empty_to_null($obt_color) . ',
				\'' . $obt_virtual . '\'
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                $obt_id = F_db_insert_id($db, K_TABLE_OBJECT_TYPES, 'obt_id');
            }
            // add attribute
            if (!empty($object_attributes)) {
                foreach ($object_attributes as $atb_id) {
                    $sql = 'INSERT INTO ' . K_TABLE_OBJECT_ATTRIBUTES_MAP . ' (
						oam_obt_id,
						oam_atb_id
예제 #22
0
/**
 * Updates user's test comment.<br>
 * @param $test_id (int) test ID
 * @param $testcomment (string) user comment.
 * @return string XHTML code
 * @since 4.0.000 (2006-10-01)
 */
function F_updateTestComment($test_id, $testcomment)
{
    require_once '../config/tce_config.php';
    global $db, $l;
    $test_id = intval($test_id);
    $testcomment = F_escape_sql($testcomment);
    $user_id = intval($_SESSION['session_user_id']);
    $sql = 'UPDATE ' . K_TABLE_TEST_USER . '
		SET testuser_comment=\'' . $testcomment . '\'
		WHERE testuser_test_id=' . $test_id . '
			AND testuser_user_id=' . $user_id . '';
    if (!($r = F_db_query($sql, $db))) {
        F_display_db_error();
    }
}
예제 #23
0
				user_password,
				user_regnumber,
				user_firstname,
				user_lastname,
				user_birthdate,
				user_birthplace,
				user_ssn,
				user_level,
				user_verifycode,
				user_otpkey
				) VALUES (
				\'' . F_escape_sql($db, $user_regdate) . '\',
				\'' . F_escape_sql($db, $user_ip) . '\',
				\'' . F_escape_sql($db, $user_name) . '\',
				' . F_empty_to_null($user_email) . ',
				\'' . F_escape_sql($db, $user_password) . '\',
				' . F_empty_to_null($user_regnumber) . ',
				' . F_empty_to_null($user_firstname) . ',
				' . F_empty_to_null($user_lastname) . ',
				' . F_empty_to_null($user_birthdate) . ',
				' . F_empty_to_null($user_birthplace) . ',
				' . F_empty_to_null($user_ssn) . ',
				\'' . $usrlevel . '\',
				\'' . $user_verifycode . '\',
				' . F_empty_to_null($user_otpkey) . '
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                $user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id');
            }
예제 #24
0
            }
            $sql = 'INSERT INTO ' . K_TABLE_QUESTIONS . ' (
				question_subject_id,
				question_description,
				question_explanation,
				question_type,
				question_difficulty,
				question_enabled,
				question_position,
				question_timer,
				question_fullscreen,
				question_inline_answers,
				question_auto_next
				) VALUES (
				' . $question_subject_id . ',
				\'' . F_escape_sql($question_description) . '\',
				' . F_empty_to_null($question_explanation) . ',
				\'' . $question_type . '\',
				\'' . $question_difficulty . '\',
				\'' . $question_enabled . '\',
				' . F_zero_to_null($question_position) . ',
				\'' . $question_timer . '\',
				\'' . $question_fullscreen . '\',
				\'' . $question_inline_answers . '\',
				\'' . $question_auto_next . '\'
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                $question_id = F_db_insert_id($db, K_TABLE_QUESTIONS, 'question_id');
            }
/**
 * Returns true if the current user is authorized to update and delete the selected database record.
 * @author Nicola Asuni
 * @since 2006-03-11
 * @param $table (string) table to be modified
 * @param $field_id_name (string) name of the main ID field of the table
 * @param $value_id (int) value of the ID field of the table
 * @param $field_user_id (string) name of the foreign key to to user_id
 * @return boolean true if the user is authorized, false otherwise
 */
function F_isAuthorizedUser($table, $field_id_name, $value_id, $field_user_id)
{
    global $l, $db;
    require_once '../config/tce_config.php';
    $table = F_escape_sql($table);
    $field_id_name = F_escape_sql($field_id_name);
    $value_id = intval($value_id);
    $field_user_id = F_escape_sql($field_user_id);
    $user_id = intval($_SESSION['session_user_id']);
    // check for administrator
    if ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR) {
        return true;
    }
    // check for original author
    if (F_count_rows($table . ' WHERE ' . $field_id_name . '=' . $value_id . ' AND ' . $field_user_id . '=' . $user_id . ' LIMIT 1') > 0) {
        return true;
    }
    // check for author's groups
    // get author ID
    $author_id = 0;
    $sql = 'SELECT ' . $field_user_id . ' FROM ' . $table . ' WHERE ' . $field_id_name . '=' . $value_id . ' LIMIT 1';
    if ($r = F_db_query($sql, $db)) {
        if ($m = F_db_fetch_array($r)) {
            $author_id = $m[0];
        }
    } else {
        F_display_db_error();
    }
    if ($author_id > 1 and F_count_rows(K_TABLE_USERGROUP . ' AS ta, ' . K_TABLE_USERGROUP . ' AS tb
		WHERE ta.usrgrp_group_id=tb.usrgrp_group_id
			AND ta.usrgrp_user_id=' . $author_id . '
			AND tb.usrgrp_user_id=' . $user_id . '
			LIMIT 1') > 0) {
        return true;
    }
    return false;
}
예제 #26
0
							\'' . getPasswordHash($_POST['xuser_password']) . '\',
							' . F_empty_to_null($altusr['user_regnumber']) . ',
							' . F_empty_to_null($altusr['user_firstname']) . ',
							' . F_empty_to_null($altusr['user_lastname']) . ',
							' . F_empty_to_null($altusr['user_birthdate']) . ',
							' . F_empty_to_null($altusr['user_birthplace']) . ',
							' . F_empty_to_null($altusr['user_ssn']) . ',
							\'' . intval($altusr['user_level']) . '\'
							)';
                        if (!($r = F_db_query($sql, $db))) {
                            F_display_db_error();
                        } else {
                            $user_id = F_db_insert_id($db, K_TABLE_USERS, 'user_id');
                            // sets some user's session data
                            $_SESSION['session_user_id'] = $user_id;
                            $_SESSION['session_user_name'] = F_escape_sql($db, $_POST['xuser_name']);
                            $_SESSION['session_user_ip'] = getNormalizedIP($_SERVER['REMOTE_ADDR']);
                            $_SESSION['session_user_level'] = intval($altusr['user_level']);
                            $_SESSION['session_user_firstname'] = urlencode($altusr['user_firstname']);
                            $_SESSION['session_user_lastname'] = urlencode($altusr['user_lastname']);
                            $_SESSION['session_last_visit'] = 0;
                            $_SESSION['session_test_login'] = '';
                            $logged = true;
                            // sync user groups
                            F_syncUserGroups($_SESSION['session_user_id'], $altusr['usrgrp_group_id']);
                        }
                    } else {
                        $login_error = true;
                    }
                }
            } else {
예제 #27
0
    header('Location: ' . K_PATH_HOST . K_PATH_TCEXAM);
    exit;
}
$email = $_REQUEST['a'];
$verifycode = $_REQUEST['b'];
$userid = intval($_REQUEST['c']);
$pagelevel = 0;
require_once '../../shared/code/tce_authorization.php';
$thispage_title = $l['t_user_registration'];
$thispage_description = '';
require_once '../code/tce_page_header.php';
$sql = 'SELECT *
	FROM ' . K_TABLE_USERS . '
	WHERE (user_verifycode=\'' . F_escape_sql($verifycode) . '\'
		AND user_id=\'' . $userid . '\'
		AND user_email=\'' . F_escape_sql($email) . '\')
		LIMIT 1';
if ($r = F_db_query($sql, $db)) {
    if ($m = F_db_fetch_array($r)) {
        // update user level
        $sqlu = 'UPDATE ' . K_TABLE_USERS . ' SET
				user_level=\'1\',
				user_verifycode=NULL
				WHERE user_id=' . $userid . '';
        if (!($ru = F_db_query($sqlu, $db))) {
            F_display_db_error(false);
        } else {
            F_print_error('MESSAGE', $l['m_user_registration_ok']);
            echo K_NEWLINE;
            echo '<div class="container">' . K_NEWLINE;
            if (K_OTP_LOGIN) {
예제 #28
0
        if ($formstatus = F_check_form_fields()) {
            // check password
            if (!empty($user_email) or !empty($user_email_repeat)) {
                if ($user_email != $user_email_repeat) {
                    //print message and exit
                    F_print_error('WARNING', $l['m_different_emails']);
                    $formstatus = FALSE;
                    F_stripslashes_formfields();
                    break;
                }
            }
            mt_srand((double) microtime() * 1000000);
            $user_verifycode = md5(uniqid(mt_rand(), true));
            // verification code
            $sql = 'UPDATE ' . K_TABLE_USERS . ' SET
				user_email=\'' . F_escape_sql($user_email) . '\',
				user_level=\'0\',
				user_verifycode=\'' . $user_verifycode . '\'
				WHERE user_id=' . $user_id . ' AND user_password=\'' . getPasswordHash($currentpassword) . '\'';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                F_print_error('MESSAGE', $l['m_email_updated']);
                // require email confirmation
                require_once '../../shared/code/tce_functions_user_registration.php';
                F_send_user_reg_email($user_id, $user_email, $user_verifycode);
                F_print_error('MESSAGE', $user_email . ': ' . $l['m_user_verification_sent']);
                echo '<div class="container">' . K_NEWLINE;
                echo '<strong><a href="index.php" title="' . $l['h_index'] . '">' . $l['h_index'] . ' &gt;</a></strong>' . K_NEWLINE;
                echo '</div>' . K_NEWLINE;
                require_once 'tce_page_footer.php';
 /**
  * Sets the end element handler function for the XML parser parser.end_element_handler.
  * @param $parser (resource) The first parameter, parser, is a reference to the XML parser calling the handler.
  * @param $name (string) The second parameter, name, contains the name of the element for which this handler is called. If case-folding is in effect for this parser, the element name will be in uppercase letters.
  * @private
  */
 private function endElementHandler($parser, $name)
 {
     global $l, $db;
     require_once '../config/tce_config.php';
     $name = strtolower($name);
     switch ($name) {
         case 'module':
             $this->addModule();
             $this->level = '';
             break;
         case 'subject':
             $this->addSubject();
             $this->level = 'module';
             break;
         case 'question':
             $this->addQuestion();
             $this->level = 'subject';
             break;
         case 'answer':
             $this->addAnswer();
             $this->level = 'question';
             break;
         default:
             $elname = $this->level . '_' . $name;
             if ($this->current_element == $elname) {
                 $this->level_data[$this->level][$this->current_element] = F_escape_sql(F_xml_to_text(utrim($this->current_data)), false);
             }
             break;
     }
 }
예제 #30
0
        // Add
        if ($formstatus = F_check_form_fields()) {
            // check submitted form fields
            // check if name is unique
            if (!F_check_unique(K_TABLE_TEMPLATES, 'tmp_name=\'' . F_escape_sql($tmp_name) . '\'')) {
                F_print_error('WARNING', $l['m_duplicate_name']);
                $formstatus = FALSE;
                F_stripslashes_formfields();
                break;
            }
            $sql = 'INSERT INTO ' . K_TABLE_TEMPLATES . ' (
				tmp_name,
				tmp_template
				) VALUES (
				\'' . F_escape_sql($tmp_name) . '\',
				\'' . F_escape_sql($tmp_template) . '\'
				)';
            if (!($r = F_db_query($sql, $db))) {
                F_display_db_error(false);
            } else {
                $tmp_id = F_db_insert_id($db, K_TABLE_TEMPLATES, 'tmp_id');
            }
        }
        break;
    case 'clear':
        // Clear form fields
        $tmp_name = '';
        $tmp_template = '';
        break;
    default:
        break;