Exemplo n.º 1
function add_update_course($course_data, $isadmin = FALSE)
    require_once AT_INCLUDE_PATH . '../mods/_core/file_manager/filemanager.inc.php';
    global $addslashes;
    global $db;
    global $system_courses;
    global $MaxCourseSize;
    global $msg;
    global $_config;
    global $_config_defaults;
    global $stripslashes;
    $Backup = new Backup($db);
    $missing_fields = array();
    if ($course_data['title'] == '') {
        $missing_fields[] = _AT('title');
    if (!$course_data['instructor']) {
        $missing_fields[] = _AT('instructor');
    if ($missing_fields) {
        $missing_fields = implode(', ', $missing_fields);
        $msg->addError(array('EMPTY_FIELDS', $missing_fields));
    $course_data['access'] = $addslashes($course_data['access']);
    $course_data['title'] = $addslashes($course_data['title']);
    $course_data['description'] = $addslashes($course_data['description']);
    $course_data['hide'] = $addslashes($course_data['hide']);
    $course_data['pri_lang'] = $addslashes($course_data['pri_lang']);
    $course_data['created_date'] = $addslashes($course_data['created_date']);
    $course_data['copyright'] = $addslashes($course_data['copyright']);
    $course_data['icon'] = $addslashes($course_data['icon']);
    $course_data['banner'] = $addslashes($course_data['banner']);
    $course_data['course_dir_name'] = $addslashes($course_data['course_dir_name']);
    $course_data['course'] = intval($course_data['course']);
    $course_data['notify'] = intval($course_data['notify']);
    $course_data['hide'] = intval($course_data['hide']);
    $course_data['instructor'] = intval($course_data['instructor']);
    $course_data['category_parent'] = intval($course_data['category_parent']);
    $course_data['rss'] = intval($course_data['rss']);
    // Course directory name (aka course slug)
    if ($course_data['course_dir_name'] != '') {
        //validate the course_dir_name, allow only alphanumeric, underscore.
        if (preg_match('/^[\\w][\\w\\d\\_]+$/', $course_data['course_dir_name']) == 0) {
        //check if the course_dir_name is already being used
        $sql = "SELECT COUNT(course_id) as cnt FROM %scourses WHERE course_id!=%d AND course_dir_name='%s'";
        $num_of_dir = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['course_dir_name']), TRUE);
        if (intval($num_of_dir['cnt']) > 0) {
    // Custom icon
    if ($_FILES['customicon']['name'] != '') {
        // Use custom icon instead if it exists
        $course_data['icon'] = $addslashes($_FILES['customicon']['name']);
    if ($_FILES['customicon']['error'] == UPLOAD_ERR_FORM_SIZE) {
        // Check if filesize is too large for a POST
        $msg->addError(array('FILE_MAX_SIZE', $_config['prof_pic_max_file_size'] . ' ' . _AT('bytes')));
    if ($course_data['release_date']) {
        $day_release = intval($course_data['day_release']);
        $month_release = intval($course_data['month_release']);
        $year_release = intval($course_data['year_release']);
        $hour_release = intval($course_data['hour_release']);
        $min_release = intval($course_data['min_release']);
        if (!checkdate($month_release, $day_release, $year_release)) {
            //or date is in the past
        if (strlen($month_release) == 1) {
            $month_release = "0{$month_release}";
        if (strlen($day_release) == 1) {
            $day_release = "0{$day_release}";
        if (strlen($hour_release) == 1) {
            $hour_release = "0{$hour_release}";
        if (strlen($min_release) == 1) {
            $min_release = "0{$min_release}";
        $release_date = "{$year_release}-{$month_release}-{$day_release} {$hour_release}:{$min_release}:00";
    } else {
        $release_date = "0000-00-00 00:00:00";
    if ($course_data['end_date']) {
        $day_end = intval($course_data['day_end']);
        $month_end = intval($course_data['month_end']);
        $year_end = intval($course_data['year_end']);
        $hour_end = intval($course_data['hour_end']);
        $min_end = intval($course_data['min_end']);
        if (!checkdate($month_end, $day_end, $year_end)) {
            //or date is in the past
        if (strlen($month_end) == 1) {
            $month_end = "0{$month_end}";
        if (strlen($day_end) == 1) {
            $day_end = "0{$day_end}";
        if (strlen($hour_end) == 1) {
            $hour_end = "0{$hour_end}";
        if (strlen($min_end) == 1) {
            $min_end = "0{$min_end}";
        $end_date = "{$year_end}-{$month_end}-{$day_end} {$hour_end}:{$min_end}:00";
    } else {
        $end_date = "0000-00-00 00:00:00";
    $initial_content_info = explode('_', $course_data['initial_content'], 2);
    $course_quotas = '';
    if ($isadmin) {
        $instructor = $course_data['instructor'];
        $quota = intval($course_data['quota']);
        $quota_entered = intval($course_data['quota_entered']);
        $filesize = intval($course_data['filesize']);
        $filesize_entered = intval($course_data['filesize_entered']);
        //if they checked 'other', set quota=entered value, if it is empty or negative, set to default (-2)
        if ($quota == '2') {
            if ($quota_entered == '' || empty($quota_entered) || $quota_entered < 0) {
                $quota = AT_COURSESIZE_DEFAULT;
            } else {
                $quota = floatval($quota_entered);
                $quota = megabytes_to_bytes($quota);
        //if they checked 'other', set filesize=entered value, if it is empty or negative, set to default
        if ($filesize == '2') {
            if ($filesize_entered == '' || empty($filesize_entered) || $filesize_entered < 0) {
                $filesize = AT_FILESIZE_DEFAULT;
            } else {
                $filesize = floatval($filesize_entered);
                $filesize = megabytes_to_bytes($filesize);
        $course_quotas = "max_quota='{$quota}', max_file_size='{$filesize}',";
    } else {
        $instructor = $_SESSION['member_id'];
        if (!$course_data['course']) {
            $course_quotas = "max_quota=" . AT_COURSESIZE_DEFAULT . ", max_file_size=" . AT_FILESIZE_DEFAULT . ",";
            $row = $Backup->getRow($initial_content_info[0], $initial_content_info[1]);
            if (count($initial_content_info) == 2 && $system_courses[$initial_content_info[1]]['member_id'] == $_SESSION['member_id']) {
                if ($MaxCourseSize < $row['contents']['file_manager']) {
            } else {
                $initial_content_info = intval($course_data['initial_content']);
        } else {
            $course_quotas = "max_quota='{$system_courses[$course_data[course]][max_quota]}', max_file_size='{$system_courses[$course_data[course]][max_file_size]}',";
    if ($msg->containsErrors()) {
        return FALSE;
    //display defaults
    if (!$course_data['course']) {
        $menu_defaults = ",home_links='{$_config['home_defaults']}', main_links='{$_config['main_defaults']}', side_menu='{$_config['side_defaults']}'";
    } else {
        $menu_defaults = ',home_links=\'' . $system_courses[$course_data['course']]['home_links'] . '\', main_links=\'' . $system_courses[$course_data['course']]['main_links'] . '\', side_menu=\'' . $system_courses[$course_data['course']]['side_menu'] . '\'';
    $sql = "REPLACE INTO %scourses \n                SET \n                course_id=%d, \n                member_id='%s', \n                access='%s', \n                title='%s', \n                description='%s', \n                course_dir_name='%s', \n                cat_id=%d, \n                content_packaging='%s', \n                notify=%d, \n                hide=%d, \n                {$course_quotas}\n                primary_language='%s',\n                created_date='%s',\n                rss=%d,\n                copyright='%s',\n                icon='%s',\n                banner='%s',\n                release_date='%s', \n                end_date='%s' \n                {$menu_defaults}";
    $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $course_data['instructor'], $course_data['access'], $course_data['title'], $course_data['description'], $course_data['course_dir_name'], $course_data['category_parent'], $course_data['content_packaging'], $course_data['notify'], $course_data['hide'], $course_data['pri_lang'], $course_data['created_date'], $course_data['rss'], $course_data['copyright'], $course_data['icon'], $course_data['banner'], $release_date, $end_date));
    if (!$result) {
        echo at_db_error();
        echo 'DB Error';
    $new_course_id = $_SESSION['course_id'] = at_insert_id();
    if (isset($isadmin)) {
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_REPLACE, 'courses', $result, $sqlout);
    if (isset($isadmin)) {
        //get current instructor and unenroll from course if different from POST instructor
        $old_instructor = $system_courses[$course_data['course']]['member_id'];
        if ($old_instructor != $course_data['instructor']) {
            //remove old from course enrollment
            $sql = "DELETE FROM %scourse_enrollment WHERE course_id=%d AND member_id=%d";
            $result = queryDB($sql, array(TABLE_PREFIX, $course_data['course'], $old_instructor));
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_DELETE, 'course_enrollment', $result, $sqlout);
    //enroll new instructor
    $sql = "REPLACE INTO %scourse_enrollment VALUES (%d, %d, 'y', 0, '" . _AT('instructor') . "', 0)";
    $result = queryDB($sql, array(TABLE_PREFIX, $course_data['instructor'], $new_course_id));
    if (isset($isadmin)) {
        global $sqlout;
        write_to_log(AT_ADMIN_LOG_REPLACE, 'course_enrollment', $result, $sqlout);
    // create the course content directory
    $path = AT_CONTENT_DIR . $new_course_id . '/';
    @mkdir($path, 0700);
    @copy(AT_CONTENT_DIR . 'index.html', AT_CONTENT_DIR . $new_course_id . '/index.html');
    // create the course backup directory
    $path = AT_BACKUP_DIR . $new_course_id . '/';
    @mkdir($path, 0700);
    @copy(AT_CONTENT_DIR . 'index.html', AT_BACKUP_DIR . $new_course_id . '/index.html');
    /* insert some default content: */
    if (!$course_data['course_id'] && $course_data['initial_content'] == '1') {
        $contentManager = new ContentManager($db, $new_course_id);
        $cid = $contentManager->addContent($new_course_id, 0, 1, _AT('welcome_to_atutor'), addslashes(_AT('this_is_content')), '', '', 1, date('Y-m-d H:00:00'));
        $announcement = _AT('default_announcement');
        $sql = "INSERT INTO %snews VALUES (NULL, %d, %d, NOW(), 1, '%s', '%s')";
        $result = queryDB($sql, array(TABLE_PREFIX, $new_course_id, $instructor, _AT('welcome_to_atutor'), $announcement));
        if ($isadmin) {
            global $sqlout;
            write_to_log(AT_ADMIN_LOG_INSERT, 'news', $result, $sqlout);
    } else {
        if (!$course_data['course'] && count($initial_content_info) == 2) {
            $Backup->restore($material = TRUE, 'append', $initial_content_info[0], $initial_content_info[1]);
    // custom icon, have to be after directory is created
    if ($_FILES['customicon']['tmp_name'] != '') {
        $course_data['comments'] = trim($course_data['comments']);
        $owner_id = $_SESSION['course_id'];
        $owner_type = "1";
        if ($_FILES['customicon']['error'] == UPLOAD_ERR_INI_SIZE) {
            $msg->addError(array('FILE_TOO_BIG', get_human_size(megabytes_to_bytes(substr(ini_get('upload_max_filesize'), 0, -1)))));
        } else {
            if (!isset($_FILES['customicon']['name']) || $_FILES['customicon']['error'] == UPLOAD_ERR_NO_FILE || $_FILES['customicon']['size'] == 0) {
            } else {
                if ($_FILES['customicon']['error'] || !is_uploaded_file($_FILES['customicon']['tmp_name'])) {
        if (!$msg->containsErrors()) {
            $course_data['description'] = $addslashes(trim($course_data['description']));
            $_FILES['customicon']['name'] = addslashes($_FILES['customicon']['name']);
            if ($course_data['comments']) {
                $num_comments = 1;
            } else {
                $num_comments = 0;
            $path = AT_CONTENT_DIR . $owner_id . "/custom_icons/";
            if (!is_dir($path)) {
            // if we can upload custom course icon, it means GD is enabled, no need to check extension again.
            $gd_info = gd_info();
            $supported_images = array();
            if ($gd_info['GIF Create Support']) {
                $supported_images[] = 'gif';
            if ($gd_info['JPG Support'] || $gd_info['JPEG Support']) {
                $supported_images[] = 'jpg';
            if ($gd_info['PNG Support']) {
                $supported_images[] = 'png';
            // check if this is a supported file type
            $filename = $stripslashes($_FILES['customicon']['name']);
            $path_parts = pathinfo($filename);
            $extension = strtolower($path_parts['extension']);
            $image_attributes = getimagesize($_FILES['customicon']['tmp_name']);
            if ($extension == 'jpeg') {
                $extension = 'jpg';
            // resize the original but don't backup a copy.
            $width = $image_attributes[0];
            $height = $image_attributes[1];
            $original_img = $_FILES['customicon']['tmp_name'];
            $thumbnail_img = $path . $_FILES['customicon']['name'];
            if ($width > $height && $width > 79) {
                $thumbnail_height = intval(79 * $height / $width);
                $thumbnail_width = 79;
                if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
            } else {
                if ($width <= $height && $height > 79) {
                    $thumbnail_height = 100;
                    $thumbnail_width = intval(100 * $width / $height);
                    if (!resize_image($original_img, $thumbnail_img, $height, $width, $thumbnail_height, $thumbnail_width, $extension)) {
                } else {
                    // no resizing, just copy the image.
                    // it's too small to resize.
                    copy($original_img, $thumbnail_img);
        } else {
    /* delete the RSS feeds just in case: */
    if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS1.0.xml')) {
        @unlink(AT_CONTENT_DIR . 'feeds/' . $course_data['course'] . '/RSS1.0.xml');
    if (file_exists(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml')) {
        @unlink(AT_CONTENT_DIR . 'feeds/' . $new_course_id . '/RSS2.0.xml');
    if ($isadmin) {
        $_SESSION['course_id'] = -1;
    $_SESSION['course_title'] = $stripslashes($course_data['title']);
    return $new_course_id;
Exemplo n.º 2
 $_POST['address'] = $addslashes($_POST['address']);
 $_POST['postal'] = $addslashes($_POST['postal']);
 $_POST['city'] = $addslashes($_POST['city']);
 $_POST['province'] = $addslashes($_POST['province']);
 $_POST['country'] = $addslashes($_POST['country']);
 $_POST['phone'] = $addslashes($_POST['phone']);
 } else {
     $status = AT_STATUS_STUDENT;
 $now = date('Y-m-d H:i:s');
 // we use this later for the email confirmation.
 /* insert into the db */
 $sql = "INSERT INTO %smembers \n\t\t              (login,\n\t\t               password,\n\t\t               email,\n\t\t               website,\n\t\t               first_name,\n\t\t               second_name,\n\t\t               last_name,\n\t\t               dob,\n\t\t               gender,\n\t\t               address,\n\t\t               postal,\n\t\t               city,\n\t\t               province,\n\t\t               country,\n\t\t               phone,\n\t\t               status,\n\t\t               preferences,\n\t\t               creation_date,\n\t\t               language,\n\t\t               inbox_notify,\n\t\t               private_email,\n\t\t               last_login)\n\t\t       VALUES ('{$_POST['login']}',\n\t\t               '{$_POST['password']}',\n\t\t               '{$_POST['email']}',\n\t\t               '{$_POST['website']}',\n\t\t               '{$_POST['first_name']}',\n\t\t               '{$_POST['second_name']}',\n\t\t               '{$_POST['last_name']}', \n\t\t               '{$dob}', \n\t\t               '{$_POST['gender']}', \n\t\t               '{$_POST['address']}',\n\t\t               '{$_POST['postal']}',\n\t\t               '{$_POST['city']}',\n\t\t               '{$_POST['province']}',\n\t\t               '{$_POST['country']}', \n\t\t               '{$_POST['phone']}', \n\t\t               {$status}, \n\t\t               '{$_config['pref_defaults']}', \n\t\t               '{$now}',\n\t\t               '{$_SESSION['lang']}', \n\t\t               {$_config['pref_inbox_notify']}, \n\t\t               {$_POST['private_email']}, \n\t\t               '0000-00-00 00:00:00')";
 $result = queryDB($sql, array(TABLE_PREFIX)) or die(at_db_error());
 $m_id = at_insert_id($db);
 if (!$result) {
     require AT_INCLUDE_PATH . 'header.inc.php';
     require AT_INCLUDE_PATH . 'footer.inc.php';
 if (isset($master_list_sql)) {
     queryDB($master_list_sql, array(TABLE_PREFIX, $student_id, $student_pin));
 //reset login attempts
 if ($result) {
     $sql = "DELETE FROM %smember_login_attempt WHERE login='******'";
     queryDB($sql, array(TABLE_PREFIX, $_POST['login']));
Exemplo n.º 3
function update_term($text, $context, $variable, $term)
    global $addslashes, $db;
    $term = $addslashes(trim($term));
    $text = $addslashes(trim($text));
    $context = $addslashes(trim($context));
    if ($_SESSION['language'] == 'en') {
        $sql = "UPDATE %slanguage_text SET text='%s', revised_date=NOW(), context='%s' WHERE variable='%s' AND term='%s' AND language_code='en'";
        $result = queryDB($sql, array(TABLE_PREFIX, $text, $context, $variable, $term));
    } else {
        $sql = "REPLACE INTO %slanguage_text VALUES ('%s', '%s', '%s', '%s', NOW(), '')";
        $trans = get_html_translation_table(HTML_ENTITIES);
        $trans = array_flip($trans);
        $sql = strtr($sql, $trans);
        $result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['language'], $variable, $term, $text));
    if ($result == 0) {
        echo at_db_error();
        echo '<div class="error">Error: changes not saved!</div>';
        $success_error = '<div class="error">Error: changes not saved!</div>';
        return $success_error;
    } else {
        echo '<div class="feedback2"">Success: changes saved.</div>';
        $success_error = '<div class="feedback2"">Success: changes saved.</div>';
        return $success_error;
Exemplo n.º 4
  * Transverse the tree and update/insert entries based on the updated structure.
  * @param	array	The tree from rebuild(), and the subtree from the recursion.
  * @param	int		the ordering of this subtree respect to its parent.
  * @param	int		parent content id
  * @return	null (nothing to return, it updates the db only)
 private function reconstruct($tree, $order, $content_parent_id, $table_prefix)
     //a content page.
     if (!is_array($tree)) {
         $sql = "UPDATE %scontent SET ordering=%d, content_parent_id=%d WHERE content_id=%d";
         $result = queryDB($sql, array($table_prefix, $order, $content_parent_id, $tree));
         return $result;
     foreach ($tree as $k => $v) {
         if (preg_match('/order\\_([\\d]+)/', $k, $match) == 1) {
             //order layer
             $this->reconstruct($v, $match[1], $content_parent_id, $table_prefix);
             //inherit the previous layer id
         } else {
             //content folder layer
             $sql = "SELECT * FROM %scontent WHERE content_id=%d";
             $old_content_row = queryDB($sql, array($table_prefix, $k), TRUE);
             $sql = 'INSERT INTO %scontent (course_id, content_parent_id, ordering, last_modified, revision, formatting, release_date, keywords, content_path, title, use_customized_head, allow_test_export, content_type) VALUES (' . $old_content_row['course_id'] . ', ' . $content_parent_id . ', ' . $order . ', ' . '\'' . $old_content_row['last_modified'] . '\', ' . $old_content_row['revision'] . ', ' . $old_content_row['formatting'] . ', ' . '\'' . $old_content_row['release_date'] . '\', ' . '\'' . $old_content_row['keywords'] . '\', ' . '\'' . $old_content_row['content_path'] . '\', ' . '\'' . $old_content_row['title'] . '\', ' . $old_content_row['use_customized_head'] . ', ' . $old_content_row['allow_test_export'] . ', ' . '1)';
             $result = queryDB($sql, array($table_prefix));
             if ($result > 0) {
                 $folder_id = at_insert_id();
                 $this->reconstruct($v, '', $folder_id, $table_prefix);
             } else {
                 //throw error
                 echo at_db_error();
Exemplo n.º 5
/* This program is free software. You can redistribute it and/or*/
/* modify it under the terms of the GNU General Public License  */
/* as published by the Free Software Foundation.				*/
// $Id$
define('AT_INCLUDE_PATH', '../../../include/');
$_user_location = 'public';
include AT_INCLUDE_PATH . 'vitals.inc.php';
include AT_SOCIAL_INCLUDE . 'classes/Application.class.php';
if (empty($_GET['st']) || empty($_GET['name']) || !isset($_GET['value'])) {
    header("HTTP/1.0 400 Bad Request", true);
    echo "<html><body><h1>400 - Bad Request</h1></body></html>";
} else {
    try {
        $st = urldecode(base64_decode($_GET['st']));
        $key = urldecode($_GET['name']);
        $value = urldecode($_GET['value']);
        $token = BasicSecurityToken::createFromToken($st, 15 * 60);
        //TODO: Change 3600 to a constant
        $app_id = $token->getAppId();
        //	$viewer = $token->getViewerId();
        $app = new Application($app_id);
        $result = $app->setApplicationSettings($_SESSION['member_id'], $key, $value);
        if (!$result) {
            echo "<html><body><h1>500 - SQL Error: </h1>" . at_db_error() . "</body></html>";
    } catch (Exception $e) {
        header("HTTP/1.0 400 Bad Request", true);
        echo "<html><body><h1>400 - Bad Request</h1>" . $e->getMessage() . "</body></html>";