// Create quiz entries if don't already exist
// Load existing quizzes
$all_quizzes = new Quizzes();
$quiz_array = $qdb->getQuizzesAll();
// add this one to allQuizzes
foreach ($quiz_array as $this_quiz_array) {
$all_quizzes->addQuiz(new Quiz($this_quiz_array));
}
if ($debug) {
print "Checking for new quizzes <br />\n";
}
// Now look at old quiznames and check if they exist
// use the validateQuizname function on the $all_quizzes
foreach ($quiznames as $key => $value) {
// not found so create
if ($all_quizzes->validateQuizname($key) == false) {
if ($debug) {
print "New quiz found {$key} <br />\n";
}
$new_quiz = array();
// use new_quizname as well as the array to make it easier to follow (rather than nesting arrays)
$new_quizname = $new_quiz['quizname'] = $key;
$new_quiz['title'] = $quiznames[$new_quizname];
$new_quiz['numquestions'] = $numquestions[$new_quizname];
// offline quiz was not set on a per quiz basis on old version
// set the same as online and then use enable to turn on / off
$new_quiz['numquestionsoffline'] = $new_quiz['numquestions'];
$new_quiz['quizintro'] = $quizintro[$new_quizname];
// priority is a new setting
$new_quiz['priority'] = 1;
// if offline previously enabled then set appropriate - otherwise set to disabled
// we save even if no changes - more work for sql, but less checking within PHP
$qdb->updateQuiz($post_details);
}
if ($debug) {
print "\nSave completed - quiznname is {$quizname}\n";
}
// if it's a new one we have just created now change to edit and add this quiz
if ($action == 'new') {
$action = 'edit';
$message .= "<p class=\"" . CSS_CLASS_ADMIN_EDIT_MESSAGE . "\">New quiz saved</p>";
} else {
$message .= "<p class=\"" . CSS_CLASS_ADMIN_EDIT_MESSAGE . "\">Changes saved</p>";
}
} elseif (isset($_GET['quiz']) && ctype_alnum($_GET['quiz'])) {
// check it's valid existing
if ($all_quizzes->validateQuizname($_GET['quiz'])) {
$quizname = $_GET['quiz'];
$action = 'edit';
} else {
$err = Errors::getInstance();
$err->errorEvent(ERROR_PARAMETER, "Invalid quizname");
exit(0);
}
} elseif (isset($_GET['action']) && $_GET['action'] == 'new') {
$action = 'new';
} else {
$err = Errors::getInstance();
$err->errorEvent(ERROR_PARAMETER, "Missing action request");
exit(0);
}
// no quizname for edit - error and back to index page
// Very important
// todo
// validate field input
$quiz = $_POST['quizname'];
//first check that this is just a string - no
if (!ctype_alnum($quiz)) {
$err = Errors::getInstance();
$err->errorEvent(ERROR_SECURITY, "Error security violation - quizname is invalid");
exit(0);
}
// set quiztype to offline
$quiz_type = 'offline';
//check that this is a valid quizname
// handle this as a warning using the errorEvent - we then provide a more user friendly error
// this is not a security event, but is still wrong
if (!$all_quizzes->validateQuizname($quiz)) {
// include header for menu / error display
$templates->includeTemplate('header', 'normal');
// we handle error in more user friendly way than if we suspect attempt to hack
$err = Errors::getInstance();
$err->errorEvent(WARNING_PARAMETER, "Warning parameter incorrect - quizname is invalid");
print "<h3>Invalid quizname specified</h3>\n";
printMenu($all_quizzes);
$templates->includeTemplate('footer', 'normal');
exit(0);
} else {
if ($debug) {
print "Getting Quiz \n";
}
// Get quizobject for this particular quiz
$this_quiz = $all_quizzes->getQuiz($quiz);
} else {
$action = 'save';
}
// we validate all details before storing them into an array (we then use this to save to DB)
$post_details = array();
// store quizzes seperately as those are not saved in the question table in the DB
$post_quizzes = array();
// Quizzes
// we need to check all possible quizzes
if ($debug) {
print "Quizzes: ";
}
for ($i = 0; $i < $all_quizzes->count(); $i++) {
if (isset($_POST["quiz_" . $i])) {
// only add if is a valid quiz - if invalid we just ignore
if ($all_quizzes->validateQuizname($_POST["quiz_" . $i])) {
$post_quizzes[] = $_POST["quiz_" . $i];
if ($debug) {
print $_POST["quiz_" . $i] . " ";
}
}
}
}
if ($debug) {
print "\n";
}
// If this is just a next no save
// this will redirect with a header - we do not continue after this point
if ($action == 'next') {
getNextQuestion($questionid);
// exit not really neccessary - makes it obvious we are not continuing
