Beispiel #1
0
 function displayError()
 {
     displayerror('Error! Could not generate captcha.<br />' . join($this->errors, '<br />'));
     /*
           $iheight     = count($this->errors) * 20 + 10;
           $iheight     = ($iheight < 130) ? 130 : $iheight;
     
           $image       = imagecreate(600, $iheight);
     
           $errorsign   = imagecreatefromjpeg('gfx/errorsign.jpg');
           imagecopy($image, $errorsign, 1, 1, 1, 1, 180, 120);
     
           $bgcolor     = imagecolorallocate($image, 255, 255, 255);
     
           $stringcolor = imagecolorallocate($image, 0, 0, 0);
     
           for ($i = 0; $i < count($this->errors); $i++)
           {
     
             $imx = ($i == 0) ? $i * 20 + 5 : $i * 20;
     
     
             $msg = 'Error[' . $i . ']: ' . $this->errors[$i];
     
             imagestring($image, 5, 190, $imx, $msg, $stringcolor);
     
       	  }
     
           imagepng($image);
     
           imagedestroy($image);*/
 }
Beispiel #2
0
function saveToLog($query, $elapsed, $results)
{
    global $sph_mysql_table_prefix;
    if ($results == '') {
        $results = 0;
    }
    $query = "insert into " . $sph_mysql_table_prefix . "query_log (query, time, elapsed, results) values ('{$query}', now(), '{$elapsed}', '{$results}')";
    if (!mysql_query($query)) {
        displayerror(mysql_error());
    }
}
Beispiel #3
0
 function execute()
 {
     if (isset($this->pv['tablename'])) {
         $this->make_query();
         $fields = explode(";", $this->query);
         foreach ($fields as $tok) {
             if ($tok == "") {
                 continue;
             }
             @($result = mysql_query($tok));
             if (!$result) {
                 displayerror("Error line 42 (tbman_executer.lib.php): " . mysql_error());
                 return;
             }
         }
     }
     require_once "tbman_renderer.lib.php";
     $rendertable = new tbman($this->externalquery);
     $rendertable->formaction = $this->formaction;
     return $rendertable->make_table();
 }
Beispiel #4
0
 private static function moveUserToInternal($userEmail, $userId)
 {
     $query = "SELECT `page_modulecomponentid` FROM `newsletter_externalusers` WHERE `user_email` = '{$userEmail}'";
     $result = mysql_query($query);
     while ($row = mysql_fetch_row($result)) {
         if (!isInternalUserRegistered($userId, $row[0], false)) {
             $insertQuery = "INSERT INTO `newsletter_users`(`page_modulecomponentid`, `newsletter_subscriptiontype`, `user_id`, `user_joindatetime`) VALUES ({$row[0]}, 'user', {$userId}, NOW())";
             if (!mysql_query($insertQuery)) {
                 displayerror('Could not add user to internal list.');
             } else {
                 $deleteQuery = "DELETE FROM `newsletter_externalusers` WHERE `page_modulecomponentid` = {$row[0]} AND `user_email` = '{$userEmail}'";
                 if (!mysql_query($deleteQuery)) {
                     displayerror('Could not remove user from external list.');
                 }
             }
         } else {
             $deleteQuery = "DELETE FROM `newsletter_externalusers` WHERE `page_modulecomponentid` = {$row[0]} AND `user_email` = '{$userEmail}'";
             if (!mysql_query($deleteQuery)) {
                 displayerror('Could not remove user from external list.');
             }
         }
     }
 }
Beispiel #5
0
 function tbman($querystring)
 {
     $this->tablename = $this->get_tablename_from_query($querystring);
     $this->querystring = $querystring;
     //  echo "<br/>querystring in tbman_renderer.lib.php: ".$querystring;
     @($result = mysql_query($querystring));
     //@suppresses error messages
     if (!$result) {
         // and allows to put custom error messages like this one - Error: (used here)
         displayerror("Error(tbman_renderer.lib.php): " . mysql_error());
         return;
     } else {
         $this->result = $result;
     }
     if (stristr($querystring, "select")) {
         $this->editable = "yes";
     }
     global $urlRequestRoot;
     global $cmsFolder, $sourceFolder;
     global $templateFolder;
     $this->imagePath = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images";
     $this->scriptPath = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts";
 }
Beispiel #6
0
 public function actionManage()
 {
     $display .= "<h2>Manage Polls</h2><br />";
     if (isset($_POST['save'])) {
         if ($_POST['q'] == NULL) {
             displayerror('Enter a Valid Question');
         } else {
             if ($_POST['o1'] == NULL || $_POST['o2'] == NULL) {
                 displayerror('Enter Atleast Two Options');
             } else {
                 if ($_POST['multi'] == NULL) {
                     displayerror('Choose `Yes` or `No` for Multiple Option ');
                 } else {
                     $q = htmlspecialchars(escape($_POST['q']));
                     $multi = escape($_POST['multi']);
                     if ($multi == 'y') {
                         $multi = 1;
                     } else {
                         $multi = 0;
                     }
                     $pid = escape($_POST['pid']);
                     $o1 = htmlspecialchars(escape($_POST['o1']));
                     $o2 = htmlspecialchars(escape($_POST['o2']));
                     $o3 = htmlspecialchars(escape($_POST['o3']));
                     $o4 = htmlspecialchars(escape($_POST['o4']));
                     $o5 = htmlspecialchars(escape($_POST['o5']));
                     $o6 = htmlspecialchars(escape($_POST['o6']));
                     displayinfo('Poll Question Updated Succesfully');
                     $query = "UPDATE `poll_content` SET `ques` = '{$q}',`o1` = '{$o1}',`o2` = '{$o2}',`o3` = '{$o3}',`o4` = '{$o4}',`o5` = '{$o5}',`o6` = '{$o6}',`multiple_opt` = '{$multi}' WHERE `pid` = {$pid} AND `page_modulecomponentid`='{$this->moduleComponentId}'";
                     mysql_query($query);
                 }
             }
         }
         return $this->actionView();
     }
     if (isset($_POST['insert'])) {
         if ($_POST['q'] == NULL) {
             displayerror('Enter a Valid Question');
         } else {
             if ($_POST['o1'] == NULL || $_POST['o2'] == NULL) {
                 displayerror('Enter Atleast Two Options');
             } else {
                 if ($_POST['multi'] == NULL) {
                     displayerror('Choose `Yes` or `No` for Multiple Option ');
                 } else {
                     displayinfo('Poll Question Added Succesfully');
                     $query = "INSERT INTO `poll_content` (`page_modulecomponentid`,`ques` ,`o1` ,`o2` ,`o3` ,`o4` ,`o5` ,`o6` ,`visibility`)\n\t\t\t\t\t\tVALUES ('{$this->moduleComponentId}','" . htmlspecialchars(escape($_POST['q'])) . "','" . htmlspecialchars(escape($_POST['o1'])) . "','" . htmlspecialchars(escape($_POST['o2'])) . "','" . htmlspecialchars(escape($_POST['o3'])) . "','" . htmlspecialchars(escape($_POST['o4'])) . "','" . htmlspecialchars(escape($_POST['o5'])) . "','" . htmlspecialchars(escape($_POST['o6'])) . "','1')";
                     $result = mysql_query($query);
                     if ($_POST['multi'] == 'y') {
                         $query5 = "UPDATE `poll_content` SET `multiple_opt`='1' WHERE `ques`='" . htmlspecialchars(escape($_POST['q'])) . "' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
                         $result5 = mysql_query($query5);
                     }
                     $query0 = "SELECT max(`pid`) from `poll_content` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'";
                     $result0 = mysql_query($query0);
                     $row0 = mysql_fetch_array($result0);
                     $query1 = "INSERT INTO `poll_log` (`pid`,`page_modulecomponentid`) VALUES ('" . $row0[0] . "','{$this->moduleComponentId}')";
                     $result1 = mysql_query($query1);
                 }
             }
         }
     }
     if (isset($_POST['disable'])) {
         $pollid = escape($_POST['ques1']);
         $query3 = "SELECT * FROM `poll_content` WHERE `pid`= '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
         $result3 = mysql_query($query3);
         $nop = mysql_num_rows($result3);
         if ($nop == 1) {
             $query4 = "UPDATE `poll_content` SET `visibility`='0' WHERE `pid`= '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
             $result4 = mysql_query($query4);
         }
         displayinfo("Poll Question Disabled");
     }
     if (isset($_POST['edit'])) {
         $pollid = escape($_POST['ques0']);
         $query = "SELECT * FROM `poll_content` WHERE `pid` = '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
         $row = mysql_fetch_array(mysql_query($query));
         $ques = $row['ques'];
         $o1 = $row['o1'];
         $o2 = $row['o2'];
         $o3 = $row['o3'];
         $o4 = $row['o4'];
         $o5 = $row['o5'];
         $o6 = $row['o6'];
         $m = $row['multiple_opt'];
         $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Edit</h3>&nbsp;&nbsp;Questions added are 'Enabled/Visible' by default <br /><br />";
         $display .= "<div align='center'><form name='f5' method='POST' action='./+manage'>";
         $display .= "Question:<br /><textarea rows='4' cols='20' name='q'>{$ques}</textarea><br /><br />";
         $display .= "<br />";
         $display .= "Enter the options applicable; leave blank otherwise. <br />";
         $display .= "1.&nbsp;<input type='text' name='o1' value='{$o1}' /><br />";
         $display .= "2.&nbsp;<input type='text' name='o2' value='{$o2}' /><br />";
         $display .= "3.&nbsp;<input type='text' name='o3' value='{$o3}' /><br />";
         $display .= "4.&nbsp;<input type='text' name='o4' value='{$o4}' /><br />";
         $display .= "5.&nbsp;<input type='text' name='o5' value='{$o5}' /><br />";
         $display .= "6.&nbsp;<input type='text' name='o6' value='{$o6}' /><br /><br />";
         $display .= "Can the user choose multiple options?<br />";
         if ($m == 1) {
             $display .= "<input type='radio' name='multi' value='y' checked> Yes &nbsp;&nbsp;&nbsp;&nbsp;";
             $display .= "<input type='radio' name='multi' value='n'> No <br /><br />";
         } else {
             $display .= "<input type='radio' name='multi' value='y'> Yes &nbsp;&nbsp;&nbsp;&nbsp;";
             $display .= "<input type='radio' name='multi' value='n' checked> No <br /><br />";
         }
         $display .= "<input type='hidden' name='pid' value='{$pollid}' />";
         $display .= "<input type='submit' name='save' value=' Save ' /><br /><br />";
         $display .= "</form></div></td></tr></table>";
     }
     if (isset($_POST['enable'])) {
         $pollid = escape($_POST['ques2']);
         $query3 = "SELECT * FROM `poll_content` WHERE `pid`= '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
         $result3 = mysql_query($query3);
         $nop = mysql_num_rows($result3);
         if ($nop == 1) {
             $query4 = "UPDATE `poll_content` SET `visibility`='1' WHERE `pid`= '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
             $result4 = mysql_query($query4);
         }
         displayinfo("Poll Question Enabled");
     }
     if (isset($_POST['delete'])) {
         $pollid = escape($_POST['ques3']);
         $query4 = "DELETE FROM `poll_log` WHERE `pid`='{$pollid}'";
         $result4 = mysql_query($query4);
         $query5 = "DELETE FROM `poll_content` WHERE `pid`='{$pollid}'";
         $result5 = mysql_query($query5);
         displayinfo("Poll Question Deleted");
     }
     ///Adding a poll question
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Add Poll Question</h3>&nbsp;&nbsp;Questions added are 'Enabled/Visible' by default <br /><br />";
     $display .= "<div align='center'><form name='f1' method='POST' action='./+manage'>";
     $display .= "Question:<br /><textarea rows='4' cols='20' name='q'></textarea><br /><br />";
     $display .= "<br />";
     $display .= "Enter the options applicable; leave blank otherwise. <br />";
     $display .= "1.&nbsp;<input type='text' name='o1' /><br />";
     $display .= "2.&nbsp;<input type='text' name='o2' /><br />";
     $display .= "3.&nbsp;<input type='text' name='o3' /><br />";
     $display .= "4.&nbsp;<input type='text' name='o4' /><br />";
     $display .= "5.&nbsp;<input type='text' name='o5' /><br />";
     $display .= "6.&nbsp;<input type='text' name='o6' /><br /><br />";
     $display .= "Can the user choose multiple options?<br />";
     $display .= "<input type='radio' name='multi' value='y'> Yes &nbsp;&nbsp;&nbsp;&nbsp;";
     $display .= "<input type='radio' name='multi' value='n'> No <br /><br />";
     $display .= "<input type='submit' name='insert' value='Add Poll Question' /><br /><br />";
     $display .= "</form></div></td></tr></table>";
     ///Edit a poll question
     $q0 = "SELECT * FROM `poll_content` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'";
     $r0 = mysql_query($q0);
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Edit Poll Question</h3>";
     $display .= "<div align='center'><form name='f4' method='POST' action='./+manage'>";
     if (mysql_num_rows($r0) == 0) {
         $display .= "No poll questions exist currently.";
     } else {
         $display .= "<select name='ques0'>";
         $n0 = mysql_num_rows($r0);
         for ($i = 1; $i <= $n0; $i++) {
             $row0 = mysql_fetch_array($r0);
             $display .= "<option value='" . $row0['pid'] . "'>" . $row0['ques'];
         }
         $display .= "</select><br /><br />";
         $display .= "<input type='submit' name='edit' value=' Edit ' /><br /><br />";
     }
     $display .= "</form></div></td></tr></table>";
     ///Disable a poll question
     $q1 = "SELECT * FROM `poll_content` WHERE `visibility`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
     $r1 = mysql_query($q1);
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Disable Poll Question</h3>";
     $display .= "<div align='center'><form name='f2' method='POST' action='./+manage'>";
     if (mysql_num_rows($r1) == 0) {
         $display .= "All Poll Questions are Currently Disabled!";
     } else {
         $display .= "<select name='ques1'>";
         $n1 = mysql_num_rows($r1);
         for ($i = 1; $i <= $n1; $i++) {
             $row1 = mysql_fetch_array($r1);
             $display .= "<option value='" . $row1['pid'] . "'>" . $row1['ques'];
         }
         $display .= "</select><br /><br />";
         $display .= "<input type='submit' name='disable' value=' Disable ' /><br /><br />";
     }
     $display .= "</form></div></td></tr></table>";
     ///Enable a poll question
     $q2 = "SELECT * FROM `poll_content` WHERE `visibility`='0' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
     $r2 = mysql_query($q2);
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Enable Poll Question</h3>";
     $display .= "<div align='center'><form name='f3' method='POST' action='./+manage'>";
     if (mysql_num_rows($r2) == 0) {
         $display .= "All Poll Questions are Currently Enabled!<br /><br />";
     } else {
         $display .= "<select name='ques2'>";
         while ($row2 = mysql_fetch_array($r2)) {
             $display .= "<option value='" . $row2['pid'] . "'>" . $row2['ques'];
         }
         $display .= "</select><br /><br />";
         $display .= "<input type='submit' name='enable' value=' Enable ' /><br /><br />";
     }
     $display .= "</form></div></td></tr></table>";
     ///Delete a poll question
     $q3 = "SELECT * FROM `poll_content` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'";
     $r3 = mysql_query($q3);
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Delete Poll Question</h3>";
     $display .= "<div align='center'><form name='f3' method='POST' action='./+manage'>";
     if (mysql_num_rows($r1) == 0) {
         $display .= "No poll questions exist currently.";
     } else {
         $display .= "<select name='ques3'>";
         $n3 = mysql_num_rows($r3);
         for ($i = 1; $i <= $n3; $i++) {
             $row3 = mysql_fetch_array($r3);
             $display .= "<option value='" . $row3['pid'] . "'>" . $row3['ques'];
         }
         $display .= "</select><br /><br />";
         $display .= "<input type='submit' name='delete' value=' Delete ' /><br /><br />";
     }
     $display .= "</form></div></td></tr></table>";
     return $display;
 }
Beispiel #7
0
/**
 * function submitQuestionEditForm:
 * updates question properties in database when a question edit form is submitted.
 * for objective answers also the options are updated
 */
function submitQuestionEditForm($quizId, $sectionId, $questionId)
{
    $updates = array();
    $done = true;
    if (isset($_POST['txtQuestion'])) {
        $updates[] = "`quiz_question` = '" . escape($_POST['txtQuestion']) . "'";
    }
    if (isset($_POST['selQuestionType']) && in_array($_POST['selQuestionType'], array_keys(getQuestionTypes()))) {
        $updates[] = "`quiz_questiontype` = '" . escape($_POST['selQuestionType']) . "'";
    } else {
        displayerror('No or invalid question type specified.');
        return false;
    }
    if (isset($_POST['txtQuestionWeight']) && is_numeric($_POST['txtQuestionWeight']) && $_POST['txtQuestionWeight'] > 0) {
        $updates[] = "`quiz_questionweight` = " . escape($_POST['txtQuestionWeight']);
    }
    deleteQuestionOptions($quizId, $sectionId, $questionId);
    $questionType = escape($_POST['selQuestionType']);
    if ($questionType != 'subjective') {
        $i = 0;
        $rightAnswer = array();
        while (true) {
            if (!isset($_POST['txtOptionText' . $i]) || $_POST["txtOptionText{$i}"] == '') {
                break;
            }
            $optionText = escape($_POST['txtOptionText' . $i]);
            $insertQuery = "INSERT INTO `quiz_objectiveoptions`(`page_modulecomponentid`, `quiz_sectionid`, `quiz_questionid`, `quiz_optiontext`, `quiz_optionrank`) " . "SELECT '{$quizId}', '{$sectionId}', '{$questionId}', '{$optionText}', IFNULL(MAX(`quiz_optionrank`), 0) + 1 FROM `quiz_objectiveoptions` WHERE `page_modulecomponentid` = '{$quizId}' AND `quiz_sectionid` = '{$sectionId}' AND `quiz_questionid` = '{$questionId}' LIMIT 1";
            if (!mysql_query($insertQuery)) {
                displayerror('Database Error. Could not insert options.');
                return false;
            }
            $optionId = mysql_insert_id();
            if ($questionType == 'sso' && isset($_POST['optOption']) && $_POST['optOption'] == $i || $questionType == 'mso' && isset($_POST['chkOption' . $i])) {
                $rightAnswer[] = $optionId;
            }
            ++$i;
        }
        if (!isset($rightAnswer[0])) {
            displayerror('No options specified for objective answer');
            $done = false;
        }
        $rightAnswer = implode('|', $rightAnswer);
    } else {
        $rightAnswer = isset($_POST['txtRightAnswer']) ? safe_html($_POST['txtRightAnswer']) : '';
    }
    $updates[] = "`quiz_rightanswer` = '{$rightAnswer}'";
    $updateQuery = "UPDATE `quiz_questions` SET " . implode(', ', $updates) . " WHERE `page_modulecomponentid` = {$quizId} AND `quiz_sectionid` = '{$sectionId}' AND `quiz_questionid` = '{$questionId}'";
    if (!mysql_query($updateQuery)) {
        displayerror('Database Error. Could not save section details. ' . $updateQuery . ' ' . mysql_error());
        return false;
    }
    return $done;
}
Beispiel #8
0
function handleUserMgmt()
{
    global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder, $sourceFolder;
    require_once "{$sourceFolder}/{$moduleFolder}/form/viewregistrants.php";
    if (isset($_GET['userid'])) {
        $_GET['userid'] = escape($_GET['userid']);
    }
    if (isset($_POST['editusertype'])) {
        $_POST['editusertype'] = escape($_POST['editusertype']);
    }
    if (isset($_POST['user_selected_activate'])) {
        foreach ($_POST as $key => $var) {
            if (substr($key, 0, 9) == "selected_") {
                if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='" . substr($key, 9) . "'")) {
                    $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'");
                    if ($result) {
                        $row = mysql_fetch_assoc($result);
                        displayerror("Couldn't activate user, {$row['user_fullname']}");
                    }
                }
            }
        }
        return registeredUsersList($_POST['editusertype'], "edit", false);
    }
    if (isset($_POST['user_selected_deactivate'])) {
        foreach ($_POST as $key => $var) {
            if (substr($key, 0, 9) == "selected_") {
                if ((int) substr($key, 9) == ADMIN_USERID) {
                    displayerror("You cannot deactivate administrator!");
                    continue;
                }
                if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='" . substr($key, 9) . "'")) {
                    $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'");
                    if ($result) {
                        $row = mysql_fetch_assoc($result);
                        displayerror("Couldn't deactivate user, {$row['user_fullname']}");
                    }
                }
            }
        }
        return registeredUsersList($_POST['editusertype'], "edit", false);
    }
    if (isset($_POST['user_selected_delete'])) {
        $done = true;
        foreach ($_POST as $key => $var) {
            if (substr($key, 0, 9) == "selected_") {
                if ((int) substr($key, 9) == ADMIN_USERID) {
                    displayerror("You cannot delete administrator!");
                    continue;
                }
                $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . substr($key, 9) . "'";
                if (mysql_query($query)) {
                    $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '" . substr($key, 9) . "'";
                    if (!mysql_query($query)) {
                        $done = false;
                    }
                } else {
                    $done = false;
                }
            }
        }
        if (!$done) {
            displayerror("Some problem in deleting selected users");
        }
        return registeredUsersList($_POST['editusertype'], "edit", false);
    }
    if (isset($_POST['user_activate'])) {
        $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='{$_GET['userid']}'";
        if (mysql_query($query)) {
            displayInfo("User Successfully Activated!");
        } else {
            displayerror("User Not Activated!");
        }
        return registeredUsersList($_POST['editusertype'], "edit", false);
    } else {
        if (isset($_POST['activate_all_users'])) {
            $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1";
            if (mysql_query($query)) {
                displayInfo("All users activated successfully!");
            } else {
                displayerror("Users Not Deactivated!");
            }
            return;
        } else {
            if (isset($_POST['user_deactivate'])) {
                if ($_GET['userid'] == ADMIN_USERID) {
                    displayError("You cannot deactivate administrator!");
                    return registeredUsersList($_POST['editusertype'], "edit", false);
                }
                $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='{$_GET['userid']}'";
                if (mysql_query($query)) {
                    displayInfo("User Successfully Deactivated!");
                } else {
                    displayerror("User Not Deactivated!");
                }
                return registeredUsersList($_POST['editusertype'], "edit", false);
            } else {
                if (isset($_POST['deactivate_all_users'])) {
                    $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id != " . ADMIN_USERID;
                    if (mysql_query($query)) {
                        displayInfo("All users deactivated successfully except Administrator!");
                    } else {
                        displayerror("Users Not Deactivated!");
                    }
                    return;
                } else {
                    if (isset($_POST['user_delete'])) {
                        $userId = $_GET['userid'];
                        if ($userId == ADMIN_USERID) {
                            displayError("You cannot delete administrator!");
                            return registeredUsersList($_POST['editusertype'], "edit", false);
                        }
                        $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '{$userId}'";
                        if (mysql_query($query)) {
                            $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '{$userId}'";
                            if (mysql_query($query)) {
                                displayinfo("User Successfully Deleted!");
                            } else {
                                displayerror("User not deleted from OpenID database!");
                            }
                        } else {
                            displayerror("User Not Deleted!");
                        }
                        return registeredUsersList($_POST['editusertype'], "edit", false);
                    } else {
                        if (isset($_POST['user_info']) || isset($_POST['user_info_update'])) {
                            if (isset($_POST['user_info_update'])) {
                                $updates = array();
                                $userId = $_GET['userid'];
                                $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$userId}'";
                                $row = mysql_fetch_assoc(mysql_query($query));
                                $errors = false;
                                if (isset($_POST['user_name']) && $row['user_name'] != $_POST['user_name']) {
                                    $chkquery = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='" . escape($_POST['user_name']) . "'";
                                    $result = mysql_query($chkquery) or die("failed  : {$chkquery}");
                                    if (mysql_num_rows($result) > 0) {
                                        displayerror("User Name already exists in database!");
                                        $errors = true;
                                    }
                                }
                                if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $row['user_name']) {
                                    $updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'";
                                }
                                if (isset($_POST['user_email']) && $_POST['user_email'] != '' && $_POST['user_email'] != $row['user_email']) {
                                    $updates[] = "`user_email` = '" . escape($_POST['user_email']) . "'";
                                }
                                if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $row['user_fullname']) {
                                    $updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'";
                                }
                                if ($_POST['user_password'] != '') {
                                    if ($_POST['user_password'] != $_POST['user_password2']) {
                                        displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');
                                        $errors = true;
                                    } else {
                                        if (md5($_POST['user_password']) != $row['user_password']) {
                                            $updates[] = "`user_password` = MD5('{$_POST['user_password']}')";
                                        }
                                    }
                                }
                                if (isset($_POST['user_regdate']) && $_POST['user_regdate'] != '' && $_POST['user_regdate'] != $row['user_regdate']) {
                                    $updates[] = "`user_regdate` = '" . escape($_POST['user_regdate']) . "'";
                                }
                                if (isset($_POST['user_lastlogin']) && $_POST['user_lastlogin'] != '' && $_POST['user_lastlogin'] != $row['user_lastlogin']) {
                                    $updates[] = "`user_lastlogin` = '" . escape($_POST['user_lastlogin']) . "'";
                                }
                                if ($_GET['userid'] != ADMIN_USERID && (isset($_POST['user_activated']) ? 1 : 0) != $row['user_activated']) {
                                    $checked = isset($_POST['user_activated']) ? 1 : 0;
                                    $updates[] = "`user_activated` = {$checked}";
                                }
                                if (isset($_POST['user_loginmethod']) && $_POST['user_loginmethod'] != '' && $_POST['user_loginmethod'] != $row['user_loginmethod']) {
                                    $updates[] = "`user_loginmethod` = '" . escape($_POST['user_loginmethod']) . "'";
                                    if ($_POST['user_loginmethod'] != 'db') {
                                        displaywarning("Please make sure " . strtoupper(escape($_POST['user_loginmethod'])) . " is configured properly, otherwise the user will not be able to login to the website.");
                                    }
                                }
                                if (!$errors) {
                                    if (count($updates) > 0) {
                                        $profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = " . escape($_GET['userid']) . "'";
                                        $profileResult = mysql_query($profileQuery);
                                        if (!$profileResult) {
                                            displayerror('An error was encountered while attempting to process your request.' . $profileQuery);
                                            $errors = true;
                                        }
                                    }
                                    global $sourceFolder, $moduleFolder;
                                    require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
                                    require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
                                    if (!$errors && !submitRegistrationForm(0, $userId, true, true)) {
                                        displayerror('An error was encountered while attempting to process your request.' . $profileQuery);
                                        $errors = true;
                                    } else {
                                        displayinfo('All fields updated successfully!');
                                    }
                                }
                            }
                            $userid = $_GET['userid'];
                            $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`={$userid}";
                            $columnList = getColumnList(0, false, false, false, false, false);
                            $xcolumnIds = array_keys($columnList);
                            $xcolumnNames = array_values($columnList);
                            $row = mysql_fetch_assoc(mysql_query($query));
                            $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
                            $userinfo = "<fieldset><legend>Edit User Information</legend><form name='user_info_edit' action='./+admin&subaction=useradmin&userid={$userid}' method='post'>";
                            $usertablefields = array_merge(getTableFieldsName('users'), $xcolumnNames);
                            for ($i = 0; $i < count($usertablefields); $i++) {
                                if (isset($_POST[$usertablefields[$i] . '_sel'])) {
                                    $userinfo .= "<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>";
                                }
                            }
                            $userinfo .= "<input type='hidden' name='not_first_time' />";
                            $userinfo .= userProfileForm($userfieldprettynames, $row, false, true);
                            $userinfo .= "<input type='submit' value='Update' name='user_info_update' />\n\t\t<input type='reset' value='Reset' /></form></fieldset>";
                            return $userinfo;
                        } else {
                            if (isset($_POST['view_reg_users']) || isset($_POST['save_reg_users_excel'])) {
                                return registeredUsersList("all", "view", false);
                            } else {
                                if (isset($_POST['edit_reg_users'])) {
                                    return registeredUsersList("all", "edit", false);
                                } else {
                                    if (isset($_POST['view_activated_users']) || isset($_POST['save_activated_users_excel'])) {
                                        return registeredUsersList("activated", "view", false);
                                    } else {
                                        if (isset($_POST['edit_activated_users'])) {
                                            return registeredUsersList("activated", "edit", false);
                                        } else {
                                            if (isset($_POST['view_nonactivated_users']) || isset($_POST['save_nonactivated_users_excel'])) {
                                                return registeredUsersList("nonactivated", "view", false);
                                            } else {
                                                if (isset($_POST['edit_nonactivated_users'])) {
                                                    return registeredUsersList("nonactivated", "edit", false);
                                                } else {
                                                    if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'search') {
                                                        $results = "";
                                                        $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
                                                        $usertablefields = getTableFieldsName('users');
                                                        $first = true;
                                                        $qstring = "";
                                                        foreach ($usertablefields as $field) {
                                                            if (isset($_POST[$field]) && $_POST[$field] != '') {
                                                                if ($first == false) {
                                                                    $qstring .= $_POST['user_search_op'] == 'and' ? " AND " : " OR ";
                                                                }
                                                                $val = escape($_POST[$field]);
                                                                if ($field == 'user_activated') {
                                                                    ${$field . '_lastval'} = $val = isset($_POST[$field]) ? 1 : 0;
                                                                } else {
                                                                    ${$field . '_lastval'} = $val;
                                                                }
                                                                $qstring .= "`{$field}` LIKE CONVERT( _utf8 '%{$val}%'USING latin1 ) ";
                                                                $first = false;
                                                            }
                                                        }
                                                        if ($qstring != "") {
                                                            $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE {$qstring} ";
                                                            $resultSearch = mysql_query($query);
                                                            if (mysql_num_rows($resultSearch) > 0) {
                                                                $num = mysql_num_rows($resultSearch);
                                                                $userInfo = array();
                                                                while ($row = mysql_fetch_assoc($resultSearch)) {
                                                                    $userInfo['user_id'][] = $row['user_id'];
                                                                    $userInfo['user_name'][] = $row['user_name'];
                                                                    $userInfo['user_email'][] = $row['user_email'];
                                                                    $userInfo['user_fullname'][] = $row['user_fullname'];
                                                                    $userInfo['user_password'][] = $row['user_password'];
                                                                    $userInfo['user_lastlogin'][] = $row['user_lastlogin'];
                                                                    $userInfo['user_regdate'][] = $row['user_regdate'];
                                                                    $userInfo['user_activated'][] = $row['user_activated'];
                                                                    $userInfo['user_loginmethod'][] = $row['user_loginmethod'];
                                                                }
                                                                $results = registeredUsersList("all", "edit", false, $userInfo);
                                                            } else {
                                                                displayerror("No users matched your query!");
                                                            }
                                                        }
                                                        $searchForm = "<form name='user_search_form' action='./+admin&subaction=useradmin&subsubaction=search' method='POST'><h3>Search User</h3>";
                                                        $xcolumnNames = array_keys(getColumnList(0, false, false, false, false, false));
                                                        $usertablefields2 = array_merge($usertablefields, $xcolumnNames);
                                                        for ($i = 0; $i < count($usertablefields2); $i++) {
                                                            if (isset($_POST[$usertablefields2[$i] . '_sel'])) {
                                                                $searchForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
                                                            }
                                                        }
                                                        $searchForm .= "<input type='hidden' name='not_first_time' />";
                                                        $infoarray = array();
                                                        foreach ($usertablefields as $field) {
                                                            if (isset(${$field . '_lastval'})) {
                                                                $infoarray[$field] = ${$field . '_lastval'};
                                                            } else {
                                                                $infoarray[$field] = "";
                                                            }
                                                        }
                                                        $searchForm .= userProfileForm($userfieldprettynames, $infoarray, true, false);
                                                        $searchForm .= "Operation : <input type='radio' name='user_search_op' value='and'  />AND  <input type='radio' name='user_search_op' value='or' checked='true' />OR<br/><br/><input type='submit' onclick name='user_search_submit' value='Search' /><input type='reset' value='Clear' /></form>";
                                                        return $results . $searchForm;
                                                    } else {
                                                        if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'create') {
                                                            $userfieldprettynamesarray = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
                                                            $usertablefields = getTableFieldsName('users');
                                                            if (isset($_POST['create_user_submit'])) {
                                                                $incomplete = false;
                                                                foreach ($usertablefields as $field) {
                                                                    if ($field != 'user_regdate' && $field != 'user_lastlogin' && $field != 'user_activated' && (isset($_POST[$field]) && $_POST[$field] == "")) {
                                                                        displayerror("New user could not be created. Some fields are missing!{$field}");
                                                                        $incomplete = true;
                                                                        break;
                                                                    }
                                                                    ${$field} = escape($_POST[$field]);
                                                                }
                                                                if (!$incomplete) {
                                                                    $user_id = $_GET['userid'];
                                                                    $chkquery = "SELECT COUNT(user_id) FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$user_id}' OR `user_name`='{$user_name}' OR `user_email`='{$user_email}'";
                                                                    $result = mysql_query($chkquery);
                                                                    $row = mysql_fetch_row($result);
                                                                    if ($row[0] > 0) {
                                                                        displayerror("Another user with the same name or email already exists!");
                                                                    } else {
                                                                        if ($user_password != $_POST['user_password2']) {
                                                                            displayerror("Passwords mismatch!");
                                                                        } else {
                                                                            if (isset($_POST['user_activated'])) {
                                                                                $user_activated = 1;
                                                                            }
                                                                            $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` (`user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_regdate` ,`user_lastlogin` ,`user_activated`,`user_loginmethod`)VALUES ('{$user_id}' ,'{$user_name}' ,'{$user_email}' ,'{$user_fullname}' , MD5('{$user_password}') ,CURRENT_TIMESTAMP , '', '{$user_activated}','{$user_loginmethod}')";
                                                                            $result = mysql_query($query) or die(mysql_error());
                                                                            global $sourceFolder, $moduleFolder;
                                                                            require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
                                                                            require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
                                                                            if (mysql_affected_rows() && submitRegistrationForm(0, $user_id, true, true)) {
                                                                                displayinfo("User {$user_fullname} Successfully Created!");
                                                                            } else {
                                                                                displayerror("Failed to create user");
                                                                            }
                                                                        }
                                                                    }
                                                                }
                                                            }
                                                            $nextUserId = getNextUserId();
                                                            $userForm = "<form name='user_create_form' action='./+admin&subaction=useradmin&subsubaction=create&userid={$nextUserId}' method='POST'><h3>Create New User</h3>";
                                                            $xcolumnNames = array_values(getColumnList(0, false, false, false, false, false));
                                                            $usertablefields2 = array_merge($usertablefields, $xcolumnNames);
                                                            $calpath = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}";
                                                            $userForm .= '<link rel="stylesheet" type="text/css" media="all" href="' . $calpath . '/form/calendar/calendar.css" title="Aqua" />' . '<script type="text/javascript" src="' . $calpath . '/form/calendar/calendar.js"></script>';
                                                            for ($i = 0; $i < count($usertablefields2); $i++) {
                                                                if (isset($_POST[$usertablefields2[$i] . '_sel'])) {
                                                                    $userForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
                                                                }
                                                            }
                                                            $userForm .= "<input type='hidden' name='not_first_time' />";
                                                            $infoarray = array();
                                                            foreach ($usertablefields as $field) {
                                                                $infoarray[$field] = "";
                                                            }
                                                            $infoarray['user_id'] = $nextUserId;
                                                            $userForm .= userProfileForm($userfieldprettynamesarray, $infoarray, false, true);
                                                            $userForm .= "<input type='submit' onclick name='create_user_submit' value='Create' /><input type='reset' value='Clear' /></form>";
                                                            return $userForm;
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
Beispiel #9
0
    //Form_value_id=-2 -> Event Name
    while ($getValues = mysql_fetch_assoc($getCertiDetailsRes)) {
        //User Rank
        if ($getValues['form_value_id'] == -1) {
            imagettftext($rotatedImage, 20, 90, $getValues['certificate_posx'], $getValues['certificate_posy'], $color, $font, $userRank);
        } else {
            if ($getValues['form_value_id'] == -2) {
                //Get Event Name
                $getEventNameQuery = "SELECT `event_name` FROM `events_details` WHERE `event_id` = '{$eventId}' AND `page_moduleComponentId` '{$pmcId}'";
                $getEventNameRes = mysql_query($getEventNameQuery) or displayerror(mysql_error());
                $eventName = mysql_result($getEventNameRes, 0);
                imagettftext($rotatedImage, 20, 90, $getValues['certificate_posx'], $getValues['certificate_posy'], $color, $font, $eventName);
            } else {
                //Check if modified value exists in events_edited_form
                $getFormValuesQuery = "SELECT `events_edited_form`.`form_elementdata` FROM `events_edited_form` INNER JOIN `events_form` ON `events_edited_form`.`form_id`=`events_form`.`form_id`\n\t\t\t\tAND `events_form`.`event_id`='{$event_id}' AND `events_form`.`page_moduleComponentId`='{$pmcId}' AND `events_edited_form`.`user_id`='{$userId}' AND `events_edited_form`.`page_moduleComponentId`='{$pmcId}' AND \n\t\t\t\t`events_edited_form`.`form_elementid`='{$getValues['form_value_id']}'";
                $getFormValuesRes = mysql_query($getFormValuesQuery) or displayerror(mysql_error());
                if (mysql_num_rows($getFormValuesRes) == 0) {
                    //Else get value from form_elementdata
                    $getFormValuesQuery = "SELECT `form_elementdata`.`form_elementdata` FROM `form_elementdata` INNER JOIN `events_form` ON `form_elementdata`.`page_moduleComponentId`=`events_form`.`form_id` \n\t\t\t\t\tAND `events_form`.`event_id`='{$eventId}' AND `events_form`.`page_moduleComponentId`='{$pmcId}' AND `form_elementdata`.`user_id`='{$userId}' AND `form_elementdata`.`form_elementid`='{$getValues['form_value_id']}'";
                    $getFormValuesRes = mysql_query($getFormValuesQuery) or displayerror(mysql_error());
                }
                while ($formData = mysql_fetch_assos($getFormValuesRes)) {
                    imagettftext($rotatedImage, 20, 90, $getValues['certificate_posx'], $getValues['certificate_posy'], $color, $font, $formData['form_elementdata']);
                }
            }
        }
    }
}
//imagettftext($rotatedImage, 15, 90, 216, 512, $color, $font, $getCertiImgQuery);
header("Content-type:image/jpeg");
imagejpeg($rotatedImage);
Beispiel #10
0
 /**
  * function getNewQuizObject:
  * returns a object of this quiztype
  */
 private function getNewQuizObject()
 {
     $quizRow = getQuizRow($this->moduleComponentId);
     $quizType = $quizRow['quiz_quiztype'];
     $quizObjectType = ucfirst($quizType) . 'Quiz';
     if (!class_exists($quizObjectType)) {
         displayerror('Error. This type of quiz has not been implemented yet.');
         return false;
     }
     $quizObject = new $quizObjectType($this->moduleComponentId);
     return $quizObject;
 }
Beispiel #11
0
/**
 * Submits the file upload from 
 * @param $moduleComponentId page_modulecomponentid.
 * @param $moduleName The module which is calling this function.
 * @param $userId The user who is uploading the files.
 * @param $maxFileSizeInBytes the maximum permissible size of the files that can be uploaded.
 * @param $uploadableFileTypesArray An array that contains the file types that has been permitted to be uploaded on that page.
 * @param $uploadableFieldName The name of the variable used in forms to upload the file
 *
 * @return mixed : true if any error is found in the upload otherwise array of filenames uploaded
 */
function submitFileUploadForm($moduleComponentId, $moduleName, $userId, $maxFileSizeInBytes = false, $uploadableFileTypesArray = false, $uploadFieldName = 'fileUploadField')
{
    if ($maxFileSizeInBytes === false) {
        $maxFileSizeInBytes = 2 * 1024 * 1024;
    }
    if (isset($_FILES[$uploadFieldName]['error'][0])) {
        $errorCode = $_FILES[$uploadFieldName]['error'][0];
        if ($errorCode == UPLOAD_ERR_NO_FILE) {
            return true;
        }
        if ($errorCode != 0) {
            displayerror("Error in uploading file. " . getFileUploadError($errorCode));
            return true;
        }
        $uploadedFiles = upload($moduleComponentId, $moduleName, $userId, $uploadFieldName, $maxFileSizeInBytes, $uploadableFileTypesArray);
        if (is_array($uploadedFiles) && count($uploadedFiles) > 0) {
            displayinfo("Successfully uploaded file(s) " . join($uploadedFiles, "; ") . ".");
        }
        return $uploadedFiles;
    } else {
        return true;
    }
}
Beispiel #12
0
function getContent($pageId, $action, $userId, $permission, $recursed = 0)
{
    if ($action == "login") {
        if ($userId == 0) {
            ///Commented the requirement of login.lib.php because it is already included in /index.php
            //require_once("login.lib.php");
            $newUserId = login();
            if (is_numeric($newUserId)) {
                return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0);
            } else {
                return $newUserId;
            }
            ///<The login page
        } else {
            displayinfo("You are logged in as " . getUserName($userId) . "! Click <a href=\"./+logout\">here</a> to logout.");
        }
        return getContent($pageId, "view", $userId, getPermissions($userId, $pageId, "view"), $recursed = 0);
    }
    if ($action == "profile") {
        if ($userId != 0) {
            require_once "profile.lib.php";
            return profile($userId);
        } else {
            displayinfo("You need to <a href=\"./+login\">login</a> to view your profile.!");
        }
    }
    if ($action == "logout") {
        if ($userId != 0) {
            $newUserId = resetAuth();
            displayinfo("You have been logged out!");
            global $openid_enabled;
            if ($openid_enabled == 'true') {
                displaywarning("If you logged in via Open ID, make sure you also log out from your Open ID service provider's website. Until then your session in this website will remain active !");
            }
            return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0);
        } else {
            displayinfo("You need to <a href=\"./+login\">login</a> first to logout!");
        }
    }
    if ($action == "search") {
        require_once "search.lib.php";
        $ret = getSearchBox();
        if (isset($_POST['query'])) {
            $ret .= getSearchResultString($_POST['query']);
        } elseif (isset($_GET['query'])) {
            $ret .= getSearchResultString($_GET['query']);
        }
        return $ret;
    }
    if (isset($_GET['subaction']) && $_GET['subaction'] == 'getchildren') {
        if (isset($_GET['parentpath'])) {
            global $urlRequestRoot;
            require_once 'menu.lib.php';
            $pidarr = array();
            parseUrlReal(escape($_GET['parentpath']), $pidarr);
            $pid = $pidarr[count($pidarr) - 1];
            $children = getChildren($pid, $userId);
            $response = array();
            $response['path'] = escape($_GET['parentpath']);
            $response['items'] = array();
            foreach ($children as $child) {
                $response['items'][] = array($urlRequestRoot . '/home' . escape($_GET['parentpath']) . $child[1], $child[2]);
            }
            //echo json_encode($response);
            exit;
        }
    }
    if ($permission != true) {
        if ($userId == 0) {
            $suggestion = "(Try <a href=\"./+login\">logging in?</a>)";
        } else {
            $suggestion = "";
        }
        displayerror("You do not have the permissions to view this page. {$suggestion}<br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
        return '';
    }
    if ($action == "admin") {
        require_once "admin.lib.php";
        return admin($pageId, $userId);
    }
    ///default actions also to be defined here (and not outside)
    /// Coz work to be done after these actions do involve the page
    $pagetype_query = "SELECT page_module, page_modulecomponentid FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_id='" . escape($pageId) . "'";
    $pagetype_result = mysql_query($pagetype_query);
    $pagetype_values = mysql_fetch_assoc($pagetype_result);
    if (!$pagetype_values) {
        displayerror("The requested page does not exist.");
        return "";
    }
    $moduleType = $pagetype_values['page_module'];
    $moduleComponentId = $pagetype_values['page_modulecomponentid'];
    if ($action == "settings") {
        ///<done here because we needed to check if the page exists for sure.
        require_once "pagesettings.lib.php";
        return pagesettings($pageId, $userId);
    }
    if ($action == "widgets") {
        return handleWidgetPageSettings($pageId);
    }
    if ($recursed == 0) {
        $pagetypeupdate_query = "UPDATE " . MYSQL_DATABASE_PREFIX . "pages SET page_lastaccesstime=NOW() WHERE page_id='" . escape($pageId) . "'";
        $pagetypeupdate_result = mysql_query($pagetypeupdate_query);
        if (!$pagetypeupdate_result) {
            return '<div class="cms-error">Error No. 563 - An error has occured. Contact the site administators.</div>';
        }
    }
    if ($moduleType == "link") {
        return getContent($moduleComponentId, $action, $userId, true, 1);
    }
    if ($action == "grant") {
        return grantPermissions($userId, $pageId);
    }
    if ($moduleType == "menu") {
        return getContent(getParentPage($pageId), $action, $userId, true, 1);
    }
    if ($moduleType == "external") {
        $query = "SELECT `page_extlink` FROM `" . MYSQL_DATABASE_PREFIX . "external` WHERE `page_modulecomponentid` =\n\t\t\t\t\t(SELECT `page_modulecomponentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id`= '" . escape($pageId) . "')";
        $result = mysql_query($query);
        $values = mysql_fetch_array($result);
        $link = $values[0];
        header("Location: {$link}");
    }
    global $sourceFolder;
    global $moduleFolder;
    require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php";
    $page = new $moduleType();
    if (!$page instanceof module) {
        displayerror("The module \"{$moduleType}\" does not implement the inteface module</div>");
        return "";
    }
    $createperms_query = " SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action = 'create' AND page_module = '" . $moduleType . "'";
    $createperms_result = mysql_query($createperms_query);
    if (mysql_num_rows($createperms_result) < 1) {
        displayerror("The action \"create\" does not exist in the module \"{$moduleType}\"</div>");
        return "";
    }
    $availableperms_query = "SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action != 'create' AND page_module = '" . $moduleType . "'";
    $availableperms_result = mysql_query($availableperms_query);
    $permlist = array();
    while ($value = mysql_fetch_assoc($availableperms_result)) {
        array_push($permlist, $value['perm_action']);
    }
    array_push($permlist, "view");
    $class_methods = get_class_methods($moduleType);
    foreach ($permlist as $perm) {
        if (!in_array("action" . ucfirst($perm), $class_methods)) {
            displayerror("The action \"{$perm}\" does not exist in the module \"{$moduleType}\"</div>");
            return "";
        }
    }
    if ($action == "pdf") {
        if (isset($_GET['depth'])) {
            $depth = $_GET['depth'];
        } else {
            $depth = 0;
        }
        if (!is_numeric($depth)) {
            $depth = 0;
        }
        global $TITLE;
        global $sourceFolder;
        require_once "{$sourceFolder}/modules/pdf/html2fpdf.php";
        $pdf = new HTML2FPDF();
        $pdf->setModuleComponentId($moduleComponentId);
        $pdf->AddPage();
        $pdf->WriteHTML($page->getHtml($userId, $moduleComponentId, "view"));
        $cp = array();
        $j = 0;
        if ($depth == -1) {
            $cp = child($pageId, $userId, $depth);
            if ($cp[0][0]) {
                for ($i = 0; $cp[$i][0] != NULL; $i++) {
                    require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php";
                    $page1 = new $cp[$i][2]();
                    $modCompId = $cp[$i][5];
                    $pdf->setModuleComponentId($modCompId);
                    $pdf->AddPage();
                    $pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view"));
                }
            }
        } else {
            if ($depth > 0) {
                $cp = child($pageId, $userId, $depth);
                --$depth;
                while ($depth > 0) {
                    $count = count($cp);
                    for ($j; $j < $count; $j++) {
                        $cp = array_merge((array) $cp, (array) child($cp[$j][0], $userId, $depth));
                    }
                    --$depth;
                }
                if ($cp[0][0]) {
                    for ($i = 0; isset($cp[$i]); $i++) {
                        require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php";
                        $page1 = new $cp[$i][2]();
                        $modCompId = $cp[$i][5];
                        $pdf->setModuleComponentId($modCompId);
                        $pdf->AddPage();
                        $pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view"));
                    }
                }
            }
        }
        $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . ".pdf";
        while (file_exists($filePath)) {
            $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . "-" . rand() . ".pdf";
        }
        $pdf->Output($filePath);
        header("Pragma: public");
        header("Expires: 0");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: private", false);
        header("Content-Type: application/pdf");
        header("Content-Disposition: attachment; filename=\"" . basename($filePath) . "\";");
        header("Content-Transfer-Encoding: binary");
        header("Content-Length: " . filesize($filePath));
        @readfile("{$filePath}");
        unlink($filePath);
    }
    return $page->getHtml($userId, $moduleComponentId, $action);
}
Beispiel #13
0
 private function submitNewUserThirdPartyRegistrationForm()
 {
     if (isset($_POST['txtUserEmail']) && isset($_POST['txtUserPhone']) && isset($_POST['txtUserInstitution']) && isset($_POST['txtUserPassword']) && isset($_POST['txtUserConfirmPassword'])) {
         if (getUserIdFromEmail(escape($_POST['txtUserEmail']))) {
             displayerror('The given E-mail Id is already registered on the website. Please use the respective forms\' Edit Registrants view to register the user to events.');
             return;
         }
         if ($_POST['txtUserEmail'] == '' || $_POST['txtUserPassword'] == '') {
             displayerror("Blank e-mail/password NOT allowed");
             return;
         } elseif (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", $_POST['txtUserEmail'])) {
             displayerror("Invalid Email Id");
             return;
         } elseif ($_POST['txtUserPassword'] != $_POST['txtUserConfirmPassword']) {
             displayerror("Passwords are not same");
             return;
         }
         $userIdQuery = 'SELECT MAX(`user_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'users`';
         $userIdResult = mysql_query($userIdQuery);
         $userIdRow = mysql_fetch_row($userIdResult);
         $newUserId = 1;
         if (!is_null($userIdRow[0])) {
             $newUserId = $userIdRow[0] + 1;
         }
         $userEmail = escape(trim($_POST['txtUserEmail']));
         $userPassword = $_POST['txtUserPassword'];
         $userContactNumber = escape($_POST['txtUserPhone']);
         $userInstitute = escape($_POST['txtUserInstitution']);
         $userFullName = escape($_POST['txtUserFullName']);
         $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'users`(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_regdate`, `user_lastlogin`, `user_activated`) ' . "VALUES({$newUserId}, '{$userFullName}', '{$userEmail}', '{$userFullName}', MD5('{$userPassword}'), NOW(), NOW(), 1)";
         $insertResult = mysql_query($insertQuery);
         if (!$insertResult) {
             displayerror('Error. Could not add user to database.');
             return;
         }
         $contactElementId = 3;
         $instituteElementId = 4;
         $contactInsertQuery = "INSERT INTO `form_elementdata` (`user_id`, `page_modulecomponentid`, `form_elementid`, `form_elementdata`) " . "VALUES " . "({$newUserId}, 0, {$contactElementId}, '{$userContactNumber}'), " . "({$newUserId}, 0, {$instituteElementId}, '{$userInstitute}')";
         $contactInsertResult = mysql_query($contactInsertQuery);
         if (!$contactInsertResult) {
             displayerror('Could not save the contact number of the user.');
         } else {
             displayinfo("User {$userEmail} has been registered to the pragyan website.");
         }
     } else {
         displayerror('Invalid form submit data.');
     }
 }
Beispiel #14
0
    public function actionHead()
    {
        global $urlRequestRoot, $moduleFolder, $cmsFolder, $templateFolder, $sourceFolder, $STARTSCRIPTS;
        require_once $sourceFolder . "/" . $moduleFolder . "/qaos1/qaos_common.php";
        require_once $sourceFolder . "/upload.lib.php";
        require_once $sourceFolder . "/" . $moduleFolder . "/qaos1/excel.php";
        $mcid = $this->moduleComponentId;
        if (isset($_POST['downloadFormatExcel'])) {
            displayEventFormatExcel();
        }
        if (isset($_FILES['fileUploadField']['name'])) {
            $date = date_create();
            $timeStamp = date_timestamp_get($date);
            $tempVar = $sourceFolder . "/uploads/temp/" . $timeStamp . $_FILES['fileUploadField']['name'][0];
            move_uploaded_file($_FILES["fileUploadField"]["tmp_name"][0], $tempVar);
            $excelData = readExcelSheet($tempVar);
            $success = 1;
            for ($i = 2; $i <= count($excelData); $i++) {
                if ($excelData[$i][1] == NULL) {
                    continue;
                }
                $checkIfExistQuery = "SELECT * FROM `qaos1_events` WHERE `events_name`='{$excelData[$i][1]}' AND `page_modulecomponentid`={$mcid}";
                $checkIfExistRes = mysql_query($checkIfExistQuery) or displayerror(mysql_error());
                if (mysql_num_rows($checkIfExistRes)) {
                    continue;
                }
                $insertIntoEventTableQuery = "INSERT IGNORE INTO `qaos1_events` (events_name,page_modulecomponentid) VALUES ('{$excelData[$i][1]}',{$mcid})";
                $res = mysql_query($insertIntoEventTableQuery) or displayerror(mysql_error());
                if ($res == "") {
                    $success = 0;
                }
            }
            if (!$success) {
                displayerror("Datas are not inserted");
            }
        }
        if (isset($_POST['uploadEventName'])) {
        }
        if (isset($_POST['hid'])) {
            $_POST["hid2"] = addslashes($_POST["hid2"]);
            $_POST["hid1"] = addslashes($_POST["hid1"]);
            $_POST["hid"] = addslashes($_POST["hid"]);
            if ($_POST["hid"] < 3 && $_POST["hid"] >= 0) {
                if ($_POST["hid"] != 2 || $_POST["hid1"] != "") {
                    $query = "update qaos1_evtproc set evtproc_Status = '{$_POST["hid"]}',evtproc_Desc ='{$_POST["hid1"]}' where evtproc_Id ='{$_POST["hid2"]}' AND modulecomponentid={$this->moduleComponentId}";
                    $res = mysql_query($query);
                }
            }
        }
        if (isset($_GET['subaction']) && $_GET['subaction'] == "apFundReq" && isset($_POST['qhid'])) {
            $_POST["qhid2"] = addslashes($_POST["qhid2"]);
            $_POST["qhid1"] = addslashes($_POST["qhid1"]);
            $_POST["qhid"] = addslashes($_POST["qhid"]);
            if ($_POST["qhid"] < 3 && $_POST["qhid"] >= 0) {
                if ($_POST["qhid"] != 2 || $_POST["qhid1"] != "") {
                    $query = "update qaos1_fundreq set fundreq_Status = '{$_POST["qhid"]}',fundreq_Desc ='{$_POST["qhid1"]}' where fundreq_Id ='{$_POST["qhid2"]}' AND modulecomponentid={$this->moduleComponentId}";
                    $res = mysql_query($query);
                }
            }
        }
        $query = "SELECT * FROM qaos1_evtproc WHERE modulecomponentid={$this->moduleComponentId}";
        $res = mysql_query($query);
        $query1 = "SELECT * FROM qaos1_fundreq WHERE modulecomponentid={$this->moduleComponentId}";
        $res1 = mysql_query($query1);
        $css1 = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/qaos1/styles/main.css";
        $smarttablestuff = smarttable::render(array('table_evtprocrequest', 'table_fundreqform', 'table_eventproc_head', 'table_funreq_head'), null);
        $STARTSCRIPTS .= "initSmartTable();";
        $headaction = <<<AB
\t\t  {$smarttablestuff}
\t\t\t\t<link href="{$css1}" rel="stylesheet">

\t     \t  \t    <script type="text/javascript">
\t     \t     \t       function qaosproc(a)
                       \t\t{
\t\t\t\t\tvar k=document.getElementById("status"+a+"1");
\t\t     \t\t\tvar k1=document.getElementById("status"+a+"2");
\t\t     \t\t\tif(k.checked) document.getElementById("hid"+a).value=1;
\t\t     \t\t\telse if(k1.checked) document.getElementById("hid"+a).value=2;
\t\t     \t\t\telse {alert("select any one of button");return false;}
\t\t     \t\t\tdocument.getElementById("hi1d"+a).value=document.getElementById("description"+a).value;
\t\t\t\t
\t\t\t\t\t\$.ajax({
\t\t\t\t\ttype: "POST",
\t\t\t\t  \turl: "./+head&subaction=apEventProc",
\t\t\t\t  \tdata: "hid="+\$("#hid"+a).val()+"&hid1="+\$("#hi1d"+a).val()+"&hid2="+\$("#hi2d"+a).val()
\t\t\t      \t\t});
\t\t\t\t
\t\t\t\t\t\$("#tr"+a).css({'display':'none'});      
\t     \t\t\t\treturn false;
\t\t\t\t}
\t\t\t       function qaosfund(a)
       \t\t       \t\t{
\t\t\t\t\tvar k=document.getElementById("qstatus"+a+"1");
       \t\t\t\t\tvar k1=document.getElementById("qstatus"+a+"2");
      \t\t\t\t\tif(k.checked) document.getElementById("qhid"+a).value=1;
       \t\t\t\t\telse if(k1.checked) document.getElementById("qhid"+a).value=2;
      \t\t\t\t\telse {alert("select any one of button");return false;}
\t\t       \t\t\tdocument.getElementById("qhi1d"+a).value=document.getElementById("qdescription"+a).value;
\t\t\t\t\t
\t\t\t\t\t\$.ajax({
\t\t\t\t\ttype: "POST",
\t\t\t\t  \turl: "./+head&subaction=apFundReq",
\t\t\t  \t\tdata: "qhid="+\$("#qhid"+a).val()+"&qhid1="+\$("#qhi1d"+a).val()+"&qhid2="+\$("#qhi2d"+a).val()
\t\t\t      \t\t});
\t\t\t\t\t
\t\t\t\t\t\$("#trf"+a).css({'display':'none'});      
\t     \t\t\t\treturn false;
\t\t\t       }
 \t        \t   </script>
\t\t\t   <script type="text/javascript">
  \t\t \t   \t   \$(document).ready(function() 
\t         \t\t   \t{
\t\t\t\t\t\$(".forms").css({'display':'none'});
\t\t\t\t\t\$(".buttons").css({'display':'block'});
\t\t\t\t\t\$("#dheadfundreq").css({'display':'block'});
\t\t\t\t\t\$("#bhead_evtproc").click(function()
\t\t\t\t\t\t{
\t\t\t\t\t\t\tdispevtproc();
\t\t\t\t\t\t});
\t\t\t\t\t\$("#bhead_fundreq").click(function()
\t\t\t\t\t\t{
\t\t\t\t\t\t\tdispfundreq();
\t\t\t\t\t\t});
\t\t\t\t\t\t\t\t
\t\t\t\t\t\$("#bformevt").click(function(){
\t\t\t\t\t\tdispevtform();
\t\t\t\t\t});
\t            \t\t       \$("#bformfund").click(function(){
\t\t\t\t\t\tdispfundform();
\t\t\t\t \t\t});
\t            \t\t       \$("#bhead_evtUpload").click(function(){
\t\t\t\t\t   dispEventUploadForm();
\t\t\t\t\t });

     \t\t\t\t\tfunction dispevtproc()
       \t\t \t\t \t {
\t\t\t\t\t\t\$(".forms").css({'display':'none'});
\t\t\t\t\t\t\$("#dheadeventproc").css({'display':'block'});
\t\t\t\t\t }
\t\t\t\t\tfunction dispfundreq()
\t\t \t\t \t {
\t\t\t\t\t\t\$(".forms").css({'display':'none'});
\t\t\t\t\t\t\$("#dheadfundreq").css({'display':'block'});
\t\t\t       \t\t }
\t\t\t\t\tfunction dispevtform()
\t\t\t\t    \t {
\t\t\t\t\t\t\$(".forms").css({'display':'none'});
\t\t\t\t\t\t\$("#formevt").css({'display':'block'});
\t\t\t\t\t }
\t\t\t            \t function dispfundform()
\t\t\t\t    \t  {
\t\t\t\t\t\t\$(".forms").css({'display':'none'});
\t\t\t\t\t\t\$("#formfund").css({'display':'block'});
\t\t\t\t\t  }
\t\t\t\t\t function dispEventUploadForm() 
\t\t\t\t\t {
\t\t\t\t\t   \$(".forms").css({'display':'none'});
\t\t\t\t\t   \$("#formEvtName").css({'display':'block'});
\t\t\t\t\t }
\t\t\t\t\t\$("#dheadeventproc").css({'width':'100%'});
\t\t\t\t\t\$("#dheadfundreq").css({'width':'100%'});
\t\t\t\t\$(".viewbuttons").css({'height':'25px'});

\t\t\t\t\t});\t 
       \t\t\t</script>
\t\t\t<div id="buttonsDiv" class="viewButtonsDiv">
\t   \t\t<input type="button" id="bformevt" class="viewbuttons" value="Event procurement "/>
\t    \t\t<input type="button" id="bformfund" value="Fund" class="viewbuttons" />
      \t\t\t<input type="button" id="bhead_evtproc" value="Event procurement details" class="viewbuttons" />
      \t\t\t<input type="button" id="bhead_fundreq" value="Fund details" class="viewbuttons" />
\t\t\t<input type="button" id="bhead_evtUpload" value="Upload Event Name" class="viewbuttons" />
    
      \t\t</div>
\t\t\t<div id="formevt" class="forms">
     \t\t\t\t<h2>Event Procurement Request</h2>

      \t\t\t<table class="qaostables display" id="table_evtprocrequest" width="100%" border="1">
\t\t\t\t<thead><tr>
\t\t\t\t\t<th>EVENT NAME</th>
\t\t\t\t\t<th>ITEM</th>
\t\t\t\t\t<th>QUANTITY</th>
\t\t\t\t\t<th>REASON</th>
\t\t\t\t\t<th>STATUS</th>
 \t\t\t\t\t<th>DEADLINE</th>
\t\t\t\t\t<th>ADDED BY</th>
\t\t\t\t\t<th>DESCRIPTION</th>
\t\t\t\t\t<th>SUBMIT</th>
\t\t\t\t</tr></thead>
AB;
        while ($result = mysql_fetch_array($res)) {
            $event = $result['evtproc_Id'];
            $userName = getUserName($result['userid']);
            if ($result['evtproc_Status'] == 0) {
                $status = 0;
            } else {
                $status = 1;
            }
            if ($status == 0) {
                $headaction .= <<<AB
\t        \t\t\t      <tr id="tr{$event}" >
\t \t\t\t     \t  <td>{$result["evtproc_name"]}</td>
\t \t\t\t\t\t  <td>{$result['evtproc_Request']}</td>
\t \t\t\t\t\t  <td>{$result['evtproc_Quantity']}</td>
\t\t\t\t\t\t  <td>{$result['evtproc_reason']}</td>
\t\t\t\t\t\t  <td>
\t\t\t\t\t\t\t<input type="radio" name="status{$event}" id="status{$event}1" value="1">ACCEPT<br/ >
\t \t\t\t\t\t  \t<input type="radio" name="status{$event}" id="status{$event}2" value="2">Decline<br/>
\t\t\t\t\t\t  </td>
\t\t\t\t\t\t  <td>{$result['evtproc_date']}</td>
\t\t\t\t\t\t   <td>{$userName}</td>\t\t\t\t   
\t\t\t\t\t\t  <td><textarea id="description{$event}"></textarea></td>
\t\t\t\t\t\t  <td>
\t\t\t\t\t\t\t<form action="./+head&subaction=apEventProc" method="post" onsubmit="return qaosproc({$event})">
\t\t\t\t\t\t\t      <input type="hidden" value="" id="hid{$event}" name="hid">
\t\t\t\t\t\t\t      <input type="hidden" value="{$event}" id="hi2d{$event}" name="hid2">
\t\t\t\t\t\t\t      <input type="hidden" value="" id="hi1d{$event}" name="hid1">
\t\t\t\t\t\t\t      <input type="submit" value="submit">
\t\t\t\t\t\t\t</form>
\t\t\t\t\t\t   </td>
\t\t\t\t\t     </tr>
AB;
            }
        }
        $headaction .= <<<AB
\t\t     \t   </table>
\t\t\t\t   </div>
\t\t\t\t   <div id="formfund" class="forms">
\t\t   \t\t<h2>Fund request</h2>
\t\t\t\t   \t<table class="qaostables display" id="table_fundreqform" border="1" width="100%">
\t\t\t\t\t <thead>   <tr>
\t\t\t\t\t\t<th>EVENT NAME</th>
\t\t\t\t\t\t<th>ITEM</th>
\t\t\t\t\t\t<th>QUANTITY</th>
\t\t\t\t\t\t<th>AMOUNT</th>
\t\t\t\t\t\t<th>REASON</th>
\t\t\t\t\t\t<th>STATUS</th>
\t\t\t\t\t\t<th>DEADLINE</th>
\t\t                                <th>ADDED BY</th>
\t\t\t\t\t\t<th>DESCRIPTION</th>
\t\t                                <th>SUBMIT</th>
\t\t\t\t\t    </tr></thead>
AB;
        while ($result1 = mysql_fetch_array($res1)) {
            $event1 = $result1['fundreq_Id'];
            $userName = getUserName($result1['userid']);
            if ($result1['fundreq_Status'] == 0) {
                $status1 = 0;
            } else {
                $status1 = 1;
            }
            if ($status1 == 0) {
                $headaction .= <<<AB
\t     \t\t\t\t\t      <tr id="trf{$event1}">
\t   \t\t\t\t\t     <td>{$result1["fundreq_name"]}</td>
\t    \t\t\t\t\t\t  <td>{$result1['fundreq_Request']}</td>
\t    \t\t\t\t\t\t  <td>{$result1['fundreq_Quantity']}</td>
\t   \t\t\t\t\t\t  <td>{$result1["fundreq_Amount"]}</td>
\t   \t\t\t\t\t\t  <td>{$result1["fundreq_reason"]}</td>
\t   \t\t\t\t\t\t  <td>
\t\t\t\t\t\t\t\t<input type="radio" name="qstatus{$event1}" id="qstatus{$event1}1" value="1">ACCEPT<br/ >
\t  \t\t\t\t\t\t\t<input type="radio" name="qstatus{$event1}" id="qstatus{$event1}2" value="2">Decline<br/>
\t\t\t\t\t\t\t  </td>
\t\t\t\t\t\t\t\t  <td>{$result1["fundreq_date"]}</td>
  \t\t\t\t\t\t\t          <td>{$userName}</td>\t\t
\t   \t\t\t\t\t\t  <td><textarea id="qdescription{$event1}"></textarea></td>
\t  \t\t\t\t\t\t  <td>
\t\t\t\t\t\t\t\t<form action="./+head&&subaction=apFundReq" method="post" onsubmit="return qaosfund({$event1})">
\t\t\t\t\t\t\t  \t       <input type="hidden" value="" id="qhid{$event1}" name="qhid">
\t \t\t\t\t\t\t\t       <input type="hidden" value="{$event1}" id="qhi2d{$event1}" name="qhid2">
\t \t\t\t\t\t\t\t       <input type="hidden" value=""     id="qhi1d{$event1}" name="qhid1">
\t \t\t\t\t\t\t\t       <input type="submit" value="submit">
\t\t\t\t\t\t\t  \t</form>
\t\t\t\t\t\t\t  </td>
\t\t\t\t\t\t       </tr>
AB;
            }
        }
        $headaction .= <<<AB
\t\t\t\t\t\t</table>
\t\t\t\t\t \t</div>
\t\t\t\t\t\t<div class="headdisplay" id="headdisplayevt">
AB;
        $hist1 = "SELECT *FROM qaos1_evtproc WHERE modulecomponentid={$this->moduleComponentId}";
        $res = mysql_query($hist1);
        $headaction .= <<<AB
\t \t    <div id="dheadeventproc" class="forms">
\t\t\t\t\t<h2>Event Procurement Status</h2>\t       \t    \t
\t       \t   <table id="table_eventproc_head" class="display"border="1" width="100%" class="qaostables">
\t       \t\t    <thead><tr>
\t\t\t\t\t\t<th>ITEM</th>
\t\t\t\t\t\t<th>QUANTITY</th>
\t\t\t\t\t\t<th>EVENT NAME</th>
\t\t\t\t\t\t<th>REASON</th>\t\t\t\t  \t\t
 \t\t\t\t  \t\t<th>STATUS</th>
\t\t                                <th>ADDED BY</th>
\t\t\t\t  \t\t<th>DEADLINE</th>
\t\t\t\t  \t\t<th>DESCRIPTION</th>
\t\t\t\t\t </tr></thead>
AB;
        while ($result = mysql_fetch_array($res)) {
            $userName = getUserName($result['userid']);
            if ($result['evtproc_Status'] == 0) {
                $status = "Pending";
            } else {
                if ($result['evtproc_Status'] == 1) {
                    $status = "Accepted By QA";
                } else {
                    if ($result['evtproc_Status'] == 2) {
                        $status = "Decline";
                    } else {
                        if ($result['evtproc_Status'] == 3) {
                            $status = "Accepted By OC";
                        }
                    }
                }
            }
            $headaction .= <<<AB
\t\t\t\t   <tr class="tr{$result['evtproc_Status']}">
\t\t\t\t       <td>{$result['evtproc_Request']}</td>
\t\t\t\t       <td>{$result['evtproc_Quantity']}</td>
\t\t\t\t        <td>{$result['evtproc_name']}</td>
\t\t\t\t       <td>{$result['evtproc_reason']}</td>\t\t\t\t       
\t\t\t\t       <td>{$status}</td>
\t\t\t\t\t<td>{$userName}</td>\t\t
\t\t\t\t       <td>{$result['evtproc_date']}</td>
\t\t\t\t       <td>{$result['evtproc_Desc']}</td>
\t\t\t \t   </tr>
AB;
        }
        $headaction .= <<<AB
          </table></div>
\t\t\t<div  class="forms" id="dheadfundreq">
\t\t\t<h2>Fund Request Status</h2>
\t\t      <table id="table_funreq_head" class="display"border="1" width="100%" class="qaostables">
\t\t\t   <thead>
\t\t\t    <tr>
\t\t\t\t     <th>ITEM</th>
\t\t\t\t     <th>QUANTITY</th>
\t\t\t\t     <th>EVENT NAME</th>
\t\t\t\t     <th>Reason</th>
\t\t\t\t     <th>STATUS</th>
                                     <th>ADDED BY</th>
\t\t\t\t     <th>DEADLINE</th>
\t\t\t\t     <th>DESCRIPTION</th>
 \t\t\t     </tr></thead>
AB;
        $hist2 = "SELECT *  FROM qaos1_fundreq WHERE modulecomponentid={$this->moduleComponentId}";
        $res1 = mysql_query($hist2);
        while ($result1 = mysql_fetch_array($res1)) {
            $userName = getUserName($result1['userid']);
            if ($result1['fundreq_Status'] == 0) {
                $status1 = "Pending";
            } else {
                if ($result1['fundreq_Status'] == 1) {
                    $status1 = "Accepted by QA";
                } else {
                    if ($result1['fundreq_Status'] == 2) {
                        $status1 = "Decline";
                    } else {
                        if ($result1['fundreq_Status'] == 3) {
                            $status1 = "collect the amt from treasurer";
                        }
                    }
                }
            }
            $headaction .= <<<AB
\t\t\t\t<tr class="tr{$result1['fundreq_Status']}">
        \t\t\t\t<td>{$result1['fundreq_Request']}</td>
\t\t\t\t\t<td>{$result1['fundreq_Quantity']}</td> 
\t\t\t\t\t<td>{$result1['fundreq_name']}</td> 
\t\t\t\t\t<td>{$result1['fundreq_reason']}</td> 
\t\t\t\t\t<td>{$status1}</td>
\t\t\t\t\t<td>{$userName}</td>\t\t
\t\t\t\t\t<td>{$result1['fundreq_date']}</td>
\t\t\t\t\t<td>{$result1['fundreq_Desc']}</td>
\t\t\t\t</tr>
AB;
        }
        $uploadEventName = getFileUploadForm($this->moduleComponentId, "qaos1", './+head', UPLOAD_SIZE_LIMIT, 1);
        $headaction .= <<<AB
\t  </table></div>
\t  <div  class="forms" id="formEvtName">
\t         <h2>Upload Event Details</h2>
\t   <form action="./+head" method="post">
\t      <input type="submit" name="downloadFormatExcel" value="Download Event Sample Format"/>
\t   </form>
\t     {$uploadEventName}
          
\t   </div>



AB;
        return $headaction;
    }
Beispiel #15
0
function installModule($uploadId, $type)
{
    global $sourceFolder;
    $result = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'"));
    if ($result != NULL) {
        $zipFile = $result['filePath'];
        $temp = explode(";", $result['info']);
        $extractedPath = $temp[0];
        $moduleActualPath = $temp[1];
        $moduleName = $temp[2];
    }
    $function = "checkFor{$type}Issues";
    $issueType = $function($moduleActualPath, $moduleName, $issues);
    if ($issues == "") {
        return finalizeInstallation($uploadId, $type);
    }
    $issues = "\n\t<table name='issues_table'>\n\t<tr><th>S.No.</th><th>Issue Details</th><th>Issue Type</th><th>Ignore ?</th></tr>\n\t{$issues}\n\t</table>\n\t<b>Installation cannot proceed for the above mentioned issues, fix them and <a href='./+admin&subaction=widgets&subsubaction=installwidget'>try again</a>.</b>";
    delDir($extractedPath);
    unlink($zipFile);
    mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
    return $issues;
}
Beispiel #16
0
function printFacultyDataWithLiFaculty($sectionId, $moduleComponentId, $toPrint)
{
    global $urlRequestRoot, $sourceFolder, $cmsFolder, $templateFolder, $moduleFolder, $urlRequestRoot;
    $folder = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/faculty/images/";
    $printData = "";
    $sectionDataQuery = "SELECT * FROM `faculty_data` WHERE `faculty_sectionId`={$sectionId} AND `page_moduleComponentId`={$moduleComponentId}";
    $sectionDataResult = mysql_query($sectionDataQuery) or displayerror("Unable to find required moduleComponentId");
    if ($toPrint) {
        $sectionDetailQuery = "SELECT * FROM `faculty_template` WHERE `template_sectionId`={$sectionId} ";
        $sectionDetailResult = mysql_query($sectionDetailQuery) or displayerror("Unable to find required Template");
        $resultantArray = mysql_fetch_assoc($sectionDetailResult);
        $printData .= <<<details
\t\t
\t
\t<h3>{$resultantArray["template_sectionName"]}
\t\t
details;
    }
    $printData .= callAddData($sectionId, $moduleComponentId);
    $printData .= <<<details
\t</h3>\t
\t<table cellspacing="1" cellpadding="1" border="1" style="width:75%">
\t<tr>
\t\t<th>Actions</th>
\t\t<th>Data</th>
\t</tr>
details;
    while ($sectionDataArray = mysql_fetch_assoc($sectionDataResult)) {
        $printData .= <<<details
\t\t\t\t<tr >
\t\t\t\t<div style="position:relative">
\t\t\t\t<td width="15%">
\t\t\t\t<img src="{$folder}edit.png" alt="edit" class="headerFirstSectionEdit" id="headerFirstSectionId{$sectionDataArray['faculty_dataId']}"  style="cursor:pointer;float:left;"/>&nbsp;
\t\t\t\t<img src="{$folder}confirm.png" alt="confirm" class="headerFirstSectionConfirm" id="headerFirstSectionConfirm{$sectionDataArray['faculty_dataId']}" style="cursor:pointer;float:left;"/> &nbsp;
\t\t\t\t<img src="{$folder}delete.png" alt="delete" class="headerFirstSectionDelete" id="headerFirstSectionDelete{$sectionDataArray['faculty_dataId']}"  style="cursor:pointer;display:inline;"/>&nbsp;
\t\t\t\t</td>
\t\t\t\t<td class="sectionDataInTable"><div class="headerFirstSection" id="headerFirstSection{$sectionDataArray['faculty_dataId']}" style="display:inline;">{$sectionDataArray['faculty_data']}</div></li>
\t\t\t\t</td>
\t\t\t\t</div>\t
\t\t\t\t</tr>
\t
details;
    }
    $printData .= <<<details
</table>
details;
    return $printData;
}
Beispiel #17
0
function handleTemplateManagement()
{
    global $sourceFolder;
    if (isset($_POST['btn_install'])) {
        $uploadId = processUploaded("Template");
        if ($uploadId != -1) {
            return installModule($uploadId, "Template");
        }
    } else {
        if (isset($_POST['btn_uninstall'])) {
            $query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE attribute= 'default_template'";
            $res = mysql_query($query);
            $row1 = array();
            $row1 = mysql_fetch_row($res);
            if (!isset($_POST['Template']) || $_POST['Template'] == "") {
                return "";
            }
            $toDelete = escape($_POST['Template']);
            $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
            $query2 = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_template` = '{$toDelete}' LIMIT 10";
            $result2 = mysql_query($query2) or displayerror(mysql_error());
            if ($row1[0] == $toDelete) {
                displayerror("The default template cannot be deleted! If you want to delete this template, first change the default template from 'Global Settings'.");
                return "";
            }
            if (mysql_num_rows($result2) == 0 || isset($_POST['confirm'])) {
                if ($row = mysql_fetch_array(mysql_query($query))) {
                    $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
                    mysql_query($query);
                    $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_template` = '" . $row1[0] . "' WHERE `page_template` = '" . $toDelete . "'";
                    mysql_query($query) or displayerror(mysql_error());
                    $templateDir = $sourceFolder . "/templates/" . $toDelete . "/";
                    if (file_exists($templateDir)) {
                        delDir($templateDir);
                    }
                    displayinfo("Template " . safe_html($_POST['Template']) . " uninstalled!");
                    return "";
                } else {
                    displayerror("Template uninstallation failed!");
                    return "";
                }
            }
            $pageList = "";
            while ($row = mysql_fetch_assoc($result2)) {
                $pageList .= "/home" . getPagePath($row['page_id']) . "<br>";
            }
            $templatename = safe_html($_POST['Template']);
            $ret = <<<RET
<fieldset>
<legend>{$ICONS['Templates Management']['small']}Template Management</legend>
Some of the page with {$templatename} template are:<br>
{$pageList}
<div class='cms-error'>The templates of these pages will be reset to default template if you proceed deleting the template.</div>
<form method=POST action='./+admin&subaction=template&subsubaction=uninstall'>
<input type=hidden value='{$templatename}' name='Template' />
<input type=submit value='Delete template' name='btn_uninstall' />
<input type=hidden value='confirm' name='confirm' />
</form>
</fieldset>
RET;
            return $ret;
        }
    }
    /*
    	this finalize and cancel subsubactions are vulnerabilities, any one can vary $_POST['path'] and make cms to delete itself.
    	so template installation is also merged with module and widget installation,
    	but some extra features specific to template installation(ie ignoring missing template variables and changing template name)
    	are missing in that installation, these will remain commented for reference till those features are implemented the other way
    	else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') 
    	{		
    	
    		$issues = "";
    		$ret = reportIssues(escape($_POST['path']),$issues);
    		if($ret[0] == 1) 
    		{
    			displayerror("Your template is still not compatible with Pragyan CMS. Please fix the reported issues during installation.");
    			delDir(escape($_POST['del']));
    			unlink(escape($_POST['file']));
    			return "";
    		}
    			
    		$templates=getAvailableTemplates();
    		$flag=false;
    		foreach ($templates as $template) 
    			if($template==$_POST['template'])
    			{
    				$flag=true;
    				break;
    			}
    		if($_POST['template']=="common" || $flag || file_exists($sourceFolder . "/templates/" . escape($_POST['template']) . "/")) 
    		{
    			displayerror("Template Installation failed : A folder by the template name already exists.");
    			$templatePath=safe_html($_POST['del']);
    			$str=safe_html($_POST['file']);
    			$ret=<<<RET
    			<form method=POST action='./+admin&subaction=canceltemplate'>
    			Please click the following button to start a fresh installation : 
    			<input type=hidden name='path' value='{$templatePath}'>
    			<input type=hidden name='file' value='{$str}'>
    			<input type=submit value="Fresh Installation">
    			</form>
    RET;
    			return $ret;
    			
    		}
    		rename(escape($_POST['path']), $sourceFolder . "/templates/" . escape($_POST['template']) . "/");
    		delDir(escape($_POST['del']));
    		unlink(escape($_POST['file']));
    		mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "templates` VALUES('" . escape($_POST['template']) . "')");
    		displayinfo("Template installation complete");
    		return "";
    		
    	} 
    	else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel') 
    	{
    		delDir(escape($_POST['path']));
    		unlink(escape($_POST['file']));
    		return "";
    	}*/
}
Beispiel #18
0
    private function forumHtml($data, $type = 'thread', $post = 0, $count = 0)
    {
        global $urlRequestRoot, $moduleFolder, $cmsFolder, $templateFolder, $sourceFolder, $userId;
        require_once "{$sourceFolder}/{$moduleFolder}/forum/bbeditor.php";
        require_once "{$sourceFolder}/{$moduleFolder}/forum/bbparser.php";
        $js = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images/jscript.js";
        $table_name = "forum_threads";
        $table1_name = "forum_posts";
        $templatesImageFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/" . TEMPLATE;
        $temp = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images";
        if (isset($_GET['thread_id'])) {
            $thread_id = escape($_GET['thread_id']);
        }
        $forumHtml = '';
        $forum_threads = '';
        $rows = $data;
        $action = "+post&subaction=create_thread";
        $forum_lastVisit = $this->forumLastVisit();
        if ($type == 'threadRow') {
            if ($userId > 0 && $forum_lastVisit < $rows['forum_thread_lastpost_date']) {
                $img_src = "thread_new.gif";
            } else {
                $img_src = "thread_hot.gif";
            }
            $topic = ucfirst(parseubb(parsesmileys($rows['forum_thread_topic'])));
            $name = ucfirst(getUserName($rows['forum_thread_user_id']));
            $last_post_author = ucfirst(getUserName($rows['forum_thread_last_post_userid']));
            if ($rows['forum_thread_category'] == 'sticky') {
                $img_src = 'sticky.gif';
            }
            $query1 = "SELECT `forum_post_id` FROM `{$table1_name}` WHERE `forum_thread_id`='" . $rows['forum_thread_id'] . "' AND `forum_post_approve`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}' ";
            $result1 = mysql_query($query1);
            $reply_count = mysql_num_rows($result1);
            $forum_threads .= <<<PRE1
\t\t\t            <tr class="forumThreadRow">
\t\t\t            <td class="forumThreadRow forumTableIcon" width="3%"><img src="{$temp}/{$img_src}" /></td>
\t\t\t            <td class="forumThreadRow" width="51%"><a class="threadRow" href="+view&thread_id={$rows['forum_thread_id']}"> {$topic} </a><br /><small>by <b> {$name} </b>
\t\t\t             on {$rows['forum_thread_datetime']} </small></td>
\t\t\t            <td class="forumThreadRow" width="8%" style="text-align:center;"> {$rows['forum_thread_viewcount']} </td>
\t\t\t            <td class="forumThreadRow" width="8%" style="text-align:center;"> {$reply_count} </td>
\t\t\t            <td class="forumThreadRow" width="30%"><small>by <b> {$last_post_author} </a></b> on {$rows['forum_thread_lastpost_date']} </small></td>
\t\t\t            </tr>        
PRE1;
            $forumHtml .= $forum_threads;
        }
        if ($type == 'threadHead') {
            $thread_Header = '<p align="left">';
            if ($rows['forum_thread_category'] != 'sticky') {
                $thread_Header .= '<a href="+post&subaction=post_reply&thread_id=' . $thread_id . '"><img alt="Reply" title="Reply" src="' . $temp . '/reply.gif" /></a>&nbsp&nbsp';
            }
            $thread_Header .= <<<PRE
\t\t\t\t<link rel="stylesheet" href="{$temp}/styles.css" type="text/css" />
\t\t\t\t&nbsp<a href="+post&subaction=create_thread"><img title="New Thread" src="{$temp}/newthread.gif" /></a>&nbsp;<a 
href="+view"> <img title="Go Back to Forum" src="{$temp}/go_back.gif" /></a>
\t\t\t\t<table width="100%" cellpadding="4" cellspacing="2" id="forum" >
PRE;
            $forumHtml = $thread_Header;
        }
        if ($type == 'threadMain') {
            $q = "SELECT * FROM `forum_module` WHERE `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1";
            $r = mysql_query($q) or displayerror(mysql_error() . "View of Thread failed L:962");
            $r = mysql_fetch_array($r);
            if ($post == 0) {
                $topic = censor_words(ucfirst(parseubb(parsesmileys($rows['forum_thread_topic']))));
                $name = ucfirst(getUserName($rows['forum_thread_user_id']));
                $last_post_author = ucfirst(getUserName($rows['forum_thread_last_post_userid']));
                $threadUserId = $rows['forum_thread_user_id'];
                $detail = censor_words(parseubb(parsesmileys($rows['forum_detail'])));
                $posts = $this->getTotalPosts($rows['forum_thread_user_id']);
                $reg_date = $this->getRegDateFromUserID($rows['forum_thread_user_id']);
                $postTime = $rows['forum_thread_datetime'];
            }
            if ($post == 1) {
                $postUserId = $rows['forum_post_user_id'];
                $topic = censor_words(ucfirst(parseubb(parsesmileys($rows['forum_post_title']))));
                $detail = censor_words(parseubb(parsesmileys($rows['forum_post_content'])));
                $name = ucfirst(getUserName($rows['forum_post_user_id']));
                $posts = $this->getTotalPosts($rows['forum_post_user_id']);
                $reg_date = $this->getRegDateFromUserID($rows['forum_post_user_id']);
                $postTime = $rows['forum_post_datetime'];
                $threadUserId = $postUserId;
            }
            $datetime = date("Y-m-d H:i:s") - $postTime;
            $threadHtml = '<tr class="ThreadHeadRow" cellspacing="10">
					        <td class="forumThreadRow"><strong> ' . $topic . ' </strong><br />' . '<img src="' . $temp . '/post_icon.gif" /><small>&nbsp&nbsp by ' . $name . ' </a>' . ' on ' . $postTime . ' </small>';
            if ($post == 1) {
                if ($r['allow_like_posts'] == 1) {
                    $likequery = "SELECT * from `forum_like` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='" . $rows['forum_post_id'] . "' AND `like_status`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}' ";
                    $likeres = mysql_query($likequery);
                    $likeres = mysql_num_rows($likeres);
                    $dlikequery = "SELECT * from `forum_like` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='" . $rows['forum_post_id'] . "' AND `like_status`='0' AND `page_modulecomponentid`='{$this->moduleComponentId}' ";
                    $dlikeres = mysql_query($dlikequery);
                    $dlikeres = mysql_num_rows($dlikeres);
                    $threadHtml .= '<br /><small> ' . $likeres . ' people like this post</small> &nbsp&nbsp&nbsp';
                    $threadHtml .= '<small> ' . $dlikeres . ' people dislike this post</small><br />';
                }
            }
            $threadHtml .= '</td>
					        <td class="forumThreadRow" width="25%" rowspan="2"><strong> ' . $name . ' </a><br />';
            if ($threadUserId > 0) {
                if ($threadUserId == $userId) {
                    $lastLogin = $_SESSION['last_to_last_login_datetime'];
                } else {
                    $lastLogin = $this->getLastLogin($threadUserId);
                }
                $moderator = getPermissions($threadUserId, getPageIdFromModuleComponentId("forum", $this->moduleComponentId), "moderate");
                if ($moderator) {
                    $threadHtml .= "Moderator";
                } else {
                    $threadHtml .= "Member";
                }
                $content = 'content' . $count;
                $text = 'text' . $count;
                $threadHtml .= <<<PRE
\t\t\t\t\t\t</strong><br /><br />
\t\t\t\t\t\t<script type="text/javascript" languauge="javascript" src="{$js}"></script>
\t\t\t\t\t\t<a id="{$text}" href="javascript:toggle('{$content}','{$text}');" >Show Details</a><br />
\t\t\t\t\t\t<div id="{$content}" style="display: none;"><small>Posts: {$posts} <br />Joined: {$reg_date} <br />Last Visit:
\t\t\t\t\t\t{$lastLogin} </small></div>
PRE;
                if ($post == 1 && $userId > 0 && ($r['allow_delete_posts'] == 1 || $r['allow_like_posts'] == 1)) {
                    //$threadHtml .= '<tr><td colspan="2" align="right">';
                    if ($r['allow_delete_posts'] == 1) {
                        if ($post == 1 && $userId > 0 && $userId == $rows['forum_post_user_id']) {
                            $threadHtml .= '<br /><a href="+view&subaction=delete_post&thread_id=' . $thread_id . '&post_id=' . $rows['forum_post_id'] . '">' . '<img src="' . $temp . '/delete1.gif"></a></span>';
                        }
                    }
                    if ($r['allow_like_posts'] == 1) {
                        if ($userId > 0 && $post == 1) {
                            $postId = $rows['forum_post_id'];
                            $qu = " SELECT * FROM `forum_like` WHERE `forum_like_user_id` = '{$userId}' AND`forum_thread_id` = '{$thread_id}' AND `forum_post_id` = '{$postId}' AND `page_modulecomponentid`='{$this->moduleComponentId}' AND `like_status`='1'";
                            $re = mysql_query($qu);
                            $qu1 = " SELECT * FROM `forum_like` WHERE `forum_like_user_id` = '{$userId}' AND`forum_thread_id` = '{$thread_id}' AND `forum_post_id` = '{$postId}' AND `page_modulecomponentid`='{$this->moduleComponentId}' AND `like_status`='0'";
                            $re1 = mysql_query($qu1);
                            if (mysql_num_rows($re) == 0 && mysql_num_rows($re1) == 0) {
                                $threadHtml .= '  <a href="+view&subaction=like_post&thread_id=' . $thread_id . '&post_id=' . $rows['forum_post_id'] . '">' . '  <img title="Like this post" src="' . $temp . '/like.gif"></a></span>';
                                $threadHtml .= '  <a href="+view&subaction=dislike_post&thread_id=' . $thread_id . '&post_id=' . $rows['forum_post_id'] . '">' . '  <img title="Dislike this post" src="' . $temp . '/unlike.gif"></a></span>';
                            } else {
                                if (mysql_num_rows($re) > 0) {
                                    $threadHtml .= '<br /> You Like this post';
                                } else {
                                    $threadHtml .= '<br /> You Dislike this post';
                                }
                            }
                        }
                    }
                    //$threadHtml .= '</td></tr>';
                }
            }
            $threadHtml .= <<<PRE
\t        </td>
\t        </tr>
\t        <tr>
\t        <td class="forumThreadRow"> <br />{$detail} </td>
\t        </tr>
PRE;
            $threadHtml .= '<tr><td class="blank" colspan="2"></td></tr>';
            $forumHtml .= $threadHtml;
        }
        return $forumHtml;
    }
Beispiel #19
0
function getGroupsFromUserId($userId)
{
    $groupQuery = 'SELECT `' . MYSQL_DATABASE_PREFIX . 'groups`.`group_id`, `group_name`, `group_description`, `form_id` FROM `' . MYSQL_DATABASE_PREFIX . 'groups`, `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = \'' . $userId . '\' AND `' . MYSQL_DATABASE_PREFIX . 'groups`.`group_id` = `' . MYSQL_DATABASE_PREFIX . 'usergroup`.`group_id`';
    $groupResult = mysql_query($groupQuery);
    if (!$groupResult) {
        displayerror($groupQuery . '<br />' . mysql_error());
    }
    $groupRows = array();
    while ($groupRow = mysql_fetch_assoc($groupResult)) {
        $groupRows[] = $groupRow;
    }
    return $groupRows;
}
Beispiel #20
0
    public function actionFaculty()
    {
        if (isset($_POST["updateDetail"]) && isset($_POST["facultyId"]) && $_POST["updateDetail"] != "" && $_POST["facultyId"] != "") {
            $facultyId = intval($_POST["facultyId"]);
            if (!is_int($facultyId)) {
                return;
            }
            $facultyDetail = addslashes($_POST["updateDetail"]);
            $facultyId = addslashes($facultyId);
            $updateFacultyDataQuery = "UPDATE `faculty_data` SET `faculty_data`='{$facultyDetail}' WHERE `faculty_dataId`={$facultyId} AND ";
            $upDateFacultyDataQuery .= "`page_moduleComponentId`={$this->moduleComponentId}";
            $updateFacultyDataData = mysql_query($updateFacultyDataQuery);
        }
        if (isset($_POST["updateSectionDetail"]) && isset($_POST["SectionDetail"])) {
            if ($_POST["updateSectionDetail"] != "" && $_POST["SectionDetail"] != "") {
                $facultyId = intval($_POST["SectionDetail"]);
                if (!is_int($facultyId)) {
                    return;
                }
                $facultyDetail = addslashes($_POST["SectionDetail"]);
                $facultyId = addslashes($facultyId);
                $updateFacultyDataQuery = "UPDATE `faculty_template` SET `template_sectionName`='{$facultyDetail}' WHERE ";
                $updateFacultyDataQuery .= "`template_sectionId`={$facultyId} AND `page_moduleComponentId`={$this->moduleComponentId}";
                $updateFacultyDataData = mysql_query($updateFacultyDataQuery);
            }
        }
        if (isset($_POST["addFacultyData"]) && $_POST["addFacultyData"] != "" && isset($_POST["sectionId"]) && $_POST["sectionId"] != "") {
            $sectionId = intval($_POST["sectionId"]);
            if (!is_int($sectionId)) {
                return;
            }
            $addDetail = addslashes($_POST["addFacultyData"]);
            $sectionId = addslashes($sectionId);
            $checkMaxValReached = "SELECT * FROM `faculty_template` WHERE `template_sectionId`={$sectionId}";
            $checkMaxValReachedQuery = mysql_query($checkMaxValReached);
            $maxSectionLimit = mysql_fetch_assoc($checkMaxValReachedQuery);
            $maxSection = "SELECT * FROM `faculty_data` WHERE `faculty_sectionId`={$sectionId} AND ";
            $maxSection .= "`page_moduleComponentId`={$this->moduleComponentId}";
            $maxSectionQuery = mysql_query($maxSection);
            if (mysql_num_rows($maxSectionQuery) < intval($maxSectionLimit['template_sectionLimit'])) {
                $addFacultyDetail = "INSERT INTO `faculty_data` (`faculty_sectionId`,`faculty_data`,`page_moduleComponentId`) VALUES ";
                $addFacultyDetail .= "({$sectionId},'{$addDetail}',{$this->moduleComponentId})";
                $addFacultyDetailQuery = mysql_query($addFacultyDetail);
            } else {
                echo "Limit Exceeded";
                exit;
            }
        }
        if (isset($_POST["DeleteFacultyId"]) && $_POST["DeleteFacultyId"] != "") {
            $facultyId = intval($_POST["DeleteFacultyId"]);
            $facultyId = addslashes($facultyId);
            $deleteData = "DELETE FROM `faculty_data` WHERE `page_moduleComponentId`={$this->moduleComponentId} AND `faculty_dataId`={$facultyId}";
            $deleteQuery = mysql_query($deleteData);
        }
        if (isset($_POST["facultyName"]) && isset($_POST["facultyEmail"])) {
            if ($_POST["facultyName"] != "") {
                $facultyName = addslashes($_POST["facultyName"]);
                $updateFacultyNameQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_title`='{$facultyName}' WHERE ";
                $updateFacultyNameQuery .= "`page_modulecomponentid`={$this->moduleComponentId} AND `page_module`='faculty'";
                $updateFacultyNameData = mysql_query($updateFacultyNameQuery);
            }
            if ($_POST["facultyEmail"] != "") {
                $facultyEmail = addslashes($_POST["facultyEmail"]);
                $updateFacultyEmailQuery = "UPDATE `faculty_module` SET `email`='{$facultyEmail}' WHERE ";
                $updateFacultyEmailQuery .= "`page_moduleComponentId`={$this->moduleComponentId}";
                $updateFacultyEmailData = mysql_query($updateFacultyEmailQuery) or displayerror(mysql_error());
            }
        }
        global $urlRequestRoot, $sourceFolder, $cmsFolder, $templateFolder, $moduleFolder, $urlRequestRoot;
        require_once "{$sourceFolder}/{$moduleFolder}/faculty/template_edit.php";
        require_once $sourceFolder . "/upload.lib.php";
        $facultyDetail = "";
        $getImage = "SELECT * FROM `faculty_module` WHERE `page_moduleComponentId`={$this->moduleComponentId}";
        $getImageQuery = mysql_query($getImage);
        $isExistPh = mysql_fetch_assoc($getImageQuery);
        $facultyDetail .= <<<IMG
\t\t<img src="{$isExistPh['photo']}" />
IMG;
        $facultyDetail .= '<br />Upload files : <br />';
        $facultyDetail .= getFileUploadForm($this->moduleComponentId, "faculty", './+faculty', UPLOAD_SIZE_LIMIT, 1, "facultyProfilePic") . '</fieldset>';
        if (isset($_FILES["facultyProfilePic"])) {
            $checkImageExist = "SELECT * FROM `faculty_module` WHERE `page_moduleComponentId`={$this->moduleComponentId}";
            $checkImageExistQuery = mysql_query($checkImageExist);
            $isExistPh = mysql_fetch_assoc($checkImageExistQuery);
            if ($isExistPh["photo"] != NULL) {
                if (!deleteFile($this->moduleComponentId, 'faculty', $isExistPh["photo"])) {
                    displayerror("Unable to Update");
                    return false;
                }
            }
            $allowableTypes = array('jpeg', 'jpg', 'png', 'gif');
            $fileUpload = submitFileUploadForm($this->moduleComponentId, "faculty", $this->userId, UPLOAD_SIZE_LIMIT, $allowableTypes, 'facultyProfilePic');
            $updatePhoto = "UPDATE `faculty_module` SET `photo`='{$fileUpload[0]}' WHERE `page_moduleComponentId`={$this->moduleComponentId}";
            $updatePhotoQuery = mysql_query($updatePhoto) or displayerror(mysql_error());
        }
        $pageName = getPageTitle(getPageIdFromModuleComponentId("faculty", $this->moduleComponentId));
        $emailId = getEmailForFaculty($this->moduleComponentId);
        $facultyDetail .= <<<ChangeName
\t    <form action="./+faculty" method="POST">
\t       <table border="1">
\t         <tr>
\t           <td>Faculty Name:</td><td><input type="text" name="facultyName" value="{$pageName}"/></td>
\t         </tr>
\t         <tr>
\t           <td>Email:</td><td> <input type="text" name="facultyEmail" value="{$emailId}"/></td>
\t         </tr>
\t         <tr>
\t           <td colspan="2"><input type="submit"/></td>
\t         </tr>
               </table>
\t    </form>
ChangeName;
        $folder = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/faculty/main.js";
        $facultyDetail .= "<script type='text/javascript' src='{$folder}'></script>";
        $templateId = getTemplateId($this->moduleComponentId);
        $sectionDetail = getTemplateDataFromModuleComponentId($this->moduleComponentId);
        while ($sectionDetailArray = mysql_fetch_assoc($sectionDetail)) {
            $sectionId = $sectionDetailArray['template_sectionId'];
            $facultyDetail .= <<<facultyName
\t      <h2>{$sectionDetailArray['template_sectionName']}
facultyName;
            $facultyDetail .= "</h2><hr/>";
            $facultyDetail .= printFacultyDataWithLiFaculty($sectionId, $this->moduleComponentId, 0);
            $sectionChildNode1DetailQuery = "SELECT * FROM `faculty_template` WHERE `template_id`={$templateId} AND ";
            $sectionChildNode1DetailQuery .= "`template_sectionParentId`={$sectionDetailArray['template_sectionId']}";
            $sectionChildNode1DetailResult = mysql_query($sectionChildNode1DetailQuery);
            while ($sectionChildNode1DetailArray = mysql_fetch_assoc($sectionChildNode1DetailResult)) {
                $facultyDetail .= printFacultyDataWithLiFaculty($sectionChildNode1DetailArray['template_sectionId'], $this->moduleComponentId, 1);
                $sectionChildNode2DetailQuery = "SELECT * FROM `faculty_template` WHERE `template_id`={$templateId} AND ";
                $sectionChildNode2DetailQuery .= "`template_sectionParentId`={$sectionChildNode1DetailArray['template_sectionId']}";
                $sectionChildNode2DetailResult = mysql_query($sectionChildNode2DetailQuery);
                while ($sectionChildNode2DetailArray = mysql_fetch_assoc($sectionChildNode2DetailResult)) {
                    $facultyDataChild = printFacultyDataWithLi($sectionChildNode2DetailArray['template_sectionId'], $this->moduleComponentId, 1);
                    $facultyDetail .= <<<facultyName
\t       <h4>{$facultyDataChild}</h4>
facultyName;
                }
            }
        }
        return $facultyDetail;
    }
Beispiel #21
0
function profile($userId, $forEditRegistrant = false)
{
    global $sourceFolder, $moduleFolder;
    if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'uploadnew') {
        require_once "{$sourceFolder}/upload.lib.php";
        //Upload profile image
        $allowableTypes = array('jpeg', 'jpg', 'png', 'gif');
        $fakeModuleComponentId = $userId;
        $uploadSuccess = submitFileUploadForm($fakeModuleComponentId, "profile", $userId, 512 * 1024, $allowableTypes, 'profileimage');
        if (!is_array($uploadSuccess) && $uploadSuccess === false) {
            displayerror("Profile image could not be uploaded. Maximum size should be 512 KB.");
        } else {
            if (is_array($uploadSuccess)) {
                //Deleting old profile image
                $profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
                foreach ($profileimgnames as $img) {
                    if ($img['upload_filename'] != $uploadSuccess[0]) {
                        deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
                    }
                }
            }
        }
    } else {
        if (isset($_POST['profileimgaction']) && $_POST['profileimgaction'] == 'noimage') {
            require_once "{$sourceFolder}/upload.lib.php";
            $fakeModuleComponentId = $userId;
            $profileimgnames = getUploadedFiles($fakeModuleComponentId, 'profile');
            foreach ($profileimgnames as $img) {
                deleteFile($fakeModuleComponentId, 'profile', $img['upload_filename']);
            }
        }
    }
    /// Retrieve existing information
    $profileQuery = 'SELECT `user_name`, `user_fullname`, `user_password` FROM `' . MYSQL_DATABASE_PREFIX . 'users` WHERE `user_id` = \'' . $userId . "'";
    $profileResult = mysql_query($profileQuery);
    if (!$profileResult) {
        displayerror('An error occurred while trying to process your request.<br />' . mysql_error() . '<br />' . $profileQuery);
        return '';
    }
    $profileRow = mysql_fetch_row($profileResult);
    $newUserName = $userName = $profileRow[0];
    $newUserFullname = $userFullname = $profileRow[1];
    $userPassword = $profileRow[2];
    require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
    require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
    /// Check if the user is trying to see the profile form, or has already submitted it
    if (isset($_POST['btnSubmitProfile'])) {
        if ($forEditRegistrant || !isProfileFormCaptchaEnabled() || submitCaptcha()) {
            if (!$forEditRegistrant) {
                $passwordValidated = false;
                if (isset($_POST['user_password']) && $_POST['user_password'] != '' && md5($_POST['user_password']) == $userPassword) {
                    $passwordValidated = true;
                }
            }
            $updates = array();
            if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $userName) {
                $updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'";
                $newUserName = escape($_POST['user_name']);
            }
            if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $userFullname) {
                $updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'";
                $newUserFullname = escape($_POST['user_fullname']);
            }
            $errors = true;
            if (!$forEditRegistrant && $_POST['user_newpassword'] != '') {
                if (!$passwordValidated) {
                    displayerror('Error! The current password you entered was incorrect.');
                } elseif ($_POST['user_newpassword'] != $_POST['user_newrepassword']) {
                    displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');
                } elseif ($_POST['user_newpassword'] == $_POST['user_password']) {
                    displayerror('Error! The old and new passwords are the same.');
                } else {
                    $updates[] = "`user_password` = MD5('" . escape($_POST['user_newpassword']) . "')";
                    $errors = false;
                }
            } else {
                $errors = false;
            }
            if (count($updates) > 0) {
                $profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = '{$userId}'";
                $profileResult = mysql_query($profileQuery);
                if (!$profileResult) {
                    displayerror('An error was encountered while attempting to process your request.');
                    $errors = true;
                }
                $userName = $newUserName;
                $userFullname = $newUserFullname;
                if (!$forEditRegistrant) {
                    setAuth($userId);
                }
            }
            $errors = !submitRegistrationForm(0, $userId, true, true) || $errors;
            if (!$errors) {
                displayinfo('All fields updated successfully!<br />' . '<input type="button" onclick="history.go(-2)" value="Go back" />');
            }
        }
    }
    return getProfileForm($userId, $userName, $userFullname, $forEditRegistrant);
}
Beispiel #22
0
function updatePageInheritedInfo($pageId, $inheritedInfo)
{
    $prevInheritedInfo = '';
    $inheritedPageId = getPageInheritedInfo($pageId, $prevInheritedInfo);
    if ($inheritedPageId == $pageId) {
        if ($inheritedInfo == '') {
            $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'inheritedinfo` WHERE `page_inheritedinfoid` = (SELECT `page_inheritedinfoid` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_id` = \'' . $pageId . '\')';
            mysql_query($deleteQuery);
            $updateQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'pages` SET `page_inheritedinfoid` = -1 WHERE `page_id` = \'' . $pageId . "'";
            if (!mysql_query($updateQuery)) {
                displayerror('Could not remove the current page\'s inherited information. Database error.');
            }
        } else {
            $updateQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'inheritedinfo` SET `page_inheritedinfocontent` = \'' . $inheritedInfo . '\' WHERE `page_inheritedinfoid` = (SELECT `page_inheritedinfoid` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_id` = \'' . $pageId . '\')';
            if (!mysql_query($updateQuery)) {
                displayerror('Could not update the current page\'s inherited information. Database error.');
            }
        }
    } else {
        if ($inheritedInfo != '' && $inheritedInfo != $prevInheritedInfo) {
            /// Original inherited info came from a different page
            $newIdQuery = 'SELECT MAX(`page_inheritedinfoid`) FROM `' . MYSQL_DATABASE_PREFIX . 'inheritedinfo`';
            $newIdResult = mysql_query($newIdQuery);
            $newIdRow = mysql_fetch_row($newIdResult);
            $newId = 1;
            if (!is_null($newIdRow[0])) {
                $newId = $newIdRow[0] + 1;
            }
            $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'inheritedinfo`(`page_inheritedinfoid`, `page_inheritedinfocontent`) VALUES (\'' . $newId . '\', \'' . $inheritedInfo . '\')';
            if (!mysql_query($insertQuery)) {
                displayerror('Could not add inherited information to the current page. Database error.');
            }
            $updateQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'pages` SET `page_inheritedinfoid` = \'' . $newId . '\' WHERE `page_id` = \'' . $pageId . "'";
            if (!mysql_query($updateQuery)) {
                displayerror('Could not add inherited information to the current page. Database error.');
            }
        }
    }
}
Beispiel #23
0
/** Undocumented Function.
 * Basically performs the whole login routine
 * @todo Document it
 */
function login()
{
    $allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'";
    $allow_login_result = mysql_query($allow_login_query);
    $allow_login_result = mysql_fetch_array($allow_login_result);
    if (isset($_GET['subaction'])) {
        if ($_GET['subaction'] == "resetPasswd") {
            return resetPasswd($allow_login_result[0]);
        }
        if ($allow_login_result[0]) {
            if ($_GET['subaction'] == "register") {
                require_once "registration.lib.php";
                return register();
            }
        }
        global $openid_enabled;
        if ($openid_enabled == 'true' && $allow_login_result[0]) {
            if ($_GET['subaction'] == "openid_login") {
                if (isset($_POST['process'])) {
                    $openid_url = trim($_POST['openid_identifier']);
                    openid_endpoint($openid_url);
                }
            }
            if ($_GET['subaction'] == "openid_verify") {
                if ($_GET['openid_mode'] != "cancel") {
                    $openid_url = $_GET['openid_identity'];
                    // Get the user's OpenID Identity as returned to us from the OpenID Provider
                    $openid = new Dope_OpenID($openid_url);
                    //Create a new Dope_OpenID object.
                    $validate_result = $openid->validateWithServer();
                    //validate to see if everything was recieved properly
                    if ($validate_result === TRUE) {
                        $userinfo = $openid->filterUserInfo($_GET);
                        return openid_login($userinfo);
                    } else {
                        if ($openid->isError() === TRUE) {
                            // Else if you're here, there was some sort of error during processing.
                            $the_error = $openid->getError();
                            $error = "Error Code: {$the_error['code']}<br />";
                            $error .= "Error Description: {$the_error['description']}<br />";
                        } else {
                            //Else validation with the server failed for some reason.
                            $error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
                        }
                    }
                } else {
                    displayerror("User cancelled the OpenID authorization");
                }
            }
            if ($_GET['subaction'] == "openid_pass") {
                if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
                    displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
                    return;
                } else {
                    $openid_url = $_SESSION['openid_url'];
                    $openid_email = $_SESSION['openid_email'];
                    unset($_SESSION['openid_url']);
                    unset($_SESSION['openid_email']);
                    if (!isset($_POST['user_password'])) {
                        displayerror("Empty Passwords not allowed");
                        return;
                    }
                    $user_passwd = $_POST['user_password'];
                    $info = getUserInfo($openid_email);
                    if (!$info) {
                        displayerror("No user with Email {$openid_email}");
                    } else {
                        $check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd);
                        if ($check) {
                            //Password was correct. Link the account
                            $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")";
                            $result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account");
                            if ($result) {
                                displayinfo("Account successfully Linked. Log In one more time to continue.");
                            }
                        } else {
                            displayerror("The password you specified was incorrect");
                        }
                    }
                }
            }
            if ($_GET['subaction'] == "quick_openid_reg") {
                if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
                    displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
                    return;
                } else {
                    $openid_url = $_SESSION['openid_url'];
                    $openid_email = $_SESSION['openid_email'];
                    unset($_SESSION['openid_url']);
                    unset($_SESSION['openid_email']);
                    if (!isset($_POST['user_name']) || $_POST['user_name'] == "") {
                        displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
                        return;
                    }
                    $openid_fname = escape($_POST['user_name']);
                    //Now let's start making the dummy user
                    $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');";
                    $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account");
                    if ($result) {
                        $id = mysql_insert_id();
                        $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")";
                        $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account");
                        if ($result) {
                            displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
                        }
                    }
                    return "";
                }
            }
        }
    }
    if (!isset($_POST['user_email'])) {
        return loginForm($allow_login_result[0]);
    } else {
        /*if it is, 
          then userLDAPVerify($user_email,$user_passwd);
          if the password is correct, update his password in DB
          else $dontloginLDAP = true;
          }
          else {
          if(userLDAPVerify($user_email,$user_passwd)) {
          create his row in DB with loginmethod = ldap and user_activated = 1
          (for this, use the createUser funciton in common.lib.php)
          }
          }*/
        global $cookieSupported;
        $login_status = false;
        if ($cookieSupported == true) {
            if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
                displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
                return loginForm($allow_login_result[0]);
            } else {
                $user_email = escape($_POST['user_email']);
                $user_passwd = escape($_POST['user_password']);
                $login_method = '';
                if (!check_email($user_email)) {
                    displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator");
                    return loginForm($allow_login_result[0]);
                }
                if ($temp = getUserInfo($user_email)) {
                    // check if exists in DB
                    $login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd);
                    // This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old.
                    if ($login_status) {
                        updateUserPassword($user_email, $user_passwd);
                    }
                    //update passwd in db
                } else {
                    //if user is not in db
                    global $authmethods;
                    if (strpos($user_email, '@') > -1) {
                        $tmp = explode('@', $user_email);
                        $user_name = $tmp[0];
                        $user_domain = strtolower($tmp[1]);
                    } else {
                        $user_name = $user_email;
                    }
                    if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) {
                        if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) {
                            $login_method = 'imap';
                        }
                    } elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) {
                        if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) {
                            $login_method = 'ads';
                        }
                    } elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) {
                        if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) {
                            $login_method = 'ldap';
                        }
                    }
                    if ($login_status) {
                        //create new user in db and activate the user (only if user's login is valid)
                        $user_fullname = strtoupper($user_name);
                        $user_md5passwd = md5($user_passwd);
                        $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
                        mysql_query($query) or die(mysql_error() . " creating new user !");
                    } else {
                        displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user"));
                    }
                }
                if ($login_status) {
                    $temp = getUserInfo($user_email);
                    if (!$temp['user_activated']) {
                        displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
                        // if user exists in db and admin has set user_activated = false delibrately
                        // then it means that the user has been denied access !!!
                    } else {
                        $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'";
                        mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
                        $_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin'];
                        setAuth($temp['user_id']);
                        //exit();
                        //displayinfo("Welcome " . $temp['user_name'] . "!");
                        return $temp['user_id'];
                    }
                } else {
                    displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
                    return loginForm($allow_login_result[0]);
                }
            }
            return 0;
        } else {
            showCookieWarning();
            return 0;
        }
    }
}
Beispiel #24
0
/**
 * fuction getQuizCorrectForm:
 * returns form where user answers submissions will be displayed, marks can be alloted for subjective answers
 */
function getQuizCorrectForm($quizId, $userId)
{
    $marks = mysql_fetch_array(mysql_query("SELECT SUM(`quiz_marksallotted`) AS `total`, MIN(`quiz_attemptstarttime`) AS `starttime`, MAX(`quiz_submissiontime`) AS `finishtime`, TIMEDIFF(MAX(`quiz_submissiontime`), MIN(`quiz_attemptstarttime`)) AS `timetaken` FROM `quiz_userattempts` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$quizId}'"));
    $title = mysql_fetch_array(mysql_query("SELECT `quiz_title` FROM `quiz_descriptions` WHERE `page_modulecomponentid` = '{$quizId}'"));
    $correctFormHtml = "";
    $sectionHead = "";
    $sections = mysql_query("SELECT `quiz_sections`.`quiz_sectiontitle` AS `quiz_sectiontitle`, `quiz_sections`.`quiz_sectionid` AS `quiz_sectionid`, `quiz_marksallotted` FROM `quiz_userattempts` JOIN `quiz_sections` ON `quiz_userattempts`.`quiz_sectionid` = `quiz_sections`.`quiz_sectionid` WHERE `user_id` = '{$userId}' AND `quiz_userattempts`.`page_modulecomponentid` = '{$quizId}' AND `quiz_sections`.`page_modulecomponentid` = '{$quizId}'");
    while ($sectionsRow = mysql_fetch_array($sections)) {
        $correctFormHtml .= "<h4>{$sectionsRow['quiz_sectiontitle']}(Marks: {$sectionsRow['quiz_marksallotted']})</h4>";
        $sectionHead .= "<td><b>{$sectionsRow['quiz_sectiontitle']}</b> section marks: {$sectionsRow['quiz_marksallotted']}</td>";
        $questionQuery = "SELECT `quiz_questions`.`quiz_questionid` AS `quiz_questionid`, " . "`quiz_questions`.`quiz_question` AS `quiz_question`, `quiz_questiontype`, " . "`quiz_rightanswer`, `quiz_submittedanswer`, `quiz_marksallotted`,`quiz_questions`.`quiz_sectionid` " . "FROM `quiz_questions`, `quiz_answersubmissions` WHERE " . "`quiz_questions`.`page_modulecomponentid` = '{$quizId}' AND " . "`quiz_questions`.`page_modulecomponentid` = `quiz_answersubmissions`.`page_modulecomponentid` AND " . "`quiz_questions`.`quiz_sectionid` = `quiz_answersubmissions`.`quiz_sectionid` AND " . "`quiz_questions`.`quiz_questionid` = `quiz_answersubmissions`.`quiz_questionid` AND " . "`quiz_questions`.`quiz_sectionid` = '{$sectionsRow['quiz_sectionid']}' AND " . "`user_id` = '{$userId}' ORDER BY `quiz_answersubmissions`.`quiz_questionrank`";
        $questionResult = mysql_query($questionQuery);
        if (!$questionResult) {
            displayerror($questionQuery . '<br />' . mysql_error());
        }
        while ($questionRow = mysql_fetch_assoc($questionResult)) {
            $correctFormHtml .= '<table class="quiz_' . (is_null($questionRow['quiz_marksallotted']) || floatval($questionRow['quiz_marksallotted']) <= 0 ? 'wrong' : 'right') . "answer\"><tr><td colspan=\"2\">{$questionRow['quiz_question']}</td></tr>\n";
            if ($questionRow['quiz_questiontype'] == 'subjective') {
                $submittedAnswers = array();
                $submittedAnswers[] = $questionRow['quiz_submittedanswer'];
                $correctAnswers = array();
                $correctAnswers[] = $questionRow['quiz_rightanswer'];
                $correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Submitted Answer:</td><td>' . implode("<br />\n", $submittedAnswers) . "</td></tr>\n";
                $correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Correct Answer:</td><td>' . implode("<br />\n", $correctAnswers) . "</td></tr>\n";
                $correctFormHtml .= "<tr><td>Mark:</td><td><form method=POST action='./+correct&useremail=" . safe_html($_GET['useremail']) . "'><input type=hidden name=quizid value='{$quizId}'><input type=hidden name=sectionid value={$questionRow['quiz_sectionid']}><input type=hidden name=questionid value={$questionRow['quiz_questionid']}><input type=hidden name=userid value={$userId}><input type=text name=mark size=5 value='{$questionRow['quiz_marksallotted']}'><input type=submit value='Submit' name=btnSetMark></form></td></tr>";
            } elseif ($questionRow['quiz_questiontype'] == 'sso' || $questionRow['quiz_questiontype'] == 'mso') {
                $optionList = getQuestionOptionList($quizId, $sectionsRow['quiz_sectionid'], $questionRow['quiz_questionid']);
                $options = array();
                for ($i = 0; $i < count($optionList); ++$i) {
                    $options[$optionList[$i]['quiz_optionid']] = $optionList[$i];
                }
                $correctAnswers = array();
                $rightAnswerIds = explode('|', $questionRow['quiz_rightanswer']);
                for ($i = 0; $i < count($rightAnswerIds); ++$i) {
                    $correctAnswers[] = $options[$rightAnswerIds[$i]]['quiz_optiontext'];
                }
                $submittedAnswers = array();
                $submittedAnswerIds = explode('|', $questionRow['quiz_submittedanswer']);
                for ($i = 0; $i < count($submittedAnswerIds); ++$i) {
                    $submittedAnswers[] = $options[$submittedAnswerIds[$i]]['quiz_optiontext'];
                }
                $correctFormHtml .= '<tr><td nowrap="nowrap" width="10%">Submitted Answer:</td><td>' . implode("<br />\n", $submittedAnswers) . "</td></tr>\n";
                $correctFormHtml .= "<tr><td nowrap=\"nowrap\" width=\"10%\">Correct Answer:</td><td>" . implode("<br />\n", $correctAnswers) . "</td></tr>\n";
                $correctFormHtml .= "<tr><td>Mark:</td><td>{$questionRow['quiz_marksallotted']}</td></tr>";
            }
            $correctFormHtml .= "</table>\n";
        }
    }
    $quizcorrectinfo = "<h3>{$title['quiz_title']} - Quiz Answers Correct form for user: "******"</h3><form name='userclearform' method='POST' action='./+correct'><a href='./+correct'>&lt;&lt;Back</a> &nbsp;&nbsp;&nbsp;<input type='hidden' name='hdnUserId' id='hdnUserId' value='{$userId}' /><input type='submit' name='btnDeleteUser' id='btnDeleteUser' value='Reject Submission' /></form><table width=100%><tr><td>Total marks: {$marks['total']}</td>{$sectionHead}<td>Start time: {$marks['starttime']}</td><td>Finish time: {$marks['finishtime']}</td><td>Time taken: {$marks['timetaken']}</td></tr></table>";
    $correctFormHtml .= "<a href='./+correct'>&lt;&lt;Back</a>";
    return $quizcorrectinfo . $correctFormHtml;
}
Beispiel #25
0
 private function getProblemPage($contestId)
 {
     $pcode = '';
     if (isset($_GET['pcode'])) {
         $pcode = $_GET['pcode'];
     } else {
         displayerror('Error. Problem code not specified.');
         return '';
     }
     $problemId = $this->getProblemId($contestId, $pcode);
     if ($problemId < 0) {
         displayerror('Error. Invalid problem code specified. Could not find a problem in the current contest with the given problem code.');
         return '';
     }
     global $sourceFolder, $moduleFolder;
     $problemPageHtml = file_get_contents("{$sourceFolder}/{$moduleFolder}/contest/problems/{$contestId}/{$pcode}.html");
     $problemPageHtml .= $this->getSubmitForm($contestId, $problemId);
     return $problemPageHtml;
 }
Beispiel #26
0
    public function actionQahead()
    {
        global $urlRequestRoot, $sourceFolder, $templateFolder, $cmsFolder, $moduleFolder;
        $moduleComponentId = $this->moduleComponentId;
        $userId = $this->userId;
        require_once "{$sourceFolder}/{$moduleFolder}/events/events_common.php";
        require_once "{$sourceFolder}/{$moduleFolder}/events/events_forms.php";
        require_once "{$sourceFolder}/{$moduleFolder}/events/events.config.php";
        require_once $sourceFolder . "/" . $moduleFolder . "/qaos1/excel.php";
        require_once $sourceFolder . "/upload.lib.php";
        if (isset($_GET['subaction'])) {
            if ($_GET['subaction'] == "viewEvent") {
                if (isset($_POST['eventId'])) {
                    $eventId = escape($_POST['eventId']);
                    return displayEventOptions('qahead', $moduleComponentId, $eventId);
                }
            } else {
                if ($_GET['subaction'] == 'getParticipant') {
                    if (isset($_POST['eventId'])) {
                        $eventId = escape($_POST['eventId']);
                        $userId = escape($_POST['userId']);
                        $eventAdd = "<p>SEARCH RESULTS </p>";
                        if ($userId[0] == 'F' || $userId[1] == 'f') {
                            $bookletId = $userId;
                            $userId = getUserIdFromBookletId($moduleComponentId, $userId);
                        } else {
                            if ($userId > 200000 && $userId < 30000) {
                                $userId -= 180000;
                            }
                            $bookletId = getBookletIdFromUserId($userId, $moduleComponentId);
                        }
                        $eventAdd .= searchParticipant('qahead', $pmcId, 1);
                        $eventAdd .= "<h2>Profile</h2>";
                        $eventAdd .= returnUserProfileDetails($userId);
                        $eventAdd .= "<h2>PR & Hospi Details</h2>";
                        $eventAdd .= "<table><tr style='font-size:10px'>";
                        $eventAdd .= "<th>PR CHECK IN TIME</th>";
                        $eventAdd .= "<th>PR CHECK OUT TIME</th>";
                        $eventAdd .= "<th>AMOUNT RECIEVED AT PR</th>";
                        $eventAdd .= "<th>AMOUNT REFUNDED AT PR</th>";
                        $eventAdd .= "<th>HOSPI CHECK IN TIME</th>";
                        $eventAdd .= "<th>HOSPI CHECK OUT TIME</th>";
                        $eventAdd .= "<th>AMOUNT RECIEVED AT HOSPI</th>";
                        $eventAdd .= "<th>AMOUNT REFUNDED AT HOSPI</th>";
                        $eventAdd .= "<th>No. of days of stay</th></tr>";
                        $prStatus = "SELECT * FROM `prhospi_pr_status` WHERE `user_id`='{$userId}' and `page_moduleComponentId`={$moduleComponentId}";
                        $prQuery = mysql_query($prStatus) or displayerror(mysql_error());
                        $prRows = mysql_fetch_array($prQuery);
                        $checkintime_pr = $prRows['hospi_checkin_time'];
                        $checkoutime_pr = $prRows['hospi_checkpout_time'];
                        $amount_recieved_pr = $prRows['amount_recieved'];
                        $amount_refunded_pr = $prRows['amount_refunded'];
                        $HospiStatus = "SELECT * FROM `prhospi_accomodation_status` WHERE `user_id`='{$userId}' and `page_modulecomponentid`={$moduleComponentId}";
                        $HospiQuery = mysql_query($HospiStatus) or displayerror(mysql_error());
                        $HospiRows = mysql_fetch_array($HospiQuery);
                        $checkintime_hospi = $HospiRows['hospi_actual_checkin'];
                        $checkoutime_hospi = $HospiRows['hospi_actual_checkout'];
                        $amount_recieved_hospi = $HospiRows['hospi_cash_recieved'];
                        $amount_refunded_hospi = $HospiRows['hospi_cash_refunded'];
                        $no_of_days = $HospiRows['no_of_days'];
                        $hospi_room_id = $HospiRows['hospi_room_id'];
                        $eventAdd .= "<td>" . $checkintime_pr . "</td>";
                        $eventAdd .= "<td>" . $checkoutime_pr . "</td>";
                        $eventAdd .= "<td>" . $amount_recieved_pr . "</td>";
                        $eventAdd .= "<td>" . $amount_refunded_pr . "</td>";
                        $eventAdd .= "<td>" . $checkintime_hospi . "</td>";
                        $eventAdd .= "<td>" . $checkoutime_hospi . "</td>";
                        $eventAdd .= "<td>" . $amount_recieved_hospi . "</td>";
                        $eventAdd .= "<td>" . $amount_refunded_hospi . "</td>";
                        $eventAdd .= "<td>{$no_of_days}</td>";
                        $eventAdd .= "</tr></table>";
                        $hostelQuery = "SELECT * FROM `prhospi_hostel` WHERE `hospi_room_id`={$hospi_room_id} and `page_modulecomponentid`={$moduleComponentId}";
                        $hostelQueryResult = mysql_query($hostelQuery) or displayerror(mysql_error());
                        $hostelDetails = mysql_fetch_array($hostelQueryResult);
                        $eventAdd .= "<h2>Hostel Details</h2>";
                        $eventAdd .= "<table>";
                        $eventAdd .= "<th>HOSTEL</th>";
                        $eventAdd .= "<th>FLOOR</th>";
                        $eventAdd .= "<th>ROOM</th>";
                        $eventAdd .= "<tr>";
                        $eventAdd .= "<td>{$hostelDetails['hospi_hostel_name']}</td>";
                        $eventAdd .= "<td>{$hostelDetails['hospi_floor']}</td>";
                        $eventAdd .= "<td>{$hostelDetails['hospi_room_no']}</td>";
                        $eventAdd .= "</tr>";
                        $eventAdd .= "</table>";
                        $eventAdd .= "<h2>Event Details</h2>";
                        $eventAdd .= "<table><tr>";
                        $eventAdd .= "<th>EVENT</th>";
                        $eventAdd .= "<th>EVENT RANK</th>";
                        $eventAdd .= "<th>PRIZE MONEY</th>";
                        $eventAdd .= "<th>TEAMMATES </th>";
                        $userDetails = "SELECT * FROM `events_result`  WHERE `user_id`='{$userId}' and `page_moduleComponentId`={$moduleComponentId}";
                        $userDetailsRows = mysql_query($userDetails) or displayerror(mysql_error());
                        while ($row = mysql_fetch_array($userDetailsRows)) {
                            $eventAdd .= "<tr>";
                            $eventDetails = "SELECT * FROM `events_details` WHERE `event_id`='{$row['event_id']}'";
                            $eventResults = mysql_query($eventDetails) or displayerror(mysql_error());
                            $eventsResults = mysql_fetch_array($eventResults);
                            $eventAdd .= "<td>" . $eventsResults['event_name'] . "</td>";
                            $eventAdd .= "<td>" . $row['user_rank'] . "</td>";
                            $userPrizeDetails = "SELECT * FROM `events_participants` WHERE `user_pid`='{$userId}' ";
                            $userPrizeQuery = mysql_query($userPrizeDetails) or displayerror(mysql_error());
                            $userPrizeRows = mysql_fetch_array($userPrizeQuery);
                            $eventAdd .= "<td>" . $userPrizeRows['prize_money'] . "</td>";
                            $teamMateDetails = "SELECT * FROM `events_participants` WHERE `user_pid`='{$userId}' and `event_id` ='{$row['event_id']}'";
                            displayerror($teamMateDetails);
                            $teamMateQuery = mysql_query($teamMateDetails) or displayerror(mysql_error);
                            $teamMateDetails = mysql_fetch_assoc($teamMateQuery);
                            $teamMates = $teamMateDetails['user_team_id'];
                            $teamMateDetails = "SELECT * FROM `events_participants` WHERE `user_team_id`={$teamMates}  and `event_id` ='{$row['event_id']}'";
                            $teamMateQuery = mysql_query($teamMateDetails) or displayerror(mysql_error);
                            $eventAdd .= "<td>";
                            while ($newRow = mysql_fetch_array($teamMateQuery)) {
                                $eventAdd .= $newRow['user_pid'] . "  ";
                            }
                            $eventAdd .= "</td>";
                        }
                        $eventAdd .= "</table>";
                        return $eventAdd;
                    }
                } else {
                    if ($_GET['subaction'] == 'addParticipant') {
                        if (isset($_POST['eventId'])) {
                            $eventId = escape($_POST['eventId']);
                            $fileUploadableField = getFileUploadField('fileUploadFieldPart', "events");
                            $eventAdd = <<<FORM
                        <p>Upload Event Excel File:</p>
           <form action="./+qahead&subaction=viewEvent" method="post" enctype='multipart/form-data'>
           {$fileUploadableField}
           <input type='hidden' name='eventId' value='{$eventId}'>
           <input type='submit' name='submit' value='Upload'>
           </form>
FORM;
                            return $eventAdd;
                        }
                    } else {
                        if ($_GET['subaction'] == "editParticipant") {
                            $editFormId = escape($_POST['formId']);
                            $editUserId = escape($_POST['userId']);
                            $teamId = escape($_POST['teamId']);
                            $rowValue = escape($_POST['rowValue']);
                            $rowId = escape($_POST['rowId']);
                            $eventId = escape($_POST['eventId']);
                            if (!empty($userId)) {
                                //return $rowId;
                                echo editParticipant('qahead', $moduleComponentId, $eventId, $editFormId, $editUserId, $teamId, $rowValue, $rowId);
                                die;
                            }
                        } else {
                            if ($_GET['subaction'] == "lockEvent") {
                                $eventId = trim(escape($_POST['eventId']));
                                if (!empty($eventId)) {
                                    return lockEvent($moduleComponentId, $eventId);
                                }
                            } else {
                                if ($_GET['subaction'] == 'unlockEvent') {
                                    $eventId = trim(escape($_POST['eventId']));
                                    if (!empty($eventId)) {
                                        return unlockEvent($moduleComponentId, $eventId);
                                    }
                                } else {
                                    if ($_GET['subaction'] == "downloadExcel") {
                                        //$eventId = escape($_POST['eventId']);
                                        //error_log($eventId);
                                        //getUserDetailsTable($moduleComponentId,$eventId);
                                        getUserDetailsTable('qahead', $moduleComponentId, escape($_GET['event_id']));
                                    } else {
                                        if ($_GET['subaction'] == "deleteParticipant") {
                                            $userId = escape($_POST['userId']);
                                            $eventId = escape($_POST['eventId']);
                                            return deleteParticipant($moduleComponentId, $userId, $eventId);
                                        } else {
                                            if ($_GET['subaction'] == "deleteEvent") {
                                                $eventId = escape($_POST['eventId']);
                                                return deleteEventQa($moduleComponentId, $eventId);
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
            /*else if($_GET['subaction'] == "getDetails"){
            			if(isset($_POST['eventId'])){
            				$eventId = escape($_POST['eventId']);
            				return 
            			}
            		}*/
        } else {
            //return displayQa($moduleComponentId);
            return qaHeadOptions($moduleComponentId);
        }
    }
Beispiel #27
0
    /**
     * function actionEdit:
     * @returns HTML Edit interface for book module's properties
     */
    public function actionEdit()
    {
        if (isset($_POST['page_title'])) {
            $tList = "";
            $hList = "";
            $found = false;
            foreach ($_POST as $key => $val) {
                if (substr($key, 0, 7) == "chkPage") {
                    $tList .= substr($key, 7) . ",";
                    if (substr($key, 7) == $_POST['optInitial']) {
                        $found = true;
                    }
                } elseif (substr($key, 0, 8) == "hidePage") {
                    $hList .= substr($key, 8) . ",";
                }
            }
            $tList = rtrim($tList, ",");
            $hList = rtrim($hList, ",");
            if ($found) {
                $this->bookProps['page_title'] = escape($_POST['page_title']);
                $this->bookProps['initial'] = escape($_POST['optInitial']);
                $this->bookProps['list'] = $tList;
                $this->bookProps['menu_hide'] = $hList;
                $this->hideInMenu();
                $query = "UPDATE `book_desc` SET `initial` = '" . escape($_POST['optInitial']) . "', `list` = '{$tList}', `menu_hide` = '{$hList}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'";
                mysql_query($query) or die(mysql_error() . ": book.lib.php L:131");
                $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_title` = '" . $this->bookProps['page_title'] . "' WHERE `page_id` = '{$this->pageId}'";
                mysql_query($query) or die(mysql_error() . ": book.lib.php L:133");
                displayinfo("Book Properties saved properly");
            } else {
                displayerror("You've choosen a hidden sub-page as default which is not possible, so the settings are not saved.");
            }
        }
        $childrenQuery = 'SELECT `page_id`, `page_title`, `page_module`, `page_name`, `page_modulecomponentid` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` = ' . "'" . $this->pageId . "'" . ' AND `page_id` != \'' . $this->pageId . '\' ORDER BY `page_menurank`';
        $result = mysql_query($childrenQuery);
        $table = "";
        $hide_list = explode(",", $this->bookProps['menu_hide']);
        $show_list = explode(",", $this->bookProps['list']);
        if (mysql_num_rows($result)) {
            $table = "<table><thead><td>Initial</td><td>Show in Tab</td><td>Hide in Menu</td><td>Page</td></thead>";
            while ($row = mysql_fetch_assoc($result)) {
                $radio = "";
                if ($row['page_id'] == $this->bookProps['initial']) {
                    $radio = "checked";
                }
                $checkbox = "";
                $hide_checkbox = "";
                if (in_array($row['page_id'], $show_list)) {
                    $checkbox = "checked=checked ";
                }
                if (in_array($row['page_id'], $hide_list)) {
                    $hide_checkbox = "checked=checked ";
                }
                $table .= "<tr><td><input type='radio' name='optInitial' value='{$row['page_id']}' {$radio}></td><td><input type=checkbox name='chkPage{$row['page_id']}' {$checkbox}></td><td><input type=checkbox name='hidePage{$row['page_id']}' {$hide_checkbox}></td>";
                if (getPermissions($this->userId, $row['page_id'], "edit")) {
                    $table .= "<td><a href='{$row['page_name']}/+edit'>{$row['page_title']}</a></td></tr>";
                } else {
                    $table .= "<td>{$row['page_title']}</td></tr>";
                }
            }
            $table .= "</table>";
        } else {
            $table = "No child page available<br />";
        }
        $ret = <<<RET
<form action='./+edit' method=POST>
Title: <input type=text name="page_title" value="{$this->bookProps['page_title']}"><br />
{$table}
<input type=submit value=Save>
</form>
RET;
        return $ret;
    }
Beispiel #28
0
 private function saveQueryEditForm($pageTitle, $sqlQuery)
 {
     $updateQuery = "UPDATE `sqlquery_desc` SET `sqlquery_title` = '{$pageTitle}', `sqlquery_query` = '{$sqlQuery}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'";
     $updateResult = mysql_query($updateQuery);
     if (!$updateResult) {
         displayerror('SQL Error. Could not update database settings.');
         return false;
     }
     return true;
 }
Beispiel #29
0
/**
 * function startSection:
 * Marks the section attempted by the user
 */
function startSection($quizId, $sectionId, $userId)
{
    $attemptQuery = "INSERT INTO `quiz_userattempts`(`page_modulecomponentid`, `quiz_sectionid`, `user_id`, `quiz_attemptstarttime`) VALUES " . "('{$quizId}', '{$sectionId}', '{$userId}', NOW())";
    if (!mysql_query($attemptQuery)) {
        displayerror('Database Error. Could not mark section as started.');
        return false;
    }
    return true;
}
Beispiel #30
0
/**
 * Returns permissions of all users and visible groups on a particular page
 * @param $pagepath Array containing the path to the current page
 * @param $modifiableGroups Array containing the groups for which permissions are to be viewed
 * @param $grantableActions Array containing the module => actions for which permissions must be shown
 */
function getAllPermissionsOnPage($pagepath, $modifiableGroups, $grantableActions)
{
    /// $grantableActions is of the form:
    ///   $grantableActions['moduleName_i'] =
    ///			array(
    ///				array1(permid, actionname, actiondescription),
    ///				array2(permid, actionname, actiondescription)
    ///			)
    /// Retrieve Ids and Names of all groups
    $groupIds = array(0, 1);
    $groupNames = array('0' => 'Everyone', '1' => 'Logged In Users');
    ///< Associative array relative group ids to group names
    $groupCount = 2;
    $groupsQuery = 'SELECT `group_id`, `group_name` FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
    $groupsResult = mysql_query($groupsQuery);
    while ($groupsRow = mysql_fetch_row($groupsResult)) {
        $groupIds[] = $groupsRow[0];
        $groupNames[$groupsRow[0]] = $groupsRow[1];
        $groupCount++;
    }
    mysql_free_result($groupsResult);
    /// Retrieve Ids and Names of all users
    $userIds = array(0);
    $userNames = array('0' => 'Anonymous');
    $userCount = 1;
    $usersQuery = 'SELECT `user_id`, `user_name` FROM `' . MYSQL_DATABASE_PREFIX . 'users`';
    $usersResult = mysql_query($usersQuery);
    while ($usersRow = mysql_fetch_row($usersResult)) {
        $userNames[$usersRow[0]] = $usersRow[1];
        $userIds[] = $usersRow[0];
        $userCount++;
    }
    mysql_free_result($usersResult);
    /// $permList: Array of the form
    ///		$permList[$permId] = array($moduleName, $actionName, $actionDescription)
    $permIds = array();
    $permCount = 0;
    $permList = array();
    foreach ($grantableActions as $moduleName => $actionData) {
        if (is_array($actionData) && ($actionCount = count($actionData)) > 0) {
            for ($i = 0; $i < $actionCount; $i++) {
                $permList[$actionData[$i][0]] = array($moduleName, $actionData[$i][1], $actionData[$i][2]);
                $permIds[] = $actionData[$i][0];
                $permCount++;
            }
        }
    }
    if (count($permList) <= 0 || count($pagepath) <= 0) {
        displayerror('Fatal Error: Missing arguments to function.');
        return;
    }
    /// Retrieve all the permissions set on the page path
    /// $groupSetPermissions and $userSetPermissions are arrays of the form
    ///   $<user/group>SetPermissions[pageid][<user/group>id][permid] = true / false / unset
    /// This array will be used later to compute $groupEffectivePermissions and $userEffectivePermission
    $groupSetPermissions = array();
    $userSetPermissions = array();
    $userPermTable = '`' . MYSQL_DATABASE_PREFIX . 'userpageperm`';
    $permListTable = '`' . MYSQL_DATABASE_PREFIX . 'permissionlist`';
    $permQuery = "SELECT `perm_type`, {$userPermTable}.`perm_id` AS `perm_id`, `page_id`, `usergroup_id`, `perm_permission` " . "FROM {$userPermTable}, {$permListTable} WHERE `page_id` IN (" . join($pagepath, ', ') . ") AND " . "{$userPermTable}.`perm_id` IN (" . join($permIds, ', ') . ") AND {$userPermTable}.`perm_id` = {$permListTable}.`perm_id`";
    $permResult = mysql_query($permQuery);
    while ($permRow = mysql_fetch_assoc($permResult)) {
        $pageId = $permRow['page_id'];
        $permId = $permRow['perm_id'];
        $usergroupId = $permRow['usergroup_id'];
        $setPermissions =& $groupSetPermissions;
        if ($permRow['perm_type'] == 'user') {
            $setPermissions =& $userSetPermissions;
        }
        if (!isset($setPermissions[$pageId])) {
            $setPermissions[$pageId] = array();
        }
        if (!isset($setPermissions[$pageId][$usergroupId])) {
            $setPermissions[$pageId][$usergroupId] = array();
        }
        $setPermissions[$pageId][$usergroupId][$permId] = $permRow['perm_permission'] == 'Y' ? true : false;
    }
    /// Now, compute effective permissions for all groups.
    /// Computing for groups first will make things easier for users (yeah, right!)
    $groupEffectivePermissions = array();
    /// Loop 1 counts down through page numbers.
    /// Loop 2 takes each group
    /// Loop 3 takes each permission
    /// Inside loop three, if the groupSetPermissions for pageid, groupid, permid is set,
    ///  check if groupEffectivePermissions has been set for that groupid and permid
    ///    Yes: If groupEffectivePermissions is false, leave it as such. Otherwise, copy setPerm
    ///    No:  copySetPermissions
    ///
    /// $pSP stands for SetPermissions for that particular pageId and
    /// $gSP stands for SetPermissions for that particular groupId on that pageId.
    /// $pSP is a 2D array, and $gSP is a 1D array, respectively (see their initializations)
    /// $gEP stands for Effective Permissions for a group on the current page
    ///      as calculated so far
    /// pSP, gSP and gEP are aimed at reducing the number of times the 3D array needs to be indexed
    ///	and at making the code a little easier to read
    for ($i = count($pagepath) - 1; $i >= 0; $i--) {
        if (!isset($groupSetPermissions[$pagepath[$i]])) {
            continue;
        }
        $pSP =& $groupSetPermissions[$pagepath[$i]];
        for ($j = 0; $j < $groupCount; $j++) {
            if (!isset($pSP[$groupIds[$j]])) {
                continue;
            }
            $gSP =& $pSP[$groupIds[$j]];
            if (!isset($groupEffectivePermissions[$groupIds[$j]])) {
                $groupEffectivePermissions[$groupIds[$j]] = array();
            }
            $gEP =& $groupEffectivePermissions[$groupIds[$j]];
            for ($k = 0; $k < $permCount; $k++) {
                if (isset($gSP[$permIds[$k]])) {
                    if (!isset($gEP[$permIds[$k]]) || $gEP[$permIds[$k]] !== false) {
                        $gEP[$permIds[$k]] = $gSP[$permIds[$k]];
                    }
                }
            }
        }
    }
    /// Now to compute the effective permissions for the users
    $userEffectivePermissions = array();
    for ($i = count($pagepath) - 1; $i >= 0; $i--) {
        if (!isset($userSetPermissions[$pagepath[$i]])) {
            continue;
        }
        $pSP =& $userSetPermissions[$pagepath[$i]];
        for ($j = 0; $j < $userCount; $j++) {
            if (!isset($pSP[$userIds[$j]])) {
                continue;
            }
            $uSP =& $pSP[$userIds[$j]];
            if (!isset($userEffectivePermissions[$userIds[$j]])) {
                $userEffectivePermissions[$userIds[$j]] = array();
            }
            $uEP =& $userEffectivePermissions[$userIds[$j]];
            for ($k = 0; $k < $permCount; $k++) {
                if (isset($uSP[$permIds[$k]])) {
                    if (!isset($uEP[$permIds[$k]]) || $uEP[$permIds[$k]] !== false) {
                        $uEP[$permIds[$k]] = $uSP[$permIds[$k]];
                    }
                }
            }
        }
    }
    /// Get all the groups each user belongs to
    $userGroups = array();
    $groupsQuery = 'SELECT `user_id`, `group_id` FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` ' . 'ORDER BY `user_id`';
    $groupsResult = mysql_query($groupsQuery);
    while ($groupsRow = mysql_fetch_row($groupsResult)) {
        if (!isset($userGroups[$groupsRow[0]])) {
            $userGroups[$groupsRow[0]] = array();
        }
        $userGroups[$groupsRow[0]][] = $groupsRow[1];
    }
    mysql_free_result($groupsResult);
    /// Calculate permissions as far as groups are concerned.
    for ($i = 0; $i < $userCount; $i++) {
        if (!isset($userGroups[$userIds[$i]])) {
            if ($userIds[$i] == 0) {
                continue;
            } else {
                $userGroups[$userIds[$i]] = array(0, 1);
            }
        }
        if (!isset($userEffectivePermissions[$userIds[$i]])) {
            $userEffectivePermissions[$userIds[$i]] = array();
        }
        for ($j = 0; $j < $permCount; $j++) {
            $userGroupCount = count($userGroups[$userIds[$i]]);
            for ($k = 0; $k < $userGroupCount; $k++) {
                if (isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]]) && isset($groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]])) {
                    if (!isset($userEffectivePermissions[$userIds[$i]][$permIds[$j]])) {
                        $userEffectivePermissions[$userIds[$i]][$permIds[$j]] = false;
                    }
                    $userEffectivePermissions[$userIds[$i]][$permIds[$j]] = $userEffectivePermissions[$userIds[$i]][$permIds[$j]] || $groupEffectivePermissions[$userGroups[$userIds[$i]][$k]][$permIds[$j]];
                }
            }
        }
    }
    $sortedGroupPerms = array('Y' => array(), 'N' => array());
    $sortedUserPerms = array('Y' => array(), 'N' => array());
    foreach ($groupEffectivePermissions as $groupid => $data) {
        foreach ($groupEffectivePermissions[$groupid] as $permid => $value) {
            if ($value === true) {
                if (!isset($sortedGroupPerms['Y'][$groupid])) {
                    $sortedGroupPerms['Y'][$groupid] = array();
                }
                $sortedGroupPerms['Y'][$groupid][] = $permid;
            } else {
                if (!isset($sortedGroupPerms['N'][$groupid])) {
                    $sortedGroupPerms['N'][$groupid] = array();
                }
                $sortedGroupPerms['N'][$groupid][] = $permid;
            }
        }
    }
    foreach ($userEffectivePermissions as $userid => $data) {
        foreach ($userEffectivePermissions[$userid] as $permid => $value) {
            if ($value === true) {
                if (!isset($sortedUserPerms['Y'][$userid])) {
                    $sortedUserPerms['Y'][$userid] = array();
                }
                $sortedUserPerms['Y'][$userid][] = $permid;
            } else {
                if (!isset($sortedUserPerms['N'][$userid])) {
                    $sortedUserPerms['N'][$userid] = array();
                }
                $sortedUserPerms['N'][$userid][] = $permid;
            }
        }
    }
    return array($sortedGroupPerms, $sortedUserPerms);
}