require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
$projid = $_GET['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Projects -> Edit: ' . $name, '/pb/');
if ($name == '') {
errAndDie('Project not found.');
}
} else {
emitTop('Peanut Butter -> Edit Project [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Required Information not specified.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
errAndDie('Sorry, only admins/siteadmins may edit projects.');
}
if ($userType == ADMIN && $owner != $userName) {
errAndDie('Sorry, you may only edit your own project.');
}
mysqlSetup();
$sqlquery = "SELECT * FROM `pb_projects`" . " WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
?>
<h2>Edit Project: <?php
<?php
require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
$projid = $_GET['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Posts -> New Post', $_SERVER['PHP_SELF'] . "?projid={$urlprojid}");
if ($name == '') {
print '<h3>Project not found.</h3>';
emitBottom();
die;
}
} else {
errAndDie('Project not specified.');
}
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not post.');
}
if ($isNews && ($userType != ADMIN && $userType != SITEADMIN)) {
errAndDie('Sorry, only admins may create news posts.');
}
?>
<h2>New Post for: <?php
echo $name;
?>
<?php
require_once 'includes/globals.inc';
if (isset($_GET['name'])) {
$name = $_GET['name'];
emitTop('Peanut Butter -> Delete User: '******'/pb/');
} else {
emitTop('Peanut Butter -> Delete User [ERROR]', $_SERVER['PHP_SELF']);
print '<h3>Required information not specified.</h3>';
emitBottom();
die;
}
if ($userType != SITEADMIN) {
print '<h3>Sorry, only siteadmins may delete users.</h3>';
emitBottom();
die;
}
if (isset($_GET['confirmed'])) {
mysqlSetup();
$mname = mysql_escape_string($name);
$sqlquery = "DELETE FROM `pb_users` WHERE `name` = '{$mname}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print '<h3>User Deleted.</h3>';
print "<p><a href=\"accountManagement.php\">Back to Account Management</a></p>";
} else {
$urlname = urlencode($name);
print "<p><a href=\"" . $_SERVER['PHP_SELF'] . "?name={$urlname}&confirmed=1\">Delete user '{$name}'.</a></p>";
}
emitBottom();
<?php
require_once 'includes/globals.inc';
if (isset($_GET['postid'])) {
$postid = $_GET['postid'];
escapes('postid', $postid);
emitTop('Peanut Butter -> Posts -> Delete', '/pb/');
} else {
emitTop('Peanut Butter -> Posts -> Delete [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Required information not specified.');
}
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not delete posts.');
}
mysqlSetup();
escapes('userName', $userName);
if ($userType == NORMAL) {
$sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}' AND `user` = '{$muserName}'";
} else {
$sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}'";
}
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if (!($row = mysql_fetch_assoc($result))) {
errAndDie('You are unable to access this post unless you own it or are an admin/siteadmin.');
}
if ($userType == ADMIN && $row['projid'] == -1 && $userName != $row['user']) {
errAndDie('Admins can only delete their own news posts.');
}
$projid = $row['projid'];
$isNews = isNews($projid);
escapes('projid', $projid);
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Account -> Management', $_SERVER['PHP_SELF']);
if ($userType == SITEADMIN) {
?>
<h2>Site users</h2>
<table class="list">
<thead>
<tr>
<th>User</th>
<th>User Type</th>
<th>Created</th>
<th>Delete User</th>
<th>Promote/Demote User</th>
</tr>
</thead>
<tbody>
<?php
mysqlSetup();
$sqlquery = "SELECT `name`,`category`,`created` FROM `pb_users` ORDER BY `name` ASC";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$rownum = 0;
while ($row = mysql_fetch_row($result)) {
print "<tr>";
$style = '';
if ($rownum++ % 2 == 0) {
$style = ' class="greyed"';
}
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> News', $_SERVER['PHP_SELF']);
mysqlSetup();
$sqlquery = "SELECT `title`,`user`,`added`,`modified`,`text`,`id` FROM `pb_blog` " . " WHERE `projid` = '-1' ORDER BY `modified` DESC LIMIT 10";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
if (isset($_GET['start'])) {
escapes('start', $_GET['start']);
} else {
escapes('start', 0);
}
print "<h3>News:</h3>\n";
if ($count > NUM_ENTRIES) {
$showCount = NUM_ENTRIES;
} else {
$showCount = $count;
}
print "<h3>Posts " . ($start + 1) . "-" . ($start + $showCount) . "</h3>\n";
print "<p>";
$self = $_SERVER['PHP_SELF'];
if ($userType == ADMIN || $userType == SITEADMIN) {
print '<a href="postNew.php?projid=-1">New Post</a> ';
print '<a href="postManagement.php?projid=-1">Manage Posts</a><br /><br />';
}
/***
** Set up links for "newest" "previous" and "next", based upon where we are
** in the results
**/
if (!$start) {
<?php
require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
$projid = $_GET['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Posts -> Save Post for: ' . $name, '/pb/');
if ($name == '') {
print '<h3>Project not found.</h3>';
emitBottom();
die;
}
} else {
errAndDie('Project not specified.');
}
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not post.');
}
if ($isNews && ($userType != ADMIN && $userType != SITEADMIN)) {
errAndDie('Sorry, only admins/siteadmins may post news events.');
}
if (!isset($_POST['text']) || !isset($_POST['title'])) {
errAndDie('Missing data.');
}
mysqlSetup();
require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
$projid = $_GET['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Projects -> Info: ' . $name, $_SERVER['PHP_SELF'] . "?projid={$urlprojid}");
if ($name == '') {
errAndDie('Project not found.');
}
} else {
emitTop('Peanut Butter -> Projects -> Info [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Project id not specified.');
}
mysqlSetup();
$sqlquery = "SELECT * FROM `pb_projects` WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if ($row = mysql_fetch_assoc($result)) {
$name = $row['name'];
?>
<h2><?php
echo $name;
if ($userType == SITEADMIN || $userType == ADMIN && $row['owner'] == $userName) {
print " <a href=\"projectEdit.php?projid={$urlprojid}\">Edit</a>";
print " <a href=\"projectDelete.php?projid={$urlprojid}\">Delete</a>";
}
?>
if (!($row = mysql_fetch_row($result))) {
$keyerr = 1;
} else {
$keywords = $row[0];
$keyowner = $row[1];
$_SESSION['keyname'] = $keyname;
$_SESSION['owner'] = $keyowner;
$_SESSION['words'] = $keywords;
$sqlquery = "UPDATE `pb_searches` SET `lastused` = NOW() WHERE `name` " . " = '{$mKeyname}' LIMIT 1";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
}
mysql_close();
}
}
session_write_close();
emitTop('Peanut Butter -> Projects -> Overview', $_SERVER['PHP_SELF']);
$noStatus = TRUE;
$statusSelected = array();
foreach ($statusEnum as $status) {
if (isset($_GET[str_replace(' ', '_', $status)])) {
$noStatus = FALSE;
$statusSelected[] = $status;
}
}
if ($noStatus) {
$statusSelected = $statusEnum;
}
if ($keyerr) {
print '<p><em>Keyword search name not found.</em></p>';
}
$selOwner = isset($_GET['owner']) ? $_GET['owner'] : '+ALL';
$projid = $_GET['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Posts -> Management', $_SERVER['PHP_SELF'] . "?projid={$urlprojid}");
if ($name == '') {
print '<h3>Project not found.</h3>';
emitBottom();
die;
}
} else {
emitTop('Peanut Butter -> Posts -> Management [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Project not specified.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
errAndDie('Sorry, only admins/siteadmins can manage posts.');
}
if (!$isNews && $userType == ADMIN && $userName != $owner) {
errAndDie('Sorry, admins can only manage posts for their own projects.');
}
?>
<h2>Posts for: <?php
echo $name;
?>
</h2>
<?php
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Searches -> REMOVE', $_SERVER['PHP_SELF']);
if ($userType != ADMIN && $userType != SITEADMIN) {
print '<h3>Sorry, only admins/siteadmins can remove searches.</h3>';
emitBottom();
die;
}
if (!isset($_GET['age'])) {
errAndDie('No age specified.');
}
$age = mysql_escape_string($_GET['age']);
$urlage = urlencode($_GET['age']);
if (isset($_GET['confirm'])) {
mysqlSetup();
$sqlquery = "DELETE FROM `pb_searches` WHERE `lastused` < SUBDATE(NOW(),{$age})";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print "<h3>Searches removed.</h3>";
print '<a href="projectManagement.php">Back to Project Management</a>';
} else {
mysqlSetup();
$sqlquery = "SELECT `name`,`owner`,`lastused` FROM `pb_searches` WHERE " . "`lastused` < SUBDATE(NOW(),{$age}) ORDER BY `name` ASC";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
$es = '';
if ($count != 1) {
$es = 'es';
}
print "<h3>{$count} search{$es} older than {$age} days:</h3>\n";
if ($count) {
<?php
require_once 'includes/globals.inc';
session_start('login');
unset($_SESSION['loggedIn']);
unset($_SESSION['userName']);
unset($_SESSION['userType']);
session_write_close();
emitTop('Peanut Butter -> Logged Out', '/pb/');
?>
<h2>You have been logged out.</h2>
<?php
if (isset($_GET['refer'])) {
print '<p><a href="' . $_GET['refer'] . '">Back to last page</a></p>';
}
?>
<a href="/pb/">Main Page</a>
<?php
emitBottom();
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Searches -> New/Edit', $_SERVER['PHP_SELF']);
if ($userType == VISITOR) {
errAndDie('Sorry, you must be registered to make searches.');
}
if (!isset($_GET['id'])) {
errAndDie('No search specified.');
}
escapes('id', $_GET['id']);
if (isset($_POST['savesearch'])) {
mysqlSetup();
if (!isset($_POST['keywords']) || !isset($_POST['keyname']) || $_POST['keywords'] == '' || $_POST['keyname'] == '') {
print '<h3>Missing information.</h3>';
} else {
escapes('keywords', $_POST['keywords']);
escapes('keyname', $_POST['keyname']);
escapes('username', $userName);
mysqlSetup();
$sqlquery = "UPDATE `pb_searches` SET `name` = '{$mkeyname}', `owner` = " . "'{$musername}', `terms` = '{$mkeywords}', `lastused` = NOW() WHERE " . "`id` = '{$mid}' LIMIT 1";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print '<h3>Search has been saved.</h3>';
print '<a href="projectManagement.php">Back to Project Management</a>';
emitBottom();
die;
}
}
?>
<h3>Enter keywords, separated by commas:</h3>
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> New Project', $_SERVER['PHP_SELF']);
if ($userType != ADMIN && $userType != SITEADMIN) {
print '<h3>Sorry, only admins/siteadmins may create new projects.</h3>';
emitBottom();
die;
}
?>
<h2>New Project</h2>
<form name="projectNew" method="post" action="projectSave.php">
<table>
<tr>
<th>Name:</th>
<td><input type="text" size="80" name="name" /></td>
</tr>
<tr>
<th>Desciption:</th>
<td><textarea name="description" cols="80" rows="10"></textarea></td>
</tr>
<tr>
<th>Keywords:</th>
<td><input type="text" size="80" name="keywords" /></td>
</tr>
<tr>
<th>Status:</th>
<td>
<select name="status">
<?php
require_once 'includes/globals.inc';
if (isset($_GET['name']) && isset($_GET['type'])) {
$name = $_GET['name'];
$type = $_GET['type'];
emitTop('Peanut Butter -> Change User: '******'/pb/');
} else {
emitTop('Peanut Butter -> Change User [ERROR]', $_SERVER['PHP_SELF']);
print '<h3>Required information not specified.</h3>';
emitBottom();
die;
}
if ($userType != SITEADMIN) {
print '<h3>Sorry, only siteadmins may change user privileges.</h3>';
emitBottom();
die;
}
if ($type == 'promote') {
mysqlSetup();
$mname = mysql_escape_string($name);
$sqlquery = "UPDATE `pb_users` SET `category` = '" . ADMIN . "' WHERE `name` = '{$mname}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print '<h3>User promoted.</h3>';
print "<p><a href=\"accountManagement.php\">Back to Account Management</a></p>";
mysql_close();
} elseif ($type == 'demote') {
mysqlSetup();
$mname = mysql_escape_string($name);
$sqlquery = "UPDATE `pb_users` SET `category` = '" . NORMAL . "' WHERE `name` = '{$mname}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
?>
<h2>Registration</h2>
<h3>You have successfully registered and are now logged in.</h3>
<?php
}
}
} elseif (isset($_POST['regName']) || isset($_POST['regPass']) || isset($_POST['regPass2'])) {
?>
<p><em>Missing information.</em></p>
<?php
}
if ($printForm) {
emitTop('Peanut Butter -> Registration', $_SERVER['PHP_SELF']);
?>
<h2>Registration</h2>
<p>You must register to post comments to projects.</p>
<p><em>NOTE: Do <b>not</b> use your Infineon passwords here.</em></p>
<form name="registerForm" method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<h3>Please enter username and password</h3>
<table>
<tr>
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> New Keyword Search', $_SERVER['PHP_SELF']);
if ($userType == VISITOR) {
print '<h3>Sorry, you must be registered to make searches.</h3>';
emitBottom();
die;
}
if (isset($_POST['savesearch'])) {
mysqlSetup();
if (!isset($_POST['keywords']) || !isset($_POST['keyname']) || $_POST['keywords'] == '' || $_POST['keyname'] == '') {
print '<h3>Missing information.</h3>';
} else {
$mKeywords = mysql_escape_string($_POST['keywords']);
$mKeyname = mysql_escape_string($_POST['keyname']);
$mUsername = mysql_escape_string($userName);
mysqlSetup();
$sqlquery = "INSERT INTO `pb_searches` (`name`,`owner`,`terms`,`lastused`) " . "VALUES ('{$mKeyname}','{$mUsername}','{$mKeywords}',NOW())";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print '<h3>Search has been saved.</h3>';
print '<a href="projectOverview.php">Back to Project Overview</a>';
emitBottom();
die;
}
}
?>
<h3>Enter keywords, separated by commas:</h3>
<form name="newkeywords" method="post" action="<?php
echo $_SERVER['PHP_SELF'];
</script>
<?php
emitBottom();
?>
<?php
}
mysql_close();
} elseif (isset($_POST['loginName']) || isset($_POST['loginPass'])) {
?>
<p><em>Missing information.</em></p>
<?php
}
if ($printForm) {
emitTop('Peanut Butter -> Login Form', $refer);
?>
<form name="loginForm" method="post" action="<?php
echo $_SERVER['PHP_SELF'];
?>
?refer=<?php
echo $refer;
?>
">
<h3>Please enter username and password</h3>
<table>
<tr>
<th>Username:</th>
<td><input type="text" name="loginName" size="15" /></td>
</tr>
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Latest Posts', $_SERVER['PHP_SELF']);
if (isset($_GET['start'])) {
escapes('start', $_GET['start']);
} else {
escapes('start', 0);
}
$where = '';
$matchColl = new MatchCollection("AND");
$owner = '+ALL';
$project = '+ALL';
if (isset($_GET['owner']) && $_GET['owner'] != '+ALL') {
escapes('owner', $_GET['owner']);
$matchColl->addMatch(new Match('user', $mowner));
}
if (isset($_GET['project']) && $_GET['project'] != '+ALL') {
escapes('project', $_GET['project']);
$matchColl->addMatch(new Match('name', $mproject));
}
$whereSQL = $matchColl->toSQL();
mysqlSetup();
$sqlquery = "SELECT DISTINCT `user` " . "FROM `pb_blog` ORDER BY `user` ASC";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
?>
<table>
<tr>
<td>
<form name="selectOwner" method="get" action="<?php
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Save Project', '/pb/');
if (!isset($_POST['name']) || !isset($_POST['description']) || !isset($_POST['keywords']) || !isset($_POST['status']) || !isset($_POST['progress']) || !isset($_POST['priority'])) {
errAndDie('Missing data.');
}
$name = $_POST['name'];
if (projectExists($name) && !isset($_POST['modified'])) {
errAndDie('Project already exists.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
errAndDie('Sorry, only admins/siteadmins may save projects.');
}
$mName = mysql_escape_string($name);
$urlname = urlencode($name);
$mOwner = mysql_escape_string($userName);
$mDescription = mysql_escape_string($_POST['description']);
$mKeywords = mysql_escape_string($_POST['keywords']);
$mStatus = mysql_escape_string($_POST['status']);
$mProgress = mysql_escape_string($_POST['progress']);
$mPriority = mysql_escape_string($_POST['priority']);
$mNotes = !isset($_POST['notes']) ? '' : mysql_escape_string($_POST['notes']);
$mDeadline = !isset($_POST['deadline']) ? '' : mysql_escape_string($_POST['deadline']);
if ($mPriority < 1 || $mPriority > 10) {
if ($mPriority > 10) {
$mPriority = 10;
} elseif ($mPriority < 1) {
$mPriority = 1;
}
print "<h3>'priority' has been changed to: {$mPriority}</h3>";